--------[ AIDA64 Extreme Edition ]-------------------------------------------------------------------------------------- Version AIDA64 v2.60.2100 Benchmark Module 2.7.434-x64 Homepage http://www.aida64.com/ Report Type Quick Report Computer USER-PC Generator user Operating System Microsoft Windows 7 Home Premium 6.1.7601 (Win7 RTM) Date 2012-11-30 Time 15:33 --------[ Summary ]----------------------------------------------------------------------------------------------------- Computer: Computer Type ACPI x64-based PC (Mobile) Operating System Microsoft Windows 7 Home Premium OS Service Pack Service Pack 1 Internet Explorer 9.0.8112.16421 (IE 9.0) DirectX DirectX 11.0 Computer Name USER-PC User Name user Logon Domain user-PC Date / Time 2012-11-30 / 15:33 Motherboard: CPU Type Mobile DualCore Intel Core i5-2450M, 2600 MHz (26 x 100) Motherboard Name Acer Aspire 4752 Motherboard Chipset Intel Cougar Point HM65, Intel Sandy Bridge System Memory 3907 MB (DDR3-1333 DDR3 SDRAM) DIMM1: SK Hynix HMT325S6BFR8C-H9 2 GB DDR3-1333 DDR3 SDRAM (9-9-9-24 @ 666 MHz) (8-8-8-22 @ 609 MHz) (7-7-7-20 @ 533 MHz) (6-6-6-17 @ 457 MHz) (5-5-5-14 @ 380 MHz) DIMM3: Kingston 9905469-032.A00LF 2 GB DDR3-1333 DDR3 SDRAM (9-9-9-24 @ 666 MHz) (8-8-8-22 @ 609 MHz) (7-7-7-20 @ 533 MHz) (6-6-6-17 @ 457 MHz) (5-5-5-14 @ 380 MHz) BIOS Type Phoenix (10/21/2011) Display: Video Adapter Intel(R) HD Graphics Family (1869408 KB) Video Adapter Intel(R) HD Graphics Family (1869408 KB) Video Adapter NVIDIA GeForce 610M (1024 MB) Video Adapter NVIDIA GeForce 610M (1024 MB) 3D Accelerator Intel HD Graphics 3000 Monitor AU Optronics B140XW01 V8 [14" LCD] Multimedia: Audio Adapter Intel Cougar Point HDMI @ Intel Cougar Point PCH - High Definition Audio Controller [B-2] Audio Adapter Realtek ALC269 @ Intel Cougar Point PCH - High Definition Audio Controller [B-2] Storage: IDE Controller Intel(R) 6 Series/C200 Series Chipset Family 2 port Serial ATA Storage Controller - 1C09 IDE Controller Intel(R) 6 Series/C200 Series Chipset Family 4 port Serial ATA Storage Controller - 1C01 Storage Controller Broadcom Memory Stick Disk Drive Hitachi HTS545050A7E380 ATA Device (500 GB, 5400 RPM, SATA-II) Optical Drive MATSHITA DVD-RAM UJ8A0AS ATA Device SMART Hard Disks Status OK Partitions: C: (NTFS) 222.8 GB (190.8 GB free) D: (NTFS) 222.8 GB (169.1 GB free) Total Size 445.7 GB (359.9 GB free) Input: Keyboard Standard PS/2 Keyboard Mouse Synaptics PS/2 Port TouchPad Network: Primary IP Address 192.168.1.81 Primary MAC Address 20-6A-8A-64-B2-40 Network Adapter Atheros AR5B97 Wireless Network Adapter Network Adapter Broadcom NetLink (TM) Gigabit Ethernet (192.168.1.81) Peripherals: Printer Fax Printer Microsoft XPS Document Writer USB2 Controller Intel Cougar Point PCH - USB EHCI #1 Controller [B-2] USB2 Controller Intel Cougar Point PCH - USB EHCI #2 Controller [B-2] USB3 Controller NEC uPD720200 USB 3.0 Host Controller USB Device 1.3M HD WebCam USB Device Generic USB Hub USB Device Generic USB Hub USB Device USB Composite Device Battery Microsoft AC Adapter Battery Microsoft ACPI-Compliant Control Method Battery Battery Microsoft Composite Battery DMI: DMI BIOS Vendor Phoenix Technologies Ltd. DMI BIOS Version V2.13 DMI System Manufacturer Acer DMI System Product Aspire 4752 DMI System Version V2.13 DMI System Serial Number LXRX7020021450F9CE6600 DMI System UUID 3A9EAE20-0F0711E1-98BFB25A-2D9379B1 DMI Motherboard Manufacturer Acer DMI Motherboard Product Aspire 4752 DMI Motherboard Version V2.13 DMI Motherboard Serial Number LXRX7020021450F9CE6600 DMI Chassis Manufacturer Acer DMI Chassis Version V2.13 DMI Chassis Serial Number LXRX7020021450F9CE6600 DMI Chassis Asset Tag No Asset Tag DMI Chassis Type LapTop --------[ Computer Name ]----------------------------------------------------------------------------------------------- Computer Comment Logical NetBIOS Name Logical USER-PC DNS Host Name Logical user-PC DNS Domain Name Logical Fully Qualified DNS Name Logical user-PC NetBIOS Name Physical USER-PC DNS Host Name Physical user-PC DNS Domain Name Physical Fully Qualified DNS Name Physical user-PC --------[ DMI ]--------------------------------------------------------------------------------------------------------- [ BIOS ] BIOS Properties: Vendor Phoenix Technologies Ltd. Version V2.13 Release Date 10/21/2011 Size 2560 KB Boot Devices Floppy Disk, Hard Disk, CD-ROM Capabilities Flash BIOS, Shadow BIOS, Selectable Boot, EDD, BBS Supported Standards DMI, ACPI Expansion Capabilities PCI, USB BIOS Manufacturer: Company Name Phoenix Technologies Ltd. Product Information http://www.phoenix.com/pages/products BIOS Upgrades http://www.aida64.com/bios-updates [ System ] System Properties: Manufacturer Acer Product Aspire 4752 Version V2.13 Serial Number LXRX7020021450F9CE6600 SKU# System SKUNumber Family HuronRiver System Universal Unique ID 3A9EAE20-0F0711E1-98BFB25A-2D9379B1 Wake-Up Type Power Switch [ Motherboard ] Motherboard Properties: Manufacturer Acer Product Aspire 4752 Version V2.13 Serial Number LXRX7020021450F9CE6600 Motherboard Manufacturer: Company Name Acer Inc. Product Information http://us.acer.com/ac/en/US/content/group/desktops BIOS Download http://us.acer.com/ac/en/US/content/drivers Driver Update http://www.aida64.com/driver-updates BIOS Upgrades http://www.aida64.com/bios-updates [ Chassis ] Chassis Properties: Manufacturer Acer Version V2.13 Serial Number LXRX7020021450F9CE6600 Asset Tag No Asset Tag Chassis Type LapTop Boot-Up State Safe Power Supply State Safe [ Processors / Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz ] Processor Properties: Manufacturer Intel(R) Corporation Version Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz Serial Number Not Supported by CPU Asset Tag TBD By OEM Part Number TBD By OEM External Clock 100 MHz Maximum Clock 2500 MHz Current Clock 2500 MHz Type Central Processor Voltage 1.2 V Status Enabled Upgrade ZIF Socket Designation CPU HTT / CMP Units 2 / 2 CPU Manufacturer: Company Name Intel Corporation Product Information http://ark.intel.com/search.aspx?q=Intel Core i5-2450M Driver Update http://www.aida64.com/driver-updates [ Caches / L1-Cache ] Cache Properties: Type Internal Status Enabled Operational Mode Write-Through Associativity 8-way Set-Associative Maximum Size 64 KB Installed Size 64 KB Supported SRAM Type Synchronous Current SRAM Type Synchronous Error Correction Single-bit ECC Socket Designation L1-Cache [ Caches / L2-Cache ] Cache Properties: Type Internal Status Enabled Operational Mode Write-Through Associativity 8-way Set-Associative Maximum Size 256 KB Installed Size 256 KB Supported SRAM Type Synchronous Current SRAM Type Synchronous Error Correction Single-bit ECC Socket Designation L2-Cache [ Caches / L3-Cache ] Cache Properties: Type Internal Status Enabled Operational Mode Write-Back Associativity 12-way Set-Associative Maximum Size 3072 KB Installed Size 3072 KB Supported SRAM Type Synchronous Current SRAM Type Synchronous Error Correction Single-bit ECC Socket Designation L3-Cache [ Memory Devices / ChannelA-DIMM0 ] Memory Device Properties: Form Factor SODIMM Type DDR3 Type Detail Synchronous Size 2048 MB Speed 1333 MHz Total Width 64-bit Data Width 64-bit Device Locator ChannelA-DIMM0 Bank Locator BANK 0 Manufacturer Hynix/Hyundai Serial Number 13C115C6 Asset Tag 9876543210 Part Number HMT325S6BFR8C-H9 [ Memory Devices / ChannelA-DIMM1 ] Memory Device Properties: Form Factor DIMM Device Locator ChannelA-DIMM1 Bank Locator BANK 1 Asset Tag 9876543210 [ Memory Devices / ChannelB-DIMM0 ] Memory Device Properties: Form Factor SODIMM Type DDR3 Type Detail Synchronous Size 2048 MB Speed 1333 MHz Total Width 64-bit Data Width 64-bit Device Locator ChannelB-DIMM0 Bank Locator BANK 2 Manufacturer Kingston Serial Number 8236DCBD Asset Tag 9876543210 Part Number 9905469-032.A00LF [ Memory Devices / ChannelB-DIMM1 ] Memory Device Properties: Form Factor DIMM Device Locator ChannelB-DIMM1 Bank Locator BANK 3 Asset Tag 9876543210 [ System Slots / PEG Gen1/Gen2 X16 ] System Slot Properties: Slot Designation PEG Gen1/Gen2 X16 Type PCI-E x16 Usage In Use Data Bus Width x16 Length Long [ System Slots / PCI-Express 1 X1 ] System Slot Properties: Slot Designation PCI-Express 1 X1 Type PCI-E Usage Empty Data Bus Width x1 Length Short [ System Slots / PCI-Express 2 X1 ] System Slot Properties: Slot Designation PCI-Express 2 X1 Type PCI-E Usage In Use Data Bus Width x1 Length Short [ System Slots / PCI-Express 3 X1 ] System Slot Properties: Slot Designation PCI-Express 3 X1 Type PCI-E Usage Empty Data Bus Width x1 Length Short [ System Slots / PCI-Express 4 X1 ] System Slot Properties: Slot Designation PCI-Express 4 X1 Type PCI-E Usage In Use Data Bus Width x1 Length Short [ System Slots / PCI-Express 5 X1 ] System Slot Properties: Slot Designation PCI-Express 5 X1 Type PCI-E Usage In Use Data Bus Width x1 Length Short [ On-Board Devices / Intel(R) Extreme Graphics 3 Controller ] On-Board Device Properties: Description Intel(R) Extreme Graphics 3 Controller Type Video Status Enabled [ On-Board Devices / Intel(R) Azalia Audio Device ] On-Board Device Properties: Description Intel(R) Azalia Audio Device Type Sound Status Enabled [ Power Supplies / TBD by ODM ] Power Supply Properties: Device Name TBD by ODM Manufacturer TBD by ODM Serial Number TBD by ODM Asset Tag TBD by ODM Part Number TBD by ODM Type Battery Status OK Hot Replaceable Yes [ Miscellaneous ] Miscellaneous: OEM String This is the Intel HuronRiver CRB Platform --------[ Overclock ]--------------------------------------------------------------------------------------------------- CPU Properties: CPU Type Mobile DualCore Intel Core i5-2450M CPU Alias Sandy Bridge-MB CPU Stepping D2 Engineering Sample No CPUID CPU Name Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz CPUID Revision 000206A7h CPU VID 0.7605 V CPU Speed: CPU Clock 798.2 MHz (original: 2500 MHz) CPU Multiplier 8x CPU FSB 99.8 MHz (original: 100 MHz) Memory Bus 665.2 MHz DRAM:FSB Ratio 20:3 CPU Cache: L1 Code Cache 32 KB per core L1 Data Cache 32 KB per core L2 Cache 256 KB per core (On-Die, ECC, Full-Speed) L3 Cache 3 MB (On-Die, ECC, Full-Speed) Motherboard Properties: Motherboard ID Motherboard Name Acer Aspire 4752 Chipset Properties: Motherboard Chipset Intel Cougar Point HM65, Intel Sandy Bridge Memory Timings 9-9-9-24 (CL-RCD-RP-RAS) Command Rate (CR) 1T DIMM1: SK Hynix HMT325S6BFR8C-H9 2 GB DDR3-1333 DDR3 SDRAM (9-9-9-24 @ 666 MHz) (8-8-8-22 @ 609 MHz) (7-7-7-20 @ 533 MHz) (6-6-6-17 @ 457 MHz) (5-5-5-14 @ 380 MHz) DIMM3: Kingston 9905469-032.A00LF 2 GB DDR3-1333 DDR3 SDRAM (9-9-9-24 @ 666 MHz) (8-8-8-22 @ 609 MHz) (7-7-7-20 @ 533 MHz) (6-6-6-17 @ 457 MHz) (5-5-5-14 @ 380 MHz) BIOS Properties: System BIOS Date 10/21/2011 Video BIOS Date 03/07/11 DMI BIOS Version V2.13 Graphics Processor Properties: Video Adapter Intel Sandy Bridge-MB - Integrated Graphics Controller (MB GT2 1.3GHz+) GPU Code Name Sandy Bridge-MB GT2 (Integrated 8086 / 0126, Rev 09) GPU Clock 650 MHz --------[ Power Management ]-------------------------------------------------------------------------------------------- Power Management Properties: Current Power Source AC Line Battery Status 100 % (High Level) Full Battery Lifetime Unknown Remaining Battery Lifetime Unknown Battery Properties: Device Name AS10D51 Manufacturer Panasonic Serial Number 3872 Unique ID 3872PanasonicAS10D51 Battery Type Rechargeable Li-Ion Designed Capacity 47520 mWh Fully Charged Capacity 33912 mWh Current Capacity 33912 mWh (100 %) Battery Voltage 12.386 V Wear Level 28 % Power State AC Line --------[ Portable Computer ]------------------------------------------------------------------------------------------- Centrino (Carmel) Platform Compliancy: CPU: Intel Pentium M (Banias/Dothan) No (Mobile Intel Core i5-2450M) Chipset: Intel i855GM/PM No (Intel Cougar Point HM65, Intel Sandy Bridge) WLAN: Intel PRO/Wireless No System: Centrino Compliant No Centrino (Sonoma) Platform Compliancy: CPU: Intel Pentium M (Dothan) No (Mobile Intel Core i5-2450M) Chipset: Intel i915GM/PM No (Intel Cougar Point HM65, Intel Sandy Bridge) WLAN: Intel PRO/Wireless 2200/2915 No System: Centrino Compliant No Centrino (Napa) Platform Compliancy: CPU: Intel Core (Yonah) / Core 2 (Merom) No (Mobile Intel Core i5-2450M) Chipset: Intel i945GM/PM No (Intel Cougar Point HM65, Intel Sandy Bridge) WLAN: Intel PRO/Wireless 3945/3965 No System: Centrino Compliant No Centrino (Santa Rosa) Platform Compliancy: CPU: Intel Core 2 (Merom/Penryn) No (Mobile Intel Core i5-2450M) Chipset: Intel GM965/PM965 No (Intel Cougar Point HM65, Intel Sandy Bridge) WLAN: Intel Wireless WiFi Link 4965 No System: Centrino Compliant No Centrino 2 (Montevina) Platform Compliancy: CPU: Intel Core 2 (Penryn) No (Mobile Intel Core i5-2450M) Chipset: Mobile Intel 4 Series No (Intel Cougar Point HM65, Intel Sandy Bridge) WLAN: Intel WiFi Link 5000 Series No System: Centrino 2 Compliant No Centrino (Calpella) Platform Compliancy: CPU: Intel Core i3/i5/i7 (Arrandale/Clarksfield) No (Mobile Intel Core i5-2450M) Chipset: Mobile Intel 5 Series No (Intel Cougar Point HM65, Intel Sandy Bridge) WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-NNo System: Centrino Compliant No Centrino (Huron River) Platform Compliancy: CPU: Intel Core i3/i5/i7 (Sandy Bridge-MB) Yes (Mobile Intel Core i5-2450M) Chipset: Mobile Intel 6 Series Yes (Intel Cougar Point HM65, Intel Sandy Bridge) WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-NNo System: Centrino Compliant No Centrino (Chief River) Platform Compliancy: CPU: Intel Core i3/i5/i7 (Ivy Bridge-MB) No (Mobile Intel Core i5-2450M) Chipset: Mobile Intel 7 Series No (Intel Cougar Point HM65, Intel Sandy Bridge) WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-NNo System: Centrino Compliant No --------[ Sensor ]------------------------------------------------------------------------------------------------------ Sensor Properties: Sensor Type CPU, HDD, ACPI, PCH, SNB GPU Sensor Type Driver (NV-DRV) Temperatures: CPU 51 °C (124 °F) CPU Package 53 °C (127 °F) CPU IA Cores 53 °C (127 °F) CPU GT Cores 53 °C (127 °F) CPU #1 / Core #1 52 °C (126 °F) CPU #1 / Core #2 49 °C (120 °F) PCH Diode 53 °C (127 °F) GPU 39 °C (102 °F) Hitachi HTS545050A7E380 36 °C (97 °F) Voltage Values: CPU Core 1.171 V Battery 12.386 V GPU Core 0.830 V Power Values: CPU Package 5.72 W CPU IA Cores 2.79 W CPU GT Cores 0.13 W Battery Charge Rate AC Line --------[ CPU ]--------------------------------------------------------------------------------------------------------- CPU Properties: CPU Type Mobile DualCore Intel Core i5-2450M, 2600 MHz (26 x 100) CPU Alias Sandy Bridge-MB CPU Stepping D2 Instruction Set x86, x86-64, MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, AES, AVX Original Clock 2500 MHz Min / Max CPU Multiplier 8x / 25x Engineering Sample No L1 Code Cache 32 KB per core L1 Data Cache 32 KB per core L2 Cache 256 KB per core (On-Die, ECC, Full-Speed) L3 Cache 3 MB (On-Die, ECC, Full-Speed) CPU Physical Info: Package Type 988 Pin rPGA Package Size 37.5 mm x 37.5 mm Transistors 624 million Process Technology 32 nm, CMOS, Cu, High-K + Metal Gate Die Size 149 mm2 CPU Manufacturer: Company Name Intel Corporation Product Information http://ark.intel.com/search.aspx?q=Intel Core i5-2450M Driver Update http://www.aida64.com/driver-updates Multi CPU: CPU #1 Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz, 2494 MHz CPU #2 Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz, 2494 MHz CPU #3 Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz, 2494 MHz CPU #4 Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz, 2494 MHz CPU Utilization: CPU #1 / Core #1 / HTT Unit #1 0 % CPU #1 / Core #1 / HTT Unit #2 0 % CPU #1 / Core #2 / HTT Unit #1 0 % CPU #1 / Core #2 / HTT Unit #2 0 % --------[ CPUID ]------------------------------------------------------------------------------------------------------- CPUID Properties: CPUID Manufacturer GenuineIntel CPUID CPU Name Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz CPUID Revision 000206A7h IA Brand ID 00h (Unknown) Platform ID 28h / MC 10h (rPGA988B) Microcode Update Revision 23 HTT / CMP Units 2 / 2 Tjmax Temperature 100 °C (212 °F) Max Turbo Boost Multipliers 1C: 31x, 2C: 29x, 3C: 29x, 4C: 29x Instruction Set: 64-bit x86 Extension (AMD64, Intel64) Supported AMD 3DNow! Not Supported AMD 3DNow! Professional Not Supported AMD 3DNowPrefetch Not Supported AMD Enhanced 3DNow! Not Supported AMD Extended MMX Not Supported AMD FMA4 Not Supported AMD MisAligned SSE Not Supported AMD SSE4A Not Supported AMD XOP Not Supported Cyrix Extended MMX Not Supported Enhanced REP MOVSB/STOSB Not Supported Float-16 Conversion Instructions Not Supported IA-64 Not Supported IA BMI1 Not Supported IA BMI2 Not Supported IA MMX Supported IA SSE Supported IA SSE2 Supported IA SSE3 Supported IA Supplemental SSE3 Supported IA SSE4.1 Supported IA SSE4.2 Supported IA AVX Supported, Enabled IA AVX2 Not Supported IA FMA Not Supported IA AES Extensions Supported VIA Alternate Instruction Set Not Supported CLFLUSH Instruction Supported CMPXCHG8B Instruction Supported CMPXCHG16B Instruction Supported Conditional Move Instruction Supported INVPCID Instruction Not Supported LZCNT Instruction Not Supported MONITOR / MWAIT Instruction Supported MOVBE Instruction Not Supported PCLMULQDQ Instruction Supported POPCNT Instruction Supported RDFSBASE / RDGSBASE / WRFSBASE / WRGSBASE InstructionNot Supported RDRAND Instruction Not Supported RDTSCP Instruction Supported SKINIT / STGI Instruction Not Supported SYSCALL / SYSRET Instruction Not Supported SYSENTER / SYSEXIT Instruction Supported Trailing Bit Manipulation Instructions Not Supported VIA FEMMS Instruction Not Supported Security Features: Advanced Cryptography Engine (ACE) Not Supported Advanced Cryptography Engine 2 (ACE2) Not Supported Data Execution Prevention (DEP, NX, EDB) Supported Hardware Random Number Generator (RNG) Not Supported Hardware Random Number Generator 2 (RNG2) Not Supported PadLock Hash Engine (PHE) Not Supported PadLock Hash Engine 2 (PHE2) Not Supported PadLock Montgomery Multiplier (PMM) Not Supported PadLock Montgomery Multiplier 2 (PMM2) Not Supported Processor Serial Number (PSN) Not Supported Power Management Features: Application Power Management (APM) Not Supported Automatic Clock Control Supported Core C6 State (CC6) Not Supported Digital Thermometer Supported Dynamic FSB Frequency Switching Not Supported Enhanced Halt State (C1E) Supported, Enabled Enhanced SpeedStep Technology (EIST, ESS) Supported, Enabled Frequency ID Control Not Supported Hardware P-State Control Not Supported LongRun Not Supported LongRun Table Interface Not Supported Overstress Not Supported Package C6 State (PC6) Not Supported Parallax Not Supported PowerSaver 1.0 Not Supported PowerSaver 2.0 Not Supported PowerSaver 3.0 Not Supported Processor Duty Cycle Control Supported Software Thermal Control Not Supported Temperature Sensing Diode Not Supported Thermal Monitor 1 Supported Thermal Monitor 2 Supported Thermal Monitor 3 Not Supported Thermal Monitoring Not Supported Thermal Trip Not Supported Voltage ID Control Not Supported CPUID Features: 1 GB Page Size Not Supported 36-bit Page Size Extension Supported Address Region Registers (ARR) Not Supported Core Performance Boost (CPB) Not Supported CPL Qualified Debug Store Supported Debug Trace Store Supported Debugging Extension Supported Direct Cache Access Not Supported Dynamic Acceleration Technology (IDA) Not Supported Fast Save & Restore Supported Hardware Lock Elision Not Supported Hyper-Threading Technology (HTT) Supported, Enabled Hypervisor Not Present Instruction Based Sampling Not Supported Invariant Time Stamp Counter Supported L1 Context ID Not Supported Lightweight Profiling Not Supported Local APIC On Chip Supported Machine Check Architecture (MCA) Supported Machine Check Exception (MCE) Supported Memory Configuration Registers (MCR) Not Supported Memory Type Range Registers (MTRR) Supported Model Specific Registers (MSR) Supported Nested Paging Not Supported Page Attribute Table (PAT) Supported Page Global Extension Supported Page Size Extension (PSE) Supported Pending Break Event Supported Physical Address Extension (PAE) Supported Restricted Transactional Memory Not Supported Safer Mode Extensions (SMX) Not Supported Secure Virtual Machine Extensions (Pacifica) Not Supported Self-Snoop Supported Supervisor Mode Execution Protection (SMEP) Not Supported Time Stamp Counter (TSC) Supported Turbo Boost Supported, Disabled Virtual Machine Extensions (Vanderpool) Supported Virtual Mode Extension Supported Watchdog Timer Not Supported x2APIC Supported XGETBV / XSETBV OS Enabled Supported XSAVE / XRSTOR / XSETBV / XGETBV Extended States Supported CPUID Registers (CPU #1): CPUID 00000000 0000000D-756E6547-6C65746E-49656E69 CPUID 00000001 000206A7-00100800-1FBAE3BF-BFEBFBFF CPUID 00000002 76035A01-00F0B2FF-00000000-00CA0000 CPUID 00000003 00000000-00000000-00000000-00000000 CPUID 00000004 1C004121-01C0003F-0000003F-00000000 CPUID 00000004 1C004122-01C0003F-0000003F-00000000 CPUID 00000004 1C004143-01C0003F-000001FF-00000000 CPUID 00000004 1C03C163-02C0003F-00000FFF-00000006 CPUID 00000005 00000040-00000040-00000003-00021120 CPUID 00000006 00000077-00000002-00000009-00000000 CPUID 00000007 00000000-00000000-00000000-00000000 CPUID 00000008 00000000-00000000-00000000-00000000 CPUID 00000009 00000000-00000000-00000000-00000000 CPUID 0000000A 07300403-00000000-00000000-00000603 CPUID 0000000B 00000001-00000002-00000100-00000000 CPUID 0000000B 00000004-00000004-00000201-00000000 CPUID 0000000C 00000000-00000000-00000000-00000000 CPUID 0000000D 00000007-00000340-00000340-00000000 CPUID 0000000D 00000100-00000240-00000000-00000000 CPUID 80000000 80000008-00000000-00000000-00000000 CPUID 80000001 00000000-00000000-00000001-28100000 CPUID 80000002 20202020-49202020-6C65746E-20295228 CPUID 80000003 65726F43-294D5428-2D356920-30353432 CPUID 80000004 5043204D-20402055-30352E32-007A4847 CPUID 80000005 00000000-00000000-00000000-00000000 CPUID 80000006 00000000-00000000-01006040-00000000 CPUID 80000007 00000000-00000000-00000000-00000100 CPUID 80000008 00003024-00000000-00000000-00000000 CPUID Registers (CPU #2 Virtual): CPUID 00000000 0000000D-756E6547-6C65746E-49656E69 CPUID 00000001 000206A7-01100800-1FBAE3BF-BFEBFBFF CPUID 00000002 76035A01-00F0B2FF-00000000-00CA0000 CPUID 00000003 00000000-00000000-00000000-00000000 CPUID 00000004 1C004121-01C0003F-0000003F-00000000 CPUID 00000004 1C004122-01C0003F-0000003F-00000000 CPUID 00000004 1C004143-01C0003F-000001FF-00000000 CPUID 00000004 1C03C163-02C0003F-00000FFF-00000006 CPUID 00000005 00000040-00000040-00000003-00021120 CPUID 00000006 00000077-00000002-00000009-00000000 CPUID 00000007 00000000-00000000-00000000-00000000 CPUID 00000008 00000000-00000000-00000000-00000000 CPUID 00000009 00000000-00000000-00000000-00000000 CPUID 0000000A 07300403-00000000-00000000-00000603 CPUID 0000000B 00000001-00000002-00000100-00000001 CPUID 0000000B 00000004-00000004-00000201-00000001 CPUID 0000000C 00000000-00000000-00000000-00000000 CPUID 0000000D 00000007-00000340-00000340-00000000 CPUID 0000000D 00000100-00000240-00000000-00000000 CPUID 80000000 80000008-00000000-00000000-00000000 CPUID 80000001 00000000-00000000-00000001-28100000 CPUID 80000002 20202020-49202020-6C65746E-20295228 CPUID 80000003 65726F43-294D5428-2D356920-30353432 CPUID 80000004 5043204D-20402055-30352E32-007A4847 CPUID 80000005 00000000-00000000-00000000-00000000 CPUID 80000006 00000000-00000000-01006040-00000000 CPUID 80000007 00000000-00000000-00000000-00000100 CPUID 80000008 00003024-00000000-00000000-00000000 CPUID Registers (CPU #3): CPUID 00000000 0000000D-756E6547-6C65746E-49656E69 CPUID 00000001 000206A7-02100800-1FBAE3BF-BFEBFBFF CPUID 00000002 76035A01-00F0B2FF-00000000-00CA0000 CPUID 00000003 00000000-00000000-00000000-00000000 CPUID 00000004 1C004121-01C0003F-0000003F-00000000 CPUID 00000004 1C004122-01C0003F-0000003F-00000000 CPUID 00000004 1C004143-01C0003F-000001FF-00000000 CPUID 00000004 1C03C163-02C0003F-00000FFF-00000006 CPUID 00000005 00000040-00000040-00000003-00021120 CPUID 00000006 00000077-00000002-00000009-00000000 CPUID 00000007 00000000-00000000-00000000-00000000 CPUID 00000008 00000000-00000000-00000000-00000000 CPUID 00000009 00000000-00000000-00000000-00000000 CPUID 0000000A 07300403-00000000-00000000-00000603 CPUID 0000000B 00000001-00000002-00000100-00000002 CPUID 0000000B 00000004-00000004-00000201-00000002 CPUID 0000000C 00000000-00000000-00000000-00000000 CPUID 0000000D 00000007-00000340-00000340-00000000 CPUID 0000000D 00000100-00000240-00000000-00000000 CPUID 80000000 80000008-00000000-00000000-00000000 CPUID 80000001 00000000-00000000-00000001-28100000 CPUID 80000002 20202020-49202020-6C65746E-20295228 CPUID 80000003 65726F43-294D5428-2D356920-30353432 CPUID 80000004 5043204D-20402055-30352E32-007A4847 CPUID 80000005 00000000-00000000-00000000-00000000 CPUID 80000006 00000000-00000000-01006040-00000000 CPUID 80000007 00000000-00000000-00000000-00000100 CPUID 80000008 00003024-00000000-00000000-00000000 CPUID Registers (CPU #4 Virtual): CPUID 00000000 0000000D-756E6547-6C65746E-49656E69 CPUID 00000001 000206A7-03100800-1FBAE3BF-BFEBFBFF CPUID 00000002 76035A01-00F0B2FF-00000000-00CA0000 CPUID 00000003 00000000-00000000-00000000-00000000 CPUID 00000004 1C004121-01C0003F-0000003F-00000000 CPUID 00000004 1C004122-01C0003F-0000003F-00000000 CPUID 00000004 1C004143-01C0003F-000001FF-00000000 CPUID 00000004 1C03C163-02C0003F-00000FFF-00000006 CPUID 00000005 00000040-00000040-00000003-00021120 CPUID 00000006 00000077-00000002-00000009-00000000 CPUID 00000007 00000000-00000000-00000000-00000000 CPUID 00000008 00000000-00000000-00000000-00000000 CPUID 00000009 00000000-00000000-00000000-00000000 CPUID 0000000A 07300403-00000000-00000000-00000603 CPUID 0000000B 00000001-00000002-00000100-00000003 CPUID 0000000B 00000004-00000004-00000201-00000003 CPUID 0000000C 00000000-00000000-00000000-00000000 CPUID 0000000D 00000007-00000340-00000340-00000000 CPUID 0000000D 00000100-00000240-00000000-00000000 CPUID 80000000 80000008-00000000-00000000-00000000 CPUID 80000001 00000000-00000000-00000001-28100000 CPUID 80000002 20202020-49202020-6C65746E-20295228 CPUID 80000003 65726F43-294D5428-2D356920-30353432 CPUID 80000004 5043204D-20402055-30352E32-007A4847 CPUID 80000005 00000000-00000000-00000000-00000000 CPUID 80000006 00000000-00000000-01006040-00000000 CPUID 80000007 00000000-00000000-00000000-00000100 CPUID 80000008 00003024-00000000-00000000-00000000 MSR Registers: MSR 00000017 0010-0000-0000-0000 [PlatID = 4] MSR 0000001B 0000-0000-FEE0-0900 MSR 00000035 0000-0000-0002-0004 MSR 0000008B 0000-0023-0000-0000 MSR 000000CE 0000-0800-6001-1900 MSR 000000E7 0000-0000-0270-CB9C MSR 000000E8 0000-0000-00C8-04FD MSR 00000194 0000-0000-0001-0000 MSR 00000198 0000-1856-0000-0800 MSR 00000199 0000-0000-0000-0800 MSR 0000019A 0000-0000-0000-0000 MSR 0000019B 0000-0000-0000-0010 MSR 0000019C 0000-0000-8837-0000 MSR 0000019D 0000-0000-0000-0000 MSR 000001A0 0000-0040-0085-0088 MSR 000001A2 0000-0000-0064-0E00 MSR 000001A4 0000-0000-0000-0000 MSR 000001AA 0000-0000-0040-0000 MSR 000001AD 0000-0000-1D1D-1D1F MSR 000001B0 0000-0000-0000-0005 MSR 000001B1 0000-0000-8830-0000 MSR 000001B2 0000-0000-0000-0000 MSR 000001FC 0000-0000-0004-005F MSR 00000606 0000-0000-000A-1003 MSR 0000060A 0000-0000-0000-8850 MSR 0000060B 0000-0000-0000-8868 MSR 0000060C 0000-0000-0000-886D MSR 0000060D 0000-0008-60F1-70AD MSR 00000610 8000-815E-00DC-8118 MSR 00000611 0000-0000-0CA9-B360 MSR 00000614 0010-01C0-00C0-0118 MSR 00000638 0000-0000-0000-0000 MSR 00000639 0000-0000-040A-031F MSR 0000063A 0000-0000-0000-0000 MSR 00000640 0000-0000-0000-0000 MSR 00000641 0000-0000-005A-9DD4 MSR 00000642 0000-0000-0000-0018 --------[ Motherboard ]------------------------------------------------------------------------------------------------- Motherboard Properties: Motherboard ID Motherboard Name Acer Aspire 4752 Front Side Bus Properties: Bus Type BCLK Real Clock 100 MHz Effective Clock 100 MHz Memory Bus Properties: Bus Type Dual DDR3 SDRAM Bus Width 128-bit DRAM:FSB Ratio 20:3 Real Clock 667 MHz (DDR) Effective Clock 1333 MHz Bandwidth 21333 MB/s Chipset Bus Properties: Bus Type Intel Direct Media Interface v2.0 Motherboard Manufacturer: Company Name Acer Inc. Product Information http://us.acer.com/ac/en/US/content/group/desktops BIOS Download http://us.acer.com/ac/en/US/content/drivers Driver Update http://www.aida64.com/driver-updates BIOS Upgrades http://www.aida64.com/bios-updates --------[ Memory ]------------------------------------------------------------------------------------------------------ Physical Memory: Total 3907 MB Used 1279 MB Free 2628 MB Utilization 33 % Swap Space: Total 7813 MB Used 1479 MB Free 6334 MB Utilization 19 % Virtual Memory: Total 11720 MB Used 2758 MB Free 8962 MB Utilization 24 % Paging File: Paging File C:\pagefile.sys Current Size 3907 MB Current / Peak Usage 0 MB / 0 MB Utilization 0 % Physical Address Extension (PAE): Supported by Operating System Yes Supported by CPU Yes Active Yes --------[ SPD ]--------------------------------------------------------------------------------------------------------- [ DIMM1: SK Hynix HMT325S6BFR8C-H9 ] Memory Module Properties: Module Name SK Hynix HMT325S6BFR8C-H9 Serial Number 13C115C6h (3323314451) Manufacture Date Week 34 / 2011 Module Size 2 GB (1 rank, 8 banks) Module Type SO-DIMM Memory Type DDR3 SDRAM Memory Speed DDR3-1333 (667 MHz) Module Width 64 bit Module Voltage 1.5 V Error Detection Method None DRAM Manufacturer SK Hynix Memory Timings: @ 666 MHz 9-9-9-24 (CL-RCD-RP-RAS) / 33-107-4-10-5-5-20 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 609 MHz 8-8-8-22 (CL-RCD-RP-RAS) / 30-98-4-10-5-5-19 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 533 MHz 7-7-7-20 (CL-RCD-RP-RAS) / 27-86-4-8-4-4-16 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 457 MHz 6-6-6-17 (CL-RCD-RP-RAS) / 23-74-3-7-4-4-14 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 380 MHz 5-5-5-14 (CL-RCD-RP-RAS) / 19-61-3-6-3-3-12 (RC-RFC-RRD-WR-WTR-RTP-FAW) Memory Module Features: Auto Self Refresh Supported Extended Temperature Range Supported Extended Temperature Refresh Rate Not Supported On-Die Thermal Sensor Readout Not Supported [ DIMM3: Kingston 9905469-032.A00LF ] Memory Module Properties: Module Name Kingston 9905469-032.A00LF Serial Number 8236DCBDh (3185325698) Manufacture Date Week 43 / 2011 Module Size 2 GB (1 rank, 8 banks) Module Type SO-DIMM Memory Type DDR3 SDRAM Memory Speed DDR3-1333 (667 MHz) Module Width 64 bit Module Voltage 1.5 V Error Detection Method None Memory Timings: @ 666 MHz 9-9-9-24 (CL-RCD-RP-RAS) / 33-107-4-10-5-5-20 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 609 MHz 8-8-8-22 (CL-RCD-RP-RAS) / 30-98-4-10-5-5-19 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 533 MHz 7-7-7-20 (CL-RCD-RP-RAS) / 27-86-4-8-4-4-16 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 457 MHz 6-6-6-17 (CL-RCD-RP-RAS) / 23-74-3-7-4-4-14 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 380 MHz 5-5-5-14 (CL-RCD-RP-RAS) / 19-61-3-6-3-3-12 (RC-RFC-RRD-WR-WTR-RTP-FAW) Memory Module Features: Auto Self Refresh Not Supported Extended Temperature Range Supported Extended Temperature Refresh Rate Not Supported On-Die Thermal Sensor Readout Not Supported Memory Module Manufacturer: Company Name Kingston Technology Corporation Product Information http://www.kingston.com/products/default.asp --------[ Chipset ]----------------------------------------------------------------------------------------------------- [ North Bridge: Intel Sandy Bridge-MB IMC ] North Bridge Properties: North Bridge Intel Sandy Bridge-MB IMC Intel Platform Huron River Supported Memory Types DDR3-1066, DDR3-1333 SDRAM Maximum Memory Amount 16 GB Revision 09 Process Technology 32 nm Memory Controller: Type Dual Channel (128-bit) Active Mode Dual Channel (128-bit) Memory Timings: CAS Latency (CL) 9T RAS To CAS Delay (tRCD) 9T RAS Precharge (tRP) 9T RAS Active Time (tRAS) 24T Row Refresh Cycle Time (tRFC) 107T Command Rate (CR) 1T RAS To RAS Delay (tRRD) 4T Write Recovery Time (tWR) 10T Write To Read Delay (tWTR) 5T Read To Precharge Delay (tRTP) 5T Four Activate Window Delay (tFAW) 20T Write CAS Latency (tWCL) 7T Error Correction: ECC Not Supported ChipKill ECC Not Supported RAID Not Supported ECC Scrubbing Not Supported Memory Slots: DRAM Slot #1 2 GB (DDR3-1333 DDR3 SDRAM) DRAM Slot #2 2 GB (DDR3-1333 DDR3 SDRAM) Integrated Graphics Controller: Graphics Controller Type Intel HD Graphics 3000 Graphics Controller Status Enabled Chipset Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ South Bridge: Intel Cougar Point HM65 ] South Bridge Properties: South Bridge Intel Cougar Point HM65 Intel Platform Huron River Revision / Stepping 05 / B3 Package Type 989 Pin FCBGA Package Size 25 mm x 25 mm Process Technology 65 nm Core Voltage 1.05 V TDP 3.9 W High Definition Audio: Codec Name Realtek ALC269 Codec ID 10EC0269h / 10250506h Codec Revision 1001h Codec Type Audio High Definition Audio: Codec Name Intel Cougar Point HDMI Codec ID 80862805h / 80860101h Codec Revision 1000h Codec Type Audio PCI Express Controller: PCI-E 2.0 x1 port #1 Empty PCI-E 2.0 x1 port #2 In Use @ x1 (Atheros AR9287 Wireless Network Adapter) PCI-E 2.0 x1 port #4 In Use @ x1 (Broadcom NetLink BCM57785 PCI-E Gigabit Ethernet Controller, Broadcom SD Card Reader) PCI-E 2.0 x1 port #5 In Use @ x1 (NEC uPD720200 USB 3.0 Host Controller) Chipset Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates --------[ BIOS ]-------------------------------------------------------------------------------------------------------- BIOS Properties: BIOS Type Phoenix EFI BIOS Version V2.13 System BIOS Date 10/21/2011 Video BIOS Date 03/07/11 BIOS Manufacturer: Company Name Phoenix Technologies Ltd. Product Information http://www.phoenix.com/pages/products BIOS Upgrades http://www.aida64.com/bios-updates --------[ ACPI ]-------------------------------------------------------------------------------------------------------- [ Unknown ] ACPI Table Properties: Table Description Unknown Memory Address C2B6E018h Table Length 0 bytes OEM Revision 00000000h Creator Revision 00000000h [ APIC: Multiple APIC Description Table ] ACPI Table Properties: ACPI Signature APIC Table Description Multiple APIC Description Table Memory Address C6FEA000h Table Length 152 bytes OEM ID ACRSYS OEM Table ID ACRPRDCT OEM Revision 00000001h Creator ID PTL Creator Revision 00000001h Local APIC Address FEE00000h Processor Local APIC: ACPI Processor ID 01h APIC ID 00h Status Enabled Processor Local APIC: ACPI Processor ID 02h APIC ID 01h Status Enabled Processor Local APIC: ACPI Processor ID 03h APIC ID 02h Status Enabled Processor Local APIC: ACPI Processor ID 04h APIC ID 03h Status Enabled Processor Local APIC: ACPI Processor ID 05h APIC ID 00h Status Disabled Processor Local APIC: ACPI Processor ID 06h APIC ID 00h Status Disabled Processor Local APIC: ACPI Processor ID 07h APIC ID 00h Status Disabled Processor Local APIC: ACPI Processor ID 08h APIC ID 00h Status Disabled I/O APIC: I/O APIC ID 02h I/O APIC Address FEC00000h Global System Interrupt Base 00000000h Interrupt Source Override: Bus ISA Source IRQ0 Global System Interrupt 00000002h Polarity Conforms to the specifications of the bus Trigger Mode Conforms to the specifications of the bus Interrupt Source Override: Bus ISA Source IRQ9 Global System Interrupt 00000009h Polarity Active High Trigger Mode Level-Triggered Local APIC NMI: ACPI Processor ID 00h Local ACPI LINT# 01h Polarity Active High Trigger Mode Edge-Triggered Local APIC NMI: ACPI Processor ID 01h Local ACPI LINT# 01h Polarity Active High Trigger Mode Edge-Triggered [ ASF!: Alert Standard Format Table ] ACPI Table Properties: ACPI Signature ASF! Table Description Alert Standard Format Table Memory Address C6FEE000h Table Length 165 bytes OEM ID ACRSYS OEM Table ID ACRPRDCT OEM Revision 00000001h Creator ID PTL Creator Revision 00000001h ASF_INFO: Min Watchdog Reset Value 255 sec Min ASF Sensor Interpoll Wait Time 1275 msec System ID 0001h IANA Manufacturer ID 00-00-01-57h ASF_ALRT: Numer of Alerts 3 Array Element Length 12 ASF_RCTL: Numer of Controls 4 Array Element Length 4 ASF_RMCP: Remote Control Capabilities 00-F8-00-00-00-13-F0h RMCP Boot Options Completion Code 00h (Successful) RMCP IANA Enterprise ID 00-00-00-00h RMCP Special Command 00h RMCP Special Command Parameter 0000h RMCP Boot Options 0000h RMCP OEM Parameters 0000h [ DSDT: Differentiated System Description Table ] ACPI Table Properties: ACPI Signature DSDT Table Description Differentiated System Description Table Memory Address 00000000-C6FEF000h Table Length 49408 bytes OEM ID ACRSYS OEM Table ID SNB-CPT OEM Revision 00000000h Creator ID INTL Creator Revision 20061109h nVIDIA SLI: SLI Certification Not Present PCI 0-0-0-0 (Direct I/O) 8086-0104 (Intel) PCI 0-0-0-0 (HAL) 8086-0104 (Intel) Lucid Virtu: Virtu Certification Not Present [ FACP: Fixed ACPI Description Table ] ACPI Table Properties: ACPI Signature FACP Table Description Fixed ACPI Description Table Memory Address C6FEC000h Table Length 244 bytes OEM ID ACRSYS OEM Table ID ACRPRDCT OEM Revision 00000001h Creator ID PTL Creator Revision 00000001h FACS Address C6F2D000h / 00000000-C6F2D000h DSDT Address C6FEF000h / 00000000-C6FEF000h SMI Command Port 000000B2h PM Timer 00000408h [ FACS: Firmware ACPI Control Structure ] ACPI Table Properties: ACPI Signature FACS Table Description Firmware ACPI Control Structure Memory Address 00000000-C6F2D000h Table Length 64 bytes Hardware Signature 0000A200h Waking Vector 00000000h Global Lock 00000000h [ HPET: IA-PC High Precision Event Timer Table ] ACPI Table Properties: ACPI Signature HPET Table Description IA-PC High Precision Event Timer Table Memory Address C6FEB000h Table Length 56 bytes OEM ID ACRSYS OEM Table ID ACRPRDCT OEM Revision 00000001h Creator ID PTL Creator Revision 00000001h HPET Address 00000000-FED00000h Vendor ID 8086h Revision ID 01h Number of Timers 4 Counter Size 64-bit Minimum Clock Ticks 128 Page Protection No Guarantee OEM Attribute 0h LegacyReplacement IRQ Routing Supported [ MCFG: Memory Mapped Configuration Space Base Address Description Table ] ACPI Table Properties: ACPI Signature MCFG Table Description Memory Mapped Configuration Space Base Address Description Table Memory Address C6FE9000h Table Length 60 bytes OEM ID ACRSYS OEM Table ID ACRPRDCT OEM Revision 00000001h Creator ID PTL Creator Revision 00000001h Config Space Address 00000000-F8000000h PCI Segment 0000h Start Bus Number 00h End Bus Number 3Fh [ POAT: Unknown ] ACPI Table Properties: ACPI Signature POAT Table Description Unknown Memory Address C6FE3000h Table Length 85 bytes OEM ID ACRSYS OEM Table ID ACRPRDCT OEM Revision 00000001h Creator ID PTL Creator Revision 00000001h [ RSD PTR: Root System Description Pointer ] ACPI Table Properties: ACPI Signature RSD PTR Table Description Root System Description Pointer Memory Address 000F00E0h Table Length 36 bytes OEM ID ACRSYS RSDP Revision 2 (ACPI 2.0+) RSDT Address C6FFE0ACh XSDT Address 00000000-C6FFE120h [ RSDT: Root System Description Table ] ACPI Table Properties: ACPI Signature RSDT Table Description Root System Description Table Memory Address C6FFE0ACh Table Length 92 bytes OEM ID ACRSYS OEM Table ID ACRPRDCT OEM Revision 00000001h Creator ID ANNI Creator Revision 00000001h RSDT Entry #0 C6FEC000h (FACP) RSDT Entry #1 C6FFD000h (SLIC) RSDT Entry #2 C6FFC000h (SSDT) RSDT Entry #3 C6FEE000h (ASF!) RSDT Entry #4 C6FEB000h (HPET) RSDT Entry #5 C6FEA000h (APIC) RSDT Entry #6 C6FE9000h (MCFG) RSDT Entry #7 C6FE7000h (SSDT) RSDT Entry #8 C6FE6000h (SSDT) RSDT Entry #9 C6FE5000h (SSDT) RSDT Entry #10 C6FE4000h (UEFI) RSDT Entry #11 C6FE3000h (POAT) RSDT Entry #12 C6FE2000h (UEFI) RSDT Entry #13 C6FE1000h (UEFI) [ SLIC: Software Licensing Description Table ] ACPI Table Properties: ACPI Signature SLIC Table Description Software Licensing Description Table Memory Address C6FFD000h Table Length 374 bytes OEM ID ACRSYS OEM Table ID ACRPRDCT OEM Revision 00000001h Creator ID ANNI Creator Revision 00000001h SLIC Version v2.1 OEM Public Key: Key Type 06h Version 02h Algorithm 00002400h Magic RSA1 Bit Length 1024 Exponent 65537 SLIC Marker: Version 00020001h OEM ID ACRSYS OEM Table ID ACRPRDCT Windows Flag WINDOWS [ SSDT: Secondary System Description Table ] ACPI Table Properties: ACPI Signature SSDT Table Description Secondary System Description Table Memory Address C6E8DD98h Table Length 281 bytes OEM ID PmRef OEM Table ID ApCst OEM Revision 00003000h Creator ID INTL Creator Revision 20061109h [ SSDT: Secondary System Description Table ] ACPI Table Properties: ACPI Signature SSDT Table Description Secondary System Description Table Memory Address C6E8E798h Table Length 1831 bytes OEM ID PmRef OEM Table ID Cpu0Cst OEM Revision 00003001h Creator ID INTL Creator Revision 20061109h [ SSDT: Secondary System Description Table ] ACPI Table Properties: ACPI Signature SSDT Table Description Secondary System Description Table Memory Address C6E8FA98h Table Length 771 bytes OEM ID PmRef OEM Table ID ApIst OEM Revision 00003000h Creator ID INTL Creator Revision 20061109h [ SSDT: Secondary System Description Table ] ACPI Table Properties: ACPI Signature SSDT Table Description Secondary System Description Table Memory Address C6FE5000h Table Length 2454 bytes OEM ID PmRef OEM Table ID CpuPm OEM Revision 00003000h Creator ID INTL Creator Revision 20061109h [ SSDT: Secondary System Description Table ] ACPI Table Properties: ACPI Signature SSDT Table Description Secondary System Description Table Memory Address C6FE6000h Table Length 2052 bytes OEM ID PmRef OEM Table ID Cpu0Ist OEM Revision 00003000h Creator ID INTL Creator Revision 20061109h [ SSDT: Secondary System Description Table ] ACPI Table Properties: ACPI Signature SSDT Table Description Secondary System Description Table Memory Address C6FE7000h Table Length 5467 bytes OEM ID NvORef OEM Table ID NvOptTbl OEM Revision 00001000h Creator ID INTL Creator Revision 20061109h [ SSDT: Secondary System Description Table ] ACPI Table Properties: ACPI Signature SSDT Table Description Secondary System Description Table Memory Address C6FFC000h Table Length 505 bytes OEM ID ACRSYS OEM Table ID PtidDevc OEM Revision 00001000h Creator ID INTL Creator Revision 20061109h [ UEFI: UEFI ACPI Boot Optimization Table ] ACPI Table Properties: ACPI Signature UEFI Table Description UEFI ACPI Boot Optimization Table Memory Address C6FE1000h Table Length 578 bytes OEM ID ACRSYS OEM Table ID ACRPRDCT OEM Revision 00000001h Creator ID PTL Creator Revision 00000001h [ UEFI: UEFI ACPI Boot Optimization Table ] ACPI Table Properties: ACPI Signature UEFI Table Description UEFI ACPI Boot Optimization Table Memory Address C6FE2000h Table Length 62 bytes OEM ID ACRSYS OEM Table ID ACRPRDCT OEM Revision 00000001h Creator ID PTL Creator Revision 00000001h [ UEFI: UEFI ACPI Boot Optimization Table ] ACPI Table Properties: ACPI Signature UEFI Table Description UEFI ACPI Boot Optimization Table Memory Address C6FE4000h Table Length 66 bytes OEM ID PTL OEM Table ID COMBUF OEM Revision 00000001h Creator ID PTL Creator Revision 00000001h [ XSDT: Extended System Description Table ] ACPI Table Properties: ACPI Signature XSDT Table Description Extended System Description Table Memory Address 00000000-C6FFE120h Table Length 148 bytes OEM ID ACRSYS OEM Table ID ACRPRDCT OEM Revision 00000001h Creator ID ANNI Creator Revision 00000001h XSDT Entry #0 00000000-C6FEC000h (FACP) XSDT Entry #1 00000000-C6FFD000h (SLIC) XSDT Entry #2 00000000-C6FFC000h (SSDT) XSDT Entry #3 00000000-C6FEE000h (ASF!) XSDT Entry #4 00000000-C6FEB000h (HPET) XSDT Entry #5 00000000-C6FEA000h (APIC) XSDT Entry #6 00000000-C6FE9000h (MCFG) XSDT Entry #7 00000000-C6FE7000h (SSDT) XSDT Entry #8 00000000-C6FE6000h (SSDT) XSDT Entry #9 00000000-C6FE5000h (SSDT) XSDT Entry #10 00000000-C6FE4000h (UEFI) XSDT Entry #11 00000000-C6FE3000h (POAT) XSDT Entry #12 00000000-C6FE2000h (UEFI) XSDT Entry #13 00000000-C6FE1000h (UEFI) --------[ Operating System ]-------------------------------------------------------------------------------------------- Operating System Properties: OS Name Microsoft Windows 7 Home Premium OS Language English (United States) OS Installer Language English (United States) OS Kernel Type Multiprocessor Free (64-bit) OS Version 6.1.7601 (Win7 RTM) OS Service Pack Service Pack 1 OS Installation Date 25/11/2012 OS Root C:\Windows License Information: Registered Owner user Registered Organization Product ID 00359-OEM-8992687-00006 Product Key VQB3X-Q3KP8-WJ2H8-R6B6D-7QJB7 Product Activation (WPA) Not Required Current Session: Computer Name USER-PC User Name user Logon Domain user-PC UpTime 765 sec (0 days, 0 hours, 12 min, 45 sec) Components Version: Common Controls 6.16 Windows Mail 6.1.7600.16385 (win7_rtm.090713-1255) Windows Media Player 12.0.7600.16385 (win7_rtm.090713-1255) Windows Messenger - Windows Live Messenger 15.4.3538.0513 Internet Information Services (IIS) - .NET Framework 3.5.30729.4926 built by: NetFXw7 Novell Client - DirectX DirectX 11.0 OpenGL 6.1.7600.16385 (win7_rtm.090713-1255) ASPI - Operating System Features: Debug Version No DBCS Version No Domain Controller No Security Present No Network Present Yes Remote Session No Safe Mode No Slow Processor No Terminal Services Yes --------[ Processes ]--------------------------------------------------------------------------------------------------- ACDSeePro6InTouch2.exe C:\Program Files (x86)\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe 32-bit 7876 KB 2 KB AdminService.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe 64-bit 6980 KB 2 KB aida64.exe C:\Program Files (x86)\AIDA64 Extreme Edition v2.60.2100\aida64.exe 32-bit 40664 KB 33 KB armsvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 32-bit 4040 KB 1 KB AthBtTray.exe C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe 64-bit 15048 KB 5 KB BackupManagerTray.exe C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe 32-bit 11484 KB 3 KB BtvStack.exe C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe 64-bit 14180 KB 10 KB clear.fiAgent.exe C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe 32-bit 712 KB 1 KB clear.fiMovieService.exe C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe 32-bit 8716 KB 4 KB CLHNServiceForPowerDVD.exe C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe 32-bit 4256 KB 1 KB CLMSMonitorService.exe C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe 32-bit 3628 KB 1 KB CLMSServer.exe C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe 32-bit 7744 KB 3 KB csrss.exe C:\Windows\system32\csrss.exe 64-bit 4632 KB 2 KB csrss.exe C:\Windows\system32\csrss.exe 64-bit 24940 KB 3 KB daemonu.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 32-bit 6252 KB 2 KB DMREngine.exe C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe 32-bit 1400 KB 5 KB Dock64.exe C:\Program Files (x86)\Stardock\ObjectDock Plus\Dock64.exe 64-bit 5996 KB 2 KB dsiwmis.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe 32-bit 4712 KB 2 KB dwm.exe C:\Windows\system32\Dwm.exe 64-bit 69592 KB 102 KB EgisUpdate.exe C:\Program Files\EgisTec IPS\EgisUpdate.exe 64-bit 7948 KB 4 KB ePowerEvent.exe C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe 64-bit 5640 KB 2 KB ePowerSvc.exe C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe 64-bit 7612 KB 3 KB ePowerTray.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe 64-bit 12560 KB 6 KB explorer.exe C:\Windows\Explorer.EXE 64-bit 43912 KB 25 KB GREGsvc.exe C:\Program Files (x86)\Acer\Registration\GREGsvc.exe 32-bit 4452 KB 1 KB hkcmd.exe C:\Windows\System32\hkcmd.exe 64-bit 7940 KB 3 KB igfxext.exe C:\Windows\system32\igfxext.exe 64-bit 7104 KB 2 KB igfxpers.exe C:\Windows\System32\igfxpers.exe 64-bit 10896 KB 4 KB igfxsrvc.exe C:\Windows\system32\igfxsrvc.exe 64-bit 8192 KB 3 KB igfxtray.exe C:\Windows\System32\igfxtray.exe 64-bit 13972 KB 5 KB IScheduleSvc.exe C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe 32-bit 10696 KB 5 KB jusched.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 32-bit 4796 KB 1 KB LManager.exe C:\Program Files (x86)\Launch Manager\LManager.exe 32-bit 14536 KB 11 KB LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 32-bit 4864 KB 2 KB LMutilps32.exe C:\Program Files (x86)\Launch Manager\LMutilps32.exe 32-bit 6052 KB 1 KB LMworker.exe C:\Program Files (x86)\Launch Manager\LMworker.exe 32-bit 5092 KB 5 KB lsass.exe C:\Windows\system32\lsass.exe 64-bit 11472 KB 4 KB lsm.exe C:\Windows\system32\lsm.exe 64-bit 4500 KB 2 KB mmc.exe C:\Windows\system32\mmc.exe 64-bit 10832 KB 48 KB MMDx64Fx.exe C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe 64-bit 6968 KB 3 KB NBService.exe C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe 32-bit 8616 KB 3 KB nusb3mon.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe 32-bit 5940 KB 2 KB nvtray.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 64-bit 9936 KB 4 KB nvvsvc.exe C:\Windows\system32\nvvsvc.exe 64-bit 23184 KB 14 KB nvvsvc.exe C:\Windows\system32\nvvsvc.exe 64-bit 8240 KB 3 KB nvxdsync.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe 64-bit 18052 KB 7 KB ObjectDock.exe C:\Program Files (x86)\Stardock\ObjectDock Plus\ObjectDock.exe 32-bit 18560 KB 15 KB ObjectDockTray.exe C:\Program Files (x86)\Stardock\ObjectDock Plus\ObjectDockTray.exe 64-bit 26428 KB 28 KB pcee4.exe C:\Dolby PCEE4\pcee4.exe 64-bit 36816 KB 39 KB PDVD11Serv.exe C:\Program Files (x86)\Cyberlink\PowerDVD11\PDVD11Serv.exe 32-bit 8964 KB 3 KB PmmUpdate.exe C:\Program Files\EgisTec IPS\PMMUpdate.exe 64-bit 5448 KB 2 KB PresentationFontCache.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 64-bit 24652 KB 30 KB RAVBg64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 64-bit 11444 KB 15 KB RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 64-bit 12876 KB 10 KB realsched.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe 32-bit 408 KB 2 KB SearchIndexer.exe C:\Windows\system32\SearchIndexer.exe 64-bit 12872 KB 18 KB services.exe C:\Windows\system32\services.exe 64-bit 10788 KB 6 KB sidebar.exe C:\Program Files\Windows Sidebar\sidebar.exe 64-bit 33684 KB 15 KB smss.exe 64-bit 1212 KB 0 KB splwow64.exe C:\Windows\splwow64.exe 64-bit 5340 KB 2 KB spoolsv.exe C:\Windows\System32\spoolsv.exe 64-bit 12488 KB 7 KB sppsvc.exe C:\Windows\system32\sppsvc.exe 64-bit 8436 KB 2 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 6388 KB 2 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 14912 KB 13 KB svchost.exe C:\Windows\System32\svchost.exe 64-bit 25336 KB 63 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 18956 KB 7 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 16368 KB 8 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 15968 KB 11 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 10032 KB 4 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 8860 KB 5 KB svchost.exe C:\Windows\System32\svchost.exe 64-bit 21052 KB 18 KB svchost.exe C:\Windows\System32\svchost.exe 64-bit 94 MB 87 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 32312 KB 19 KB SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 64-bit 14964 KB 9 KB SynTPHelper.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 64-bit 5160 KB 2 KB System Idle Process 24 KB 0 KB System 64-bit 304 KB 0 KB taskeng.exe C:\Windows\system32\taskeng.exe 64-bit 7984 KB 3 KB taskeng.exe C:\Windows\system32\taskeng.exe 64-bit 7212 KB 2 KB taskhost.exe C:\Windows\system32\taskhost.exe 64-bit 8984 KB 4 KB taskmgr.exe C:\Windows\system32\taskmgr.exe 64-bit 11828 KB 4 KB UNS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 32-bit 7436 KB 3 KB unsecapp.exe C:\Windows\system32\wbem\unsecapp.exe 64-bit 7292 KB 2 KB UpdaterService.exe C:\Program Files\Acer\Acer Updater\UpdaterService.exe 32-bit 3980 KB 1 KB winampa.exe C:\Program Files (x86)\Winamp\winampa.exe 32-bit 4684 KB 1 KB wininit.exe C:\Windows\system32\wininit.exe 64-bit 4968 KB 1 KB winlogon.exe C:\Windows\system32\winlogon.exe 64-bit 7712 KB 3 KB WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe 64-bit 9052 KB 3 KB WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe 32-bit 7620 KB 3 KB WmiPrvSE.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe 64-bit 7416 KB 3 KB wmpnetwk.exe C:\Program Files\Windows Media Player\wmpnetwk.exe 64-bit 6508 KB 11 KB --------[ System Drivers ]---------------------------------------------------------------------------------------------- {329F96B6-DF1E-4328-BFDA-39EA953C1312} Power Control [2012/11/29 21:28:12] 000.fcl 1.4.0.4719 Kernel Driver Running 1394ohci 1394 OHCI Compliant Host Controller 1394ohci.sys 6.1.7601.17514 Kernel Driver Stopped ACPI Microsoft ACPI Driver ACPI.sys 6.1.7601.17514 Kernel Driver Running AcpiPmi ACPI Power Meter Driver acpipmi.sys 6.1.7601.17514 Kernel Driver Stopped adp94xx adp94xx adp94xx.sys 1.6.6.4 Kernel Driver Stopped adpahci adpahci adpahci.sys 1.6.6.1 Kernel Driver Stopped adpu320 adpu320 adpu320.sys 7.2.0.0 Kernel Driver Stopped AFD Ancillary Function Driver for Winsock afd.sys 6.1.7601.17603 Kernel Driver Running agp440 Intel AGP Bus Filter agp440.sys 6.1.7600.16385 Kernel Driver Stopped AIDA64Driver FinalWire AIDA64 Kernel Driver kerneld.x64 Kernel Driver Running aliide aliide aliide.sys 1.2.0.0 Kernel Driver Stopped amdide amdide amdide.sys 6.1.7600.16385 Kernel Driver Stopped AmdK8 AMD K8 Processor Driver amdk8.sys 6.1.7600.16385 Kernel Driver Stopped AmdPPM AMD Processor Driver amdppm.sys 6.1.7600.16385 Kernel Driver Stopped amdsata amdsata amdsata.sys 1.1.2.5 Kernel Driver Stopped amdsbs amdsbs amdsbs.sys 3.6.1540.127 Kernel Driver Stopped amdxata amdxata amdxata.sys 1.1.2.5 Kernel Driver Running AppID AppID Driver appid.sys 6.1.7601.17514 Kernel Driver Stopped arc arc arc.sys 5.2.0.10384 Kernel Driver Stopped arcsas arcsas arcsas.sys 5.2.0.16119 Kernel Driver Stopped AsyncMac RAS Asynchronous Media Driver asyncmac.sys 6.1.7600.16385 Kernel Driver Stopped atapi IDE Channel atapi.sys 6.1.7600.16385 Kernel Driver Running AthBTPort Atheros Virtual Bluetooth Class btath_flt.sys 7.4.0.90 Kernel Driver Stopped athr Atheros Extensible Wireless LAN device driver athrx.sys 9.1.0.209 Kernel Driver Running b06bdrv Broadcom NetXtreme II VBD bxvbda.sys 4.8.2.0 Kernel Driver Stopped b57nd60a Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 b57nd60a.sys 10.100.4.0 Kernel Driver Stopped b57xdbd Broadcom xD Picture Bus Driver Service b57xdbd.sys 1.0.0.43 Kernel Driver Running b57xdmp Broadcom xD Picture vstorp client drv b57xdmp.sys 1.0.0.43 Kernel Driver Running Beep Beep Kernel Driver Running blbdrive blbdrive blbdrive.sys 6.1.7600.16385 Kernel Driver Running bowser Browser Support Driver bowser.sys 6.1.7601.17565 File System Driver Running BrFiltLo Brother USB Mass-Storage Lower Filter Driver BrFiltLo.sys 1.10.0.2 Kernel Driver Stopped BrFiltUp Brother USB Mass-Storage Upper Filter Driver BrFiltUp.sys 1.4.0.1 Kernel Driver Stopped Brserid Brother MFC Serial Port Interface Driver (WDM) Brserid.sys 1.0.1.6 Kernel Driver Stopped BrSerWdm Brother WDM Serial driver BrSerWdm.sys 1.0.0.20 Kernel Driver Stopped BrUsbMdm Brother MFC USB Fax Only Modem BrUsbMdm.sys 1.0.0.12 Kernel Driver Stopped BrUsbSer Brother MFC USB Serial WDM Driver BrUsbSer.sys 1.0.1.3 Kernel Driver Stopped bScsiMSa bScsiMSa bScsiMSa.sys 1.0.0.221 Kernel Driver Running bScsiSDa bScsiSDa bScsiSDa.sys 1.0.0.218 Kernel Driver Running BTATH_A2DP Bluetooth A2DP Audio Driver btath_a2dp.sys 7.4.0.90 Kernel Driver Stopped btath_avdt Atheros Bluetooth AVDT Service btath_avdt.sys 7.4.0.90 Kernel Driver Stopped BTATH_BUS Atheros Bluetooth Bus btath_bus.sys 7.4.0.90 Kernel Driver Running BTATH_HCRP Bluetooth HCRP Server driver btath_hcrp.sys 7.4.0.90 Kernel Driver Stopped BTATH_LWFLT Bluetooth LWFLT Device btath_lwflt.sys 7.4.0.90 Kernel Driver Stopped BTATH_RCP Bluetooth AVRCP Device btath_rcp.sys 7.4.0.95 Kernel Driver Stopped BtFilter BtFilter btfilter.sys 7.4.0.95 Kernel Driver Stopped BthEnum Bluetooth Enumerator Service BthEnum.sys 6.1.7600.16385 Kernel Driver Stopped BTHMODEM Bluetooth Serial Communications Driver bthmodem.sys 6.1.7600.16385 Kernel Driver Stopped BthPan Bluetooth Device (Personal Area Network) bthpan.sys 6.1.7600.16385 Kernel Driver Stopped BTHPORT Bluetooth Port Driver BTHport.sys 6.1.7601.17607 Kernel Driver Stopped BTHUSB Bluetooth Radio USB Driver BTHUSB.sys 6.1.7601.17607 Kernel Driver Stopped cdfs CD/DVD File System Reader cdfs.sys 6.1.7600.16385 File System Driver Running cdrom CD-ROM Driver cdrom.sys 6.1.7601.17514 Kernel Driver Running circlass Consumer IR Devices circlass.sys 6.1.7600.16385 Kernel Driver Stopped CLFS Common Log (CLFS) CLFS.sys 6.1.7600.16385 Kernel Driver Running CmBatt Microsoft AC Adapter Driver CmBatt.sys 6.1.7600.16385 Kernel Driver Running cmdide cmdide cmdide.sys 2.0.7.0 Kernel Driver Stopped CNG CNG cng.sys 6.1.7601.17514 Kernel Driver Running Compbatt Microsoft Composite Battery Driver compbatt.sys 6.1.7600.16385 Kernel Driver Running CompositeBus Composite Bus Enumerator Driver CompositeBus.sys 6.1.7601.17514 Kernel Driver Running crcdisk Crcdisk Filter Driver crcdisk.sys 6.1.7600.16385 Kernel Driver Stopped DfsC DFS Namespace Client Driver dfsc.sys 6.1.7601.17514 File System Driver Running discache System Attribute Cache discache.sys 6.1.7600.16385 Kernel Driver Running Disk Disk Driver disk.sys 6.1.7600.16385 Kernel Driver Running drmkaud Microsoft Trusted Audio Drivers drmkaud.sys 6.1.7600.16385 Kernel Driver Stopped DXGKrnl LDDM Graphics Subsystem dxgkrnl.sys 6.1.7601.17514 Kernel Driver Running ebdrv Broadcom NetXtreme II 10 GigE VBD evbda.sys 4.8.13.0 Kernel Driver Stopped elxstor elxstor elxstor.sys 7.2.10.211 Kernel Driver Stopped ErrDev Microsoft Hardware Error Device Driver errdev.sys 6.1.7600.16385 Kernel Driver Stopped exfat exFAT File System Driver File System Driver Stopped fastfat FAT12/16/32 File System Driver File System Driver Stopped fdc Floppy Disk Controller Driver fdc.sys 6.1.7600.16385 Kernel Driver Stopped FileInfo File Information FS MiniFilter fileinfo.sys 6.1.7600.16385 File System Driver Running Filetrace Filetrace filetrace.sys 6.1.7600.16385 File System Driver Stopped flpydisk Floppy Disk Driver flpydisk.sys 6.1.7600.16385 Kernel Driver Stopped FltMgr FltMgr fltmgr.sys 6.1.7601.17514 File System Driver Running FsDepends File System Dependency Minifilter FsDepends.sys 6.1.7600.16385 File System Driver Stopped fvevol Bitlocker Drive Encryption Filter Driver fvevol.sys 6.1.7601.17514 Kernel Driver Running gagp30kx Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms gagp30kx.sys 6.1.7600.16385 Kernel Driver Stopped hcw85cir Hauppauge Consumer Infrared Receiver hcw85cir.sys 1.31.27127.0 Kernel Driver Stopped HdAudAddService Microsoft 1.1 UAA Function Driver for High Definition Audio Service HdAudio.sys 6.1.7601.17514 Kernel Driver Stopped HDAudBus Microsoft UAA Bus Driver for High Definition Audio HDAudBus.sys 6.1.7601.17514 Kernel Driver Running HidBatt HID UPS Battery Driver HidBatt.sys 6.1.7600.16385 Kernel Driver Stopped HidBth Microsoft Bluetooth HID Miniport hidbth.sys 6.1.7600.16385 Kernel Driver Stopped HidIr Microsoft Infrared HID Driver hidir.sys 6.1.7600.16385 Kernel Driver Stopped HidUsb Microsoft HID Class Driver hidusb.sys 6.1.7601.17514 Kernel Driver Stopped HpSAMD HpSAMD HpSAMD.sys 6.12.6.64 Kernel Driver Stopped HTTP HTTP HTTP.sys 6.1.7601.17514 Kernel Driver Running hwpolicy Hardware Policy Driver hwpolicy.sys 6.1.7601.17514 Kernel Driver Running i8042prt i8042 Keyboard and PS/2 Mouse Port Driver i8042prt.sys 6.1.7600.16385 Kernel Driver Running iaStorV iaStorV iaStorV.sys 8.6.2.1014 Kernel Driver Stopped igfx igfx igdkmd64.sys 8.15.10.2345 Kernel Driver Running iirsp iirsp iirsp.sys 5.4.22.0 Kernel Driver Stopped IntcAzAudAddService Service for Realtek HD Audio (WDM) RTKVHD64.sys 6.0.1.6423 Kernel Driver Running IntcDAud Intel(R) Display Audio IntcDAud.sys 6.14.0.3074 Kernel Driver Running intelide intelide intelide.sys 6.1.7600.16385 Kernel Driver Running intelppm Intel Processor Driver intelppm.sys 6.1.7600.16385 Kernel Driver Running IpFilterDriver IP Traffic Filter Driver ipfltdrv.sys 6.1.7601.17514 Kernel Driver Stopped IPMIDRV IPMIDRV IPMIDrv.sys 6.1.7601.17514 Kernel Driver Stopped IPNAT IP Network Address Translator ipnat.sys 6.1.7600.16385 Kernel Driver Stopped IRENUM IR Bus Enumerator irenum.sys 6.1.7600.16385 Kernel Driver Stopped isapnp isapnp isapnp.sys 6.1.7600.16385 Kernel Driver Stopped iScsiPrt iScsiPort Driver msiscsi.sys 6.1.7601.17514 Kernel Driver Stopped k57nd60a Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0 k57nd60a.sys 14.4.0.4 Kernel Driver Running kbdclass Keyboard Class Driver kbdclass.sys 6.1.7600.16385 Kernel Driver Running kbdhid Keyboard HID Driver kbdhid.sys 6.1.7601.17514 Kernel Driver Stopped KSecDD KSecDD ksecdd.sys 6.1.7601.17514 Kernel Driver Running KSecPkg KSecPkg ksecpkg.sys 6.1.7601.17514 Kernel Driver Running ksthunk Kernel Streaming Thunks ksthunk.sys 6.1.7600.16385 Kernel Driver Running L1E NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) L1E62x64.sys 1.0.0.15 Kernel Driver Stopped lltdio Link-Layer Topology Discovery Mapper I/O Driver lltdio.sys 6.1.7600.16385 Kernel Driver Running LSI_FC LSI_FC lsi_fc.sys 1.28.3.52 Kernel Driver Stopped LSI_SAS LSI_SAS lsi_sas.sys 1.28.3.52 Kernel Driver Stopped LSI_SAS2 LSI_SAS2 lsi_sas2.sys 2.0.2.71 Kernel Driver Stopped LSI_SCSI LSI_SCSI lsi_scsi.sys 1.28.3.67 Kernel Driver Stopped luafv UAC File Virtualization luafv.sys 6.1.7600.16385 File System Driver Running megasas megasas megasas.sys 4.5.1.64 Kernel Driver Stopped MegaSR MegaSR MegaSR.sys 13.5.409.2009 Kernel Driver Stopped MEIx64 Intel(R) Management Engine Interface HECIx64.sys 7.0.0.1144 Kernel Driver Running Modem Modem modem.sys 6.1.7600.16385 Kernel Driver Stopped monitor Microsoft Monitor Class Function Driver Service monitor.sys 6.1.7600.16385 Kernel Driver Running mouclass Mouse Class Driver mouclass.sys 6.1.7600.16385 Kernel Driver Running mouhid Mouse HID Driver mouhid.sys 6.1.7600.16385 Kernel Driver Stopped mountmgr Mount Point Manager mountmgr.sys 6.1.7601.17514 Kernel Driver Running mpio mpio mpio.sys 6.1.7601.17514 Kernel Driver Stopped mpsdrv Windows Firewall Authorization Driver mpsdrv.sys 6.1.7600.16385 Kernel Driver Running MRxDAV WebDav Client Redirector Driver mrxdav.sys 6.1.7601.17514 File System Driver Stopped mrxsmb SMB MiniRedirector Wrapper and Engine mrxsmb.sys 6.1.7601.17605 File System Driver Running mrxsmb10 SMB 1.x MiniRedirector mrxsmb10.sys 6.1.7601.17647 File System Driver Running mrxsmb20 SMB 2.0 MiniRedirector mrxsmb20.sys 6.1.7601.17605 File System Driver Running msahci msahci msahci.sys 6.1.7601.17514 Kernel Driver Running msdsm msdsm msdsm.sys 6.1.7601.17514 Kernel Driver Stopped Msfs Msfs File System Driver Running mshidkmdf Pass-through HID to KMDF Filter Driver mshidkmdf.sys 6.1.7600.16385 Kernel Driver Stopped msisadrv msisadrv msisadrv.sys 6.1.7600.16385 Kernel Driver Running MSKSSRV Microsoft Streaming Service Proxy MSKSSRV.sys 6.1.7600.16385 Kernel Driver Stopped MSPCLOCK Microsoft Streaming Clock Proxy MSPCLOCK.sys 6.1.7600.16385 Kernel Driver Stopped MSPQM Microsoft Streaming Quality Manager Proxy MSPQM.sys 6.1.7600.16385 Kernel Driver Stopped MsRPC MsRPC Kernel Driver Stopped mssmbios Microsoft System Management BIOS Driver mssmbios.sys 6.1.7600.16385 Kernel Driver Running MSTEE Microsoft Streaming Tee/Sink-to-Sink Converter MSTEE.sys 6.1.7600.16385 Kernel Driver Stopped MTConfig Microsoft Input Configuration Driver MTConfig.sys 6.1.7600.16385 Kernel Driver Stopped Mup Mup mup.sys 6.1.7600.16385 File System Driver Running mwlPSDFilter mwlPSDFilter mwlPSDFilter.sys 3.2.8.0 File System Driver Running mwlPSDNServ mwlPSDNServ mwlPSDNServ.sys 3.2.8.0 Kernel Driver Running mwlPSDVDisk mwlPSDVDisk mwlPSDVDisk.sys 3.2.8.0 Kernel Driver Running NativeWifiP NativeWiFi Filter nwifi.sys 6.1.7600.16385 Kernel Driver Running NDIS NDIS System Driver ndis.sys 6.1.7601.17530 Kernel Driver Running NdisCap NDIS Capture LightWeight Filter ndiscap.sys 6.1.7600.16385 Kernel Driver Stopped NdisTapi Remote Access NDIS TAPI Driver ndistapi.sys 6.1.7600.16385 Kernel Driver Running Ndisuio NDIS Usermode I/O Protocol ndisuio.sys 6.1.7601.17514 Kernel Driver Running NdisWan Remote Access NDIS WAN Driver ndiswan.sys 6.1.7601.17514 Kernel Driver Running NDProxy NDIS Proxy Kernel Driver Running NetBIOS NetBIOS Interface netbios.sys 6.1.7600.16385 File System Driver Running NetBT NetBT netbt.sys 6.1.7601.17514 Kernel Driver Running nfrd960 nfrd960 nfrd960.sys 7.10.0.0 Kernel Driver Stopped Npfs Npfs File System Driver Running nsiproxy NSI proxy service driver. nsiproxy.sys 6.1.7600.16385 Kernel Driver Running Ntfs Ntfs File System Driver Running NTIDrvr NTIDrvr NTIDrvr.sys 1.0.0.10 Kernel Driver Running ntk_PowerDVD ntk_PowerDVD ntk_PowerDVD_64.sys 1.1.0.6803 Kernel Driver Running Null Null Kernel Driver Running nusb3hub Renesas Electronics USB 3.0 Hub Driver nusb3hub.sys 2.0.32.0 Kernel Driver Running nusb3xhc Renesas Electronics USB 3.0 Host Controller Driver nusb3xhc.sys 2.0.32.0 Kernel Driver Running nv_agp NVIDIA nForce AGP Bus Filter nv_agp.sys 6.1.7600.16385 Kernel Driver Stopped nvlddmkm nvlddmkm nvlddmkm.sys 8.17.12.8590 Kernel Driver Running nvpciflt nvpciflt nvpciflt.sys 8.17.12.8590 Kernel Driver Running nvraid nvraid nvraid.sys 10.6.0.18 Kernel Driver Stopped nvstor nvstor nvstor.sys 10.6.0.18 Kernel Driver Stopped ohci1394 1394 OHCI Compliant Host Controller (Legacy) ohci1394.sys 6.1.7600.16385 Kernel Driver Stopped Parport Parallel port driver parport.sys 6.1.7600.16385 Kernel Driver Stopped partmgr Partition Manager partmgr.sys 6.1.7601.17514 Kernel Driver Running pci PCI Bus Driver pci.sys 6.1.7601.17514 Kernel Driver Running pciide pciide pciide.sys 6.1.7600.16385 Kernel Driver Running pcmcia pcmcia pcmcia.sys 6.1.7600.16385 Kernel Driver Stopped pcw Performance Counters for Windows Driver pcw.sys 6.1.7600.16385 Kernel Driver Running PEAUTH PEAUTH peauth.sys 6.1.7600.16385 Kernel Driver Running PptpMiniport WAN Miniport (PPTP) raspptp.sys 6.1.7601.17514 Kernel Driver Running Processor Processor Driver processr.sys 6.1.7600.16385 Kernel Driver Stopped Psched QoS Packet Scheduler pacer.sys 6.1.7601.17514 Kernel Driver Running ql2300 ql2300 ql2300.sys 9.1.8.6 Kernel Driver Stopped ql40xx ql40xx ql40xx.sys 2.1.3.20 Kernel Driver Stopped QWAVEdrv QWAVE driver qwavedrv.sys 6.1.7600.16385 Kernel Driver Stopped RasAcd Remote Access Auto Connection Driver rasacd.sys 6.1.7600.16385 Kernel Driver Stopped RasAgileVpn WAN Miniport (IKEv2) AgileVpn.sys 6.1.7600.16385 Kernel Driver Running Rasl2tp WAN Miniport (L2TP) rasl2tp.sys 6.1.7601.17514 Kernel Driver Running RasPppoe Remote Access PPPOE Driver raspppoe.sys 6.1.7600.16385 Kernel Driver Running RasSstp WAN Miniport (SSTP) rassstp.sys 6.1.7600.16385 Kernel Driver Running rdbss Redirected Buffering Sub Sysytem rdbss.sys 6.1.7601.17514 File System Driver Running rdpbus Remote Desktop Device Redirector Bus Driver rdpbus.sys 6.1.7600.16385 Kernel Driver Stopped RDPCDD RDPCDD RDPCDD.sys 6.1.7600.16385 Kernel Driver Running RDPENCDD RDP Encoder Mirror Driver rdpencdd.sys 6.1.7600.16385 Kernel Driver Running RDPREFMP Reflector Display Driver used to gain access to graphics data rdprefmp.sys 6.1.7600.16385 Kernel Driver Running RDPWD RDP Winstation Driver Kernel Driver Stopped rdyboost ReadyBoost rdyboost.sys 6.1.7601.17514 Kernel Driver Running RFCOMM Bluetooth Device (RFCOMM Protocol TDI) rfcomm.sys 6.1.7600.16385 Kernel Driver Stopped rspndr Link-Layer Topology Discovery Responder rspndr.sys 6.1.7600.16385 Kernel Driver Running sbp2port sbp2port sbp2port.sys 6.1.7601.17514 Kernel Driver Stopped scfilter Smart card PnP Class Filter Driver scfilter.sys 6.1.7601.17514 Kernel Driver Stopped sdbus sdbus sdbus.sys 6.1.7601.17514 Kernel Driver Stopped secdrv Security Driver Kernel Driver Running Serenum Serenum Filter Driver serenum.sys 6.1.7600.16385 Kernel Driver Stopped Serial Serial serial.sys 6.1.7600.16385 Kernel Driver Stopped sermouse Serial Mouse Driver sermouse.sys 6.1.7600.16385 Kernel Driver Stopped sffdisk SFF Storage Class Driver sffdisk.sys 6.1.7600.16385 Kernel Driver Stopped sffp_mmc SFF Storage Protocol Driver for MMC sffp_mmc.sys 6.1.7600.16385 Kernel Driver Stopped sffp_sd SFF Storage Protocol Driver for SDBus sffp_sd.sys 6.1.7601.17514 Kernel Driver Stopped sfloppy High-Capacity Floppy Disk Drive sfloppy.sys 6.1.7600.16385 Kernel Driver Stopped SiSRaid2 SiSRaid2 SiSRaid2.sys 5.1.1039.2600 Kernel Driver Stopped SiSRaid4 SiSRaid4 sisraid4.sys 5.1.1039.3600 Kernel Driver Stopped Smb Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session) smb.sys 6.1.7600.16385 Kernel Driver Stopped spldr Security Processor Loader Driver Kernel Driver Running srv Server SMB 1.xxx Driver srv.sys 6.1.7601.17608 File System Driver Running srv2 Server SMB 2.xxx Driver srv2.sys 6.1.7601.17608 File System Driver Running srvnet srvnet srvnet.sys 6.1.7601.17608 File System Driver Running stexstor stexstor stexstor.sys 5.0.1.1 Kernel Driver Stopped swenum Software Bus Driver swenum.sys 6.1.7600.16385 Kernel Driver Running SynTP Synaptics TouchPad Driver SynTP.sys 15.1.18.0 Kernel Driver Running Tcpip TCP/IP Protocol Driver tcpip.sys 6.1.7601.17638 Kernel Driver Running TCPIP6 Microsoft IPv6 Protocol Driver tcpip.sys 6.1.7601.17638 Kernel Driver Stopped tcpipreg TCP/IP Registry Compatibility tcpipreg.sys 6.1.7601.17514 Kernel Driver Running TDPIPE TDPIPE tdpipe.sys 6.1.7600.16385 Kernel Driver Stopped TDTCP TDTCP tdtcp.sys 6.1.7600.16385 Kernel Driver Stopped tdx NetIO Legacy TDI Support Driver tdx.sys 6.1.7601.17514 Kernel Driver Running TermDD Terminal Device Driver termdd.sys 6.1.7601.17514 Kernel Driver Running tssecsrv Remote Desktop Services Security Filter Driver tssecsrv.sys 6.1.7601.17514 Kernel Driver Stopped TsUsbFlt TsUsbFlt tsusbflt.sys 6.1.7601.17514 Kernel Driver Stopped TsUsbGD Remote Desktop Generic USB Device TsUsbGD.sys 6.1.7601.17514 Kernel Driver Stopped tunnel Microsoft Tunnel Miniport Adapter Driver tunnel.sys 6.1.7601.17514 Kernel Driver Running uagp35 Microsoft AGPv3.5 Filter uagp35.sys 6.1.7600.16385 Kernel Driver Stopped UBHelper UBHelper UBHelper.sys 2.0.0.14 Kernel Driver Running udfs udfs udfs.sys 6.1.7601.17514 File System Driver Stopped uliagpkx Uli AGP Bus Filter uliagpkx.sys 6.1.7600.16385 Kernel Driver Stopped umbus UMBus Enumerator Driver umbus.sys 6.1.7601.17514 Kernel Driver Running UmPass Microsoft UMPass Driver umpass.sys 6.1.7600.16385 Kernel Driver Stopped usbccgp Microsoft USB Generic Parent Driver usbccgp.sys 6.1.7601.17586 Kernel Driver Running usbcir eHome Infrared Receiver (USBCIR) usbcir.sys 6.1.7600.16385 Kernel Driver Stopped usbehci Microsoft USB 2.0 Enhanced Host Controller Miniport Driver usbehci.sys 6.1.7601.17586 Kernel Driver Running usbhub Microsoft USB Standard Hub Driver usbhub.sys 6.1.7601.17586 Kernel Driver Running usbohci Microsoft USB Open Host Controller Miniport Driver usbohci.sys 6.1.7601.17586 Kernel Driver Stopped usbprint Microsoft USB PRINTER Class usbprint.sys 6.1.7600.16385 Kernel Driver Stopped USBSTOR USB Mass Storage Driver USBSTOR.SYS 6.1.7601.17577 Kernel Driver Stopped usbuhci Microsoft USB Universal Host Controller Miniport Driver usbuhci.sys 6.1.7601.17586 Kernel Driver Stopped usbvideo USB Video Device (WDM) usbvideo.sys 6.1.7601.17514 Kernel Driver Running vdrvroot Microsoft Virtual Drive Enumerator Driver vdrvroot.sys 6.1.7600.16385 Kernel Driver Running vga vga vgapnp.sys 6.1.7600.16385 Kernel Driver Stopped VgaSave VgaSave vga.sys 6.1.7600.16385 Kernel Driver Running vhdmp vhdmp vhdmp.sys 6.1.7601.17514 Kernel Driver Stopped viaide viaide viaide.sys 6.0.6000.170 Kernel Driver Stopped volmgr Volume Manager Driver volmgr.sys 6.1.7601.17514 Kernel Driver Running volmgrx Dynamic Volume Manager volmgrx.sys 6.1.7601.17514 Kernel Driver Running volsnap Storage volumes volsnap.sys 6.1.7601.17514 Kernel Driver Running vsmraid vsmraid vsmraid.sys 6.0.6000.6210 Kernel Driver Stopped vwifibus Virtual WiFi Bus Driver vwifibus.sys 6.1.7600.16385 Kernel Driver Running vwififlt Virtual WiFi Filter Driver vwififlt.sys 6.1.7600.16385 Kernel Driver Running WacomPen Wacom Serial Pen HID Driver wacompen.sys 6.1.7600.16385 Kernel Driver Stopped WANARP Remote Access IP ARP Driver wanarp.sys 6.1.7601.17514 Kernel Driver Stopped Wanarpv6 Remote Access IPv6 ARP Driver wanarp.sys 6.1.7601.17514 Kernel Driver Running Wd Wd wd.sys 6.1.7600.16385 Kernel Driver Stopped Wdf01000 Kernel Mode Driver Frameworks service Wdf01000.sys 1.9.7600.16385 Kernel Driver Running WfpLwf WFP Lightweight Filter wfplwf.sys 6.1.7600.16385 Kernel Driver Running WIMMount WIMMount wimmount.sys 6.1.7600.16385 File System Driver Stopped WmiAcpi Microsoft Windows Management Interface for ACPI wmiacpi.sys 6.1.7600.16385 Kernel Driver Running ws2ifsl Winsock IFS Driver ws2ifsl.sys 6.1.7600.16385 Kernel Driver Stopped WudfPf User Mode Driver Frameworks Platform Driver WudfPf.sys 6.1.7601.17514 Kernel Driver Running WUDFRd WUDFRd WUDFRd.sys 6.1.7601.17514 Kernel Driver Stopped --------[ Services ]---------------------------------------------------------------------------------------------------- AdobeARMservice Adobe Acrobat Update Service armsvc.exe 1.7.0.0 Own Process Running LocalSystem AeLookupSvc Application Experience svchost.exe 6.1.7600.16385 Share Process Running localSystem ALG Application Layer Gateway Service alg.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\LocalService AppIDSvc Application Identity svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService Appinfo Application Information svchost.exe 6.1.7600.16385 Share Process Running LocalSystem AtherosSvc AtherosSvc adminservice.exe 7.4.0.96 Own Process Running LocalSystem AudioEndpointBuilder Windows Audio Endpoint Builder svchost.exe 6.1.7600.16385 Share Process Running LocalSystem AudioSrv Windows Audio svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService AxInstSV ActiveX Installer (AxInstSV) svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem BDESVC BitLocker Drive Encryption Service svchost.exe 6.1.7600.16385 Share Process Stopped localSystem BFE Base Filtering Engine svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService BITS Background Intelligent Transfer Service svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem Browser Computer Browser svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem bthserv Bluetooth Support Service svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService CertPropSvc Certificate Propagation svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem CLHNServiceForPowerDVD CLHNServiceForPowerDVD CLHNServiceForPowerDVD.exe 1.0.0.3203 Own Process Running LocalSystem clr_optimization_v2.0.50727_32 Microsoft .NET Framework NGEN v2.0.50727_X86 mscorsvw.exe 2.0.50727.4927 Own Process Stopped LocalSystem clr_optimization_v2.0.50727_64 Microsoft .NET Framework NGEN v2.0.50727_X64 mscorsvw.exe 2.0.50727.4927 Own Process Stopped LocalSystem COMSysApp COM+ System Application dllhost.exe 6.1.7600.16385 Own Process Stopped LocalSystem CryptSvc Cryptographic Services svchost.exe 6.1.7600.16385 Share Process Running NT Authority\NetworkService CyberLink PowerDVD 11.0 Monitor Service CyberLink PowerDVD 11.0 Monitor Service CLMSMonitorService.exe 2.0.0.8731 Own Process Running LocalSystem CyberLink PowerDVD 11.0 Service CyberLink PowerDVD 11.0 Service CLMSServer.exe 2.0.0.8731 Own Process Running LocalSystem DcomLaunch DCOM Server Process Launcher svchost.exe 6.1.7600.16385 Share Process Running LocalSystem defragsvc Disk Defragmenter svchost.exe 6.1.7600.16385 Own Process Stopped localSystem Dhcp DHCP Client svchost.exe 6.1.7600.16385 Share Process Running NT Authority\LocalService Dnscache DNS Client svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService dot3svc Wired AutoConfig svchost.exe 6.1.7600.16385 Share Process Stopped localSystem DPS Diagnostic Policy Service svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService DsiWMIService Dritek WMI Service dsiwmis.exe 3.5.0.1821 Own Process Running LocalSystem EapHost Extensible Authentication Protocol svchost.exe 6.1.7600.16385 Share Process Running localSystem EFS Encrypting File System (EFS) lsass.exe 6.1.7600.16385 Share Process Stopped LocalSystem EgisTec Ticket Service EgisTec Ticket Service EgisTicketService.exe 7.0.28.2 Own Process Stopped LocalSystem ehRecvr Windows Media Center Receiver Service ehRecvr.exe 6.1.7601.17514 Own Process Stopped NT AUTHORITY\networkService ehSched Windows Media Center Scheduler Service ehsched.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\networkService ePowerSvc ePower Service ePowerSvc.exe 6.0.3008.0 Own Process Running LocalSystem eventlog Windows Event Log svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService EventSystem COM+ Event System svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService Fax Fax fxssvc.exe 6.1.7601.17514 Own Process Stopped NT AUTHORITY\NetworkService fdPHost Function Discovery Provider Host svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService FDResPub Function Discovery Resource Publication svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService FLEXnet Licensing Service FLEXnet Licensing Service FNPLicensingService.exe 11.6.0.0 Own Process Stopped LocalSystem FontCache Windows Font Cache Service svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService FontCache3.0.0.0 Windows Presentation Foundation Font Cache 3.0.0.0 PresentationFontCache.exe 3.0.6920.5011 Own Process Running NT Authority\LocalService GamesAppService GamesAppService GamesAppService.exe 4.0.4918.0 Own Process Stopped LocalSystem gpsvc Group Policy Client svchost.exe 6.1.7600.16385 Share Process Running LocalSystem GREGService GREGService GREGsvc.exe 1.0.0.3 Own Process Running LocalSystem hidserv Human Interface Device Access svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem hkmsvc Health Key and Certificate Management svchost.exe 6.1.7600.16385 Share Process Stopped localSystem HomeGroupListener HomeGroup Listener svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem HomeGroupProvider HomeGroup Provider svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService idsvc Windows CardSpace infocard.exe 3.0.4506.5420 Share Process Stopped LocalSystem IKEEXT IKE and AuthIP IPsec Keying Modules svchost.exe 6.1.7600.16385 Share Process Running LocalSystem IPBusEnum PnP-X IP Bus Enumerator svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem iphlpsvc IP Helper svchost.exe 6.1.7600.16385 Share Process Running LocalSystem KeyIso CNG Key Isolation lsass.exe 6.1.7600.16385 Share Process Running LocalSystem KtmRm KtmRm for Distributed Transaction Coordinator svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService LanmanServer Server svchost.exe 6.1.7600.16385 Share Process Running LocalSystem LanmanWorkstation Workstation svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService Live Updater Service Live Updater Service UpdaterService.exe 1.2.3500.0 Own Process Running LocalSystem lltdsvc Link-Layer Topology Discovery Mapper svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService lmhosts TCP/IP NetBIOS Helper svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService LMS Intel(R) Management and Security Application Local Management Service LMS.exe 7.1.10.1065 Own Process Running LocalSystem Mcx2Svc Media Center Extender Service svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService Microsoft Office Groove Audit Service Microsoft Office Groove Audit Service GrooveAuditService.exe 12.0.6413.1000 Own Process Stopped NT AUTHORITY\LocalService MMCSS Multimedia Class Scheduler svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem MozillaMaintenance Mozilla Maintenance Service maintenanceservice.exe 16.0.2.4680 Own Process Stopped LocalSystem MpsSvc Windows Firewall svchost.exe 6.1.7600.16385 Share Process Running NT Authority\LocalService MSDTC Distributed Transaction Coordinator msdtc.exe 2001.12.8530.16385 Own Process Stopped NT AUTHORITY\NetworkService MSiSCSI Microsoft iSCSI Initiator Service svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem msiserver Windows Installer msiexec.exe 5.0.7601.17514 Own Process Stopped LocalSystem napagent Network Access Protection Agent svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService Nero BackItUp Scheduler 4.0 Nero BackItUp Scheduler 4.0 NBService.exe 4.2.3.100 Own Process Running LocalSystem Netlogon Netlogon lsass.exe 6.1.7600.16385 Share Process Stopped LocalSystem Netman Network Connections svchost.exe 6.1.7600.16385 Share Process Running LocalSystem netprofm Network List Service svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService NetTcpPortSharing Net.Tcp Port Sharing Service SMSvcHost.exe 3.0.4506.4926 Share Process Stopped NT AUTHORITY\LocalService NlaSvc Network Location Awareness svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService nsi Network Store Interface Service svchost.exe 6.1.7600.16385 Share Process Running NT Authority\LocalService NTI IScheduleSvc NTI IScheduleSvc IScheduleSvc.exe 3.0.0.99 Own Process Running LocalSystem nvsvc NVIDIA Display Driver Service nvvsvc.exe 8.17.12.8590 Own Process Running LocalSystem nvUpdatusService NVIDIA Update Service Daemon daemonu.exe 1.5.21.0 Own Process Running .\UpdatusUser odserv Microsoft Office Diagnostics Service ODSERV.EXE 12.0.6413.1000 Own Process Stopped LocalSystem ose Office Source Engine OSE.EXE 12.0.4518.1014 Own Process Stopped LocalSystem p2pimsvc Peer Networking Identity Manager svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService p2psvc Peer Networking Grouping svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService PcaSvc Program Compatibility Assistant Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem PerfHost Performance Counter DLL Host perfhost.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\LocalService pla Performance Logs & Alerts svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService PlugPlay Plug and Play svchost.exe 6.1.7600.16385 Share Process Running LocalSystem PNRPAutoReg PNRP Machine Name Publication Service svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService PNRPsvc Peer Name Resolution Protocol svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService PolicyAgent IPsec Policy Agent svchost.exe 6.1.7600.16385 Share Process Running NT Authority\NetworkService Power Power svchost.exe 6.1.7600.16385 Share Process Running LocalSystem ProfSvc User Profile Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem ProtectedStorage Protected Storage lsass.exe 6.1.7600.16385 Share Process Stopped LocalSystem QWAVE Quality Windows Audio Video Experience svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService RasAuto Remote Access Auto Connection Manager svchost.exe 6.1.7600.16385 Share Process Stopped localSystem RasMan Remote Access Connection Manager svchost.exe 6.1.7600.16385 Share Process Stopped localSystem RemoteAccess Routing and Remote Access svchost.exe 6.1.7600.16385 Share Process Stopped localSystem RemoteRegistry Remote Registry svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService RpcEptMapper RPC Endpoint Mapper svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService RpcLocator Remote Procedure Call (RPC) Locator locator.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\NetworkService RpcSs Remote Procedure Call (RPC) svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService SamSs Security Accounts Manager lsass.exe 6.1.7600.16385 Share Process Running LocalSystem SCardSvr Smart Card svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService Schedule Task Scheduler svchost.exe 6.1.7600.16385 Share Process Running LocalSystem SCPolicySvc Smart Card Removal Policy svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem SDRSVC Windows Backup svchost.exe 6.1.7600.16385 Own Process Stopped localSystem seclogon Secondary Logon svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem SENS System Event Notification Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem SensrSvc Adaptive Brightness svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService SessionEnv Remote Desktop Configuration svchost.exe 6.1.7600.16385 Share Process Stopped localSystem SharedAccess Internet Connection Sharing (ICS) svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem ShellHWDetection Shell Hardware Detection svchost.exe 6.1.7600.16385 Share Process Running LocalSystem SNMPTRAP SNMP Trap snmptrap.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\LocalService Spooler Print Spooler spoolsv.exe 6.1.7601.17514 Own Process Running LocalSystem sppsvc Software Protection sppsvc.exe 6.1.7601.17514 Own Process Running NT AUTHORITY\NetworkService sppuinotify SPP Notification Service svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService SSDPSRV SSDP Discovery svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService SstpSvc Secure Socket Tunneling Protocol Service svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService stisvc Windows Image Acquisition (WIA) svchost.exe 6.1.7600.16385 Own Process Stopped NT Authority\LocalService swprv Microsoft Software Shadow Copy Provider svchost.exe 6.1.7600.16385 Own Process Stopped LocalSystem SysMain Superfetch svchost.exe 6.1.7600.16385 Share Process Running LocalSystem TabletInputService Tablet PC Input Service svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem TapiSrv Telephony svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService TBS TPM Base Services svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService TermService Remote Desktop Services svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\NetworkService Themes Themes svchost.exe 6.1.7600.16385 Share Process Running LocalSystem THREADORDER Thread Ordering Server svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService TrkWks Distributed Link Tracking Client svchost.exe 6.1.7600.16385 Share Process Running LocalSystem TrustedInstaller Windows Modules Installer TrustedInstaller.exe 6.1.7601.17514 Own Process Stopped localSystem UI0Detect Interactive Services Detection UI0Detect.exe 6.1.7600.16385 Own Process Stopped LocalSystem UNS Intel(R) Management and Security Application User Notification Service UNS.exe 7.1.10.1065 Own Process Running LocalSystem upnphost UPnP Device Host svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService UxSms Desktop Window Manager Session Manager svchost.exe 6.1.7600.16385 Share Process Running localSystem VaultSvc Credential Manager lsass.exe 6.1.7600.16385 Share Process Stopped LocalSystem vds Virtual Disk vds.exe 6.1.7601.17514 Own Process Stopped LocalSystem VSS Volume Shadow Copy vssvc.exe 6.1.7601.17514 Own Process Stopped LocalSystem W32Time Windows Time svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService wbengine Block Level Backup Engine Service wbengine.exe 6.1.7601.17514 Own Process Stopped localSystem WbioSrvc Windows Biometric Service svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem wcncsvc Windows Connect Now - Config Registrar svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService WcsPlugInService Windows Color System svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService WdiServiceHost Diagnostic Service Host svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService WdiSystemHost Diagnostic System Host svchost.exe 6.1.7600.16385 Share Process Running LocalSystem WebClient WebClient svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService Wecsvc Windows Event Collector svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService wercplsupport Problem Reports and Solutions Control Panel Support svchost.exe 6.1.7600.16385 Share Process Stopped localSystem WerSvc Windows Error Reporting Service svchost.exe 6.1.7600.16385 Share Process Stopped localSystem WinDefend Windows Defender svchost.exe 6.1.7600.16385 Share Process Running LocalSystem WinHttpAutoProxySvc WinHTTP Web Proxy Auto-Discovery Service svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService Winmgmt Windows Management Instrumentation svchost.exe 6.1.7600.16385 Share Process Running localSystem WinRM Windows Remote Management (WS-Management) svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService Wlansvc WLAN AutoConfig svchost.exe 6.1.7600.16385 Share Process Running LocalSystem wlcrasvc Windows Live Mesh remote connections service wlcrasvc.exe 15.4.5722.2 Own Process Stopped LocalSystem wlidsvc Windows Live ID Sign-in Assistant WLIDSVC.EXE 7.250.4232.0 Own Process Stopped LocalSystem wmiApSrv WMI Performance Adapter WmiApSrv.exe 6.1.7600.16385 Own Process Stopped localSystem WMPNetworkSvc Windows Media Player Network Sharing Service wmpnetwk.exe Own Process Running NT AUTHORITY\NetworkService WPCSvc Parental Controls svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService WPDBusEnum Portable Device Enumerator Service svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem wscsvc Security Center svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService WSearch Windows Search SearchIndexer.exe 7.0.7601.17610 Own Process Running LocalSystem wuauserv Windows Update svchost.exe 6.1.7600.16385 Share Process Running LocalSystem wudfsvc Windows Driver Foundation - User-mode Driver Framework svchost.exe 6.1.7600.16385 Share Process Running LocalSystem WwanSvc WWAN AutoConfig svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService --------[ AX Files ]---------------------------------------------------------------------------------------------------- bdaplgin.ax 6.1.7600.16385 Microsoft BDA Device Control Plug-in for MPEG2 based networks. g711codc.ax 6.1.7601.17514 Intel G711 CODEC iac25_32.ax 2.0.5.53 Indeo® audio software ir41_32.ax 4.51.16.3 Intel Indeo® Video 4.5 ivfsrc.ax 5.10.2.51 Intel Indeo® video IVF Source Filter 5.10 ksproxy.ax 6.1.7601.17514 WDM Streaming ActiveMovie Proxy kstvtune.ax 6.1.7601.17514 WDM Streaming TvTuner kswdmcap.ax 6.1.7601.17514 WDM Streaming Video Capture ksxbar.ax 6.1.7601.17514 WDM Streaming Crossbar mpeg2data.ax 6.6.7601.17514 Microsoft MPEG-2 Section and Table Acquisition Module mpg2splt.ax 6.6.7601.17528 DirectShow MPEG-2 Splitter. msdvbnp.ax 6.6.7601.17514 Microsoft Network Provider for MPEG2 based networks. msnp.ax 6.6.7601.17514 Microsoft Network Provider for MPEG2 based networks. psisrndr.ax 6.6.7601.17514 Microsoft Transport Information Filter for MPEG2 based networks. vbicodec.ax 6.6.7601.17514 Microsoft VBI Codec vbisurf.ax 6.1.7601.17514 VBI Surface Allocator Filter vidcap.ax 6.1.7600.16385 Video Capture Interface Server wstpager.ax 6.6.7601.17514 Microsoft Teletext Server --------[ DLL Files ]--------------------------------------------------------------------------------------------------- aaclient.dll 6.1.7601.17514 Anywhere access client accessibilitycpl.dll 6.1.7601.17514 Ease of access control panel acctres.dll 6.1.7600.16385 Microsoft Internet Account Manager Resources acledit.dll 6.1.7600.16385 Access Control List Editor aclui.dll 6.1.7600.16385 Security Descriptor Editor acppage.dll 6.1.7601.17514 Compatibility Tab Shell Extension Library actioncenter.dll 6.1.7601.17514 Action Center actioncentercpl.dll 6.1.7601.17514 Action Center Control Panel activeds.dll 6.1.7601.17514 ADs Router Layer DLL actxprxy.dll 6.1.7601.17514 ActiveX Interface Marshaling Library admparse.dll 9.0.8112.16421 IEAK Global Policy Template Parser adprovider.dll 6.1.7600.16385 adprovider DLL adsldp.dll 6.1.7601.17514 ADs LDAP Provider DLL adsldpc.dll 6.1.7600.16385 ADs LDAP Provider C DLL adsmsext.dll 6.1.7600.16385 ADs LDAP Provider DLL adsnt.dll 6.1.7600.16385 ADs Windows NT Provider DLL adtschema.dll 6.1.7600.16385 Security Audit Schema DLL advapi32.dll 6.1.7601.17514 Advanced Windows 32 Base API advpack.dll 8.0.7600.16385 ADVPACK aecache.dll 6.1.7600.16385 AECache Sysprep Plugin aeevts.dll 6.1.7600.16385 Application Experience Event Resources agrsco64.dll 1.0.0.9 LSISoft Modem Co-Installer alttab.dll 6.1.7600.16385 Windows Shell Alt Tab amstream.dll 6.6.7601.17514 DirectShow Runtime. amxread.dll 6.1.7600.16385 API Tracing Manifest Read Library apds.dll 6.1.7600.16385 Microsoft® Help Data Services Module apilogen.dll 6.1.7600.16385 API Tracing Log Engine api-ms-win-core-console-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-datetime-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-debug-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-delayload-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-errorhandling-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-fibers-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-file-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-handle-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-heap-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-interlocked-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-io-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-libraryloader-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-localization-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-localregistry-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-memory-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-misc-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-namedpipe-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-processenvironment-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-processthreads-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-profile-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-rtlsupport-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-string-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-synch-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-sysinfo-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-threadpool-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-util-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-core-xstate-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-security-base-l1-1-0.dll 6.1.7601.17651 ApiSet Stub DLL api-ms-win-security-lsalookup-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL api-ms-win-security-sddl-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL api-ms-win-service-core-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL api-ms-win-service-management-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL api-ms-win-service-management-l2-1-0.dll 6.1.7600.16385 ApiSet Stub DLL api-ms-win-service-winsvc-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL apircl.dll 6.1.7600.16385 Microsoft® InfoTech IR Local DLL apisetschema.dll 6.1.7600.16385 ApiSet Schema DLL apphelp.dll 6.1.7601.17514 Application Compatibility Client Library apphlpdm.dll 6.1.7600.16385 Application Compatibility Help Module appidapi.dll 6.1.7600.16385 Application Identity APIs Dll apss.dll 6.1.7600.16385 Microsoft® InfoTech Storage System Library asferror.dll 12.0.7600.16385 ASF Error Definitions asycfilt.dll 6.1.7601.17514 atl.dll 3.5.2284.0 ATL Module for Windows XP (Unicode) atl100.dll 10.0.40219.1 ATL Module for Windows atl71.dll 7.10.3077.0 ATL Module for Windows (Unicode) atmfd.dll 5.1.2.234 Windows NT OpenType/Type 1 Font Driver atmlib.dll 5.1.2.234 Windows NT OpenType/Type 1 API Library. audiodev.dll 6.1.7601.17514 Portable Media Devices Shell Extension audioeng.dll 6.1.7600.16385 Audio Engine audiokse.dll 6.1.7600.16385 Audio Ks Endpoint audioses.dll 6.1.7601.17514 Audio Session authfwcfg.dll 6.1.7600.16385 Windows Firewall with Advanced Security Configuration Helper authfwgp.dll 6.1.7600.16385 Windows Firewall with Advanced Security Group Policy Editor Extension authfwsnapin.dll 6.1.7601.17514 Microsoft.WindowsFirewall.SnapIn authfwwizfwk.dll 6.1.7600.16385 Wizard Framework authui.dll 6.1.7601.17514 Windows Authentication UI authz.dll 6.1.7600.16385 Authorization Framework autoplay.dll 6.1.7601.17514 AutoPlay Control Panel auxiliarydisplayapi.dll 6.1.7600.16385 Microsoft Windows SideShow API auxiliarydisplaycpl.dll 6.1.7601.17514 Microsoft Windows SideShow Control Panel avicap32.dll 6.1.7600.16385 AVI Capture window class avifil32.dll 6.1.7601.17514 Microsoft AVI File support library avrt.dll 6.1.7600.16385 Multimedia Realtime Runtime azroles.dll 6.1.7601.17514 azroles Module azroleui.dll 6.1.7601.17514 Authorization Manager azsqlext.dll 6.1.7601.17514 AzMan Sql Audit Extended Stored Procedures Dll basecsp.dll 6.1.7601.17514 Microsoft Base Smart Card Crypto Provider batmeter.dll 6.1.7601.17514 Battery Meter Helper DLL bcrypt.dll 6.1.7600.16385 Windows Cryptographic Primitives Library (Wow64) bcryptprimitives.dll 6.1.7600.16385 Windows Cryptographic Primitives Library bidispl.dll 6.1.7600.16385 Bidispl DLL biocredprov.dll 6.1.7600.16385 WinBio Credential Provider bitsperf.dll 7.5.7601.17514 Perfmon Counter Access bitsprx2.dll 7.5.7600.16385 Background Intelligent Transfer Service Proxy bitsprx3.dll 7.5.7600.16385 Background Intelligent Transfer Service 2.0 Proxy bitsprx4.dll 7.5.7600.16385 Background Intelligent Transfer Service 2.5 Proxy bitsprx5.dll 7.5.7600.16385 Background Intelligent Transfer Service 3.0 Proxy bitsprx6.dll 7.5.7600.16385 Background Intelligent Transfer Service 4.0 Proxy blackbox.dll 11.0.7601.17514 BlackBox DLL bootvid.dll 6.1.7600.16385 VGA Boot Driver browcli.dll 6.1.7601.17514 Browser Service Client DLL browseui.dll 6.1.7601.17514 Shell Browser UI Library btpanui.dll 6.1.7600.16385 Bluetooth PAN User Interface bwcontexthandler.dll 1.0.0.1 ContextH Application bwunpairelevated.dll 6.1.7600.16385 BWUnpairElevated Proxy Dll c_g18030.dll 6.1.7600.16385 GB18030 DBCS-Unicode Conversion DLL c_is2022.dll 6.1.7600.16385 ISO-2022 Code Page Translation DLL c_iscii.dll 6.1.7601.17514 ISCII Code Page Translation DLL cabinet.dll 6.1.7601.17514 Microsoft® Cabinet File API cabview.dll 6.1.7601.17514 Cabinet File Viewer Shell Extension capiprovider.dll 6.1.7600.16385 capiprovider DLL capisp.dll 6.1.7600.16385 Sysprep cleanup dll for CAPI catsrv.dll 2001.12.8530.16385 COM+ Configuration Catalog Server catsrvps.dll 2001.12.8530.16385 COM+ Configuration Catalog Server Proxy/Stub catsrvut.dll 2001.12.8530.16385 COM+ Configuration Catalog Server Utilities cca.dll 6.6.7601.17514 CCA DirectShow Filter. cdosys.dll 6.6.7601.17514 Microsoft CDO for Windows Library certcli.dll 6.1.7601.17514 Microsoft® Active Directory Certificate Services Client certcredprovider.dll 6.1.7600.16385 Cert Credential Provider certenc.dll 6.1.7600.16385 Active Directory Certificate Services Encoding certenroll.dll 6.1.7601.17514 Microsoft® Active Directory Certificate Services Enrollment Client certenrollui.dll 6.1.7600.16385 X509 Certificate Enrollment UI certmgr.dll 6.1.7601.17514 Certificates snap-in certpoleng.dll 6.1.7601.17514 Certificate Policy Engine cewmdm.dll 12.0.7600.16385 Windows CE WMDM Service Provider cfgbkend.dll 6.1.7600.16385 Configuration Backend Interface cfgmgr32.dll 6.1.7601.17621 Configuration Manager DLL chsbrkr.dll 6.1.7600.16385 Simplified Chinese Word Breaker chtbrkr.dll 6.1.7600.16385 Chinese Traditional Word Breaker chxreadingstringime.dll 6.1.7600.16385 CHxReadingStringIME cic.dll 6.1.7600.16385 CIC - MMC controls for Taskpad clb.dll 6.1.7600.16385 Column List Box clbcatq.dll 2001.12.8530.16385 COM+ Configuration Catalog clfsw32.dll 6.1.7600.16385 Common Log Marshalling Win32 DLL cliconfg.dll 6.1.7600.16385 SQL Client Configuration Utility DLL clusapi.dll 6.1.7601.17514 Cluster API Library cmcfg32.dll 7.2.7600.16385 Microsoft Connection Manager Configuration Dll cmdial32.dll 7.2.7600.16385 Microsoft Connection Manager cmicryptinstall.dll 6.1.7600.16385 Installers for cryptographic elements of CMI objects cmifw.dll 6.1.7600.16385 Windows Firewall rule configuration plug-in cmipnpinstall.dll 6.1.7600.16385 PNP plugin installer for CMI cmlua.dll 7.2.7600.16385 Connection Manager Admin API Helper cmpbk32.dll 7.2.7600.16385 Microsoft Connection Manager Phonebook cmstplua.dll 7.2.7600.16385 Connection Manager Admin API Helper for Setup cmutil.dll 7.2.7600.16385 Microsoft Connection Manager Utility Lib cngaudit.dll 6.1.7600.16385 Windows Cryptographic Next Generation audit library cngprovider.dll 6.1.7600.16385 cngprovider DLL cnvfat.dll 6.1.7600.16385 FAT File System Conversion Utility DLL colbact.dll 2001.12.8530.16385 COM+ colorcnv.dll 6.1.7600.16385 Windows Media Color Conversion colorui.dll 6.1.7600.16385 Microsoft Color Control Panel comcat.dll 6.1.7600.16385 Microsoft Component Category Manager Library comctl32.dll 5.82.7601.17514 User Experience Controls Library comdlg32.dll 6.1.7601.17514 Common Dialogs DLL compobj.dll 2.10.35.35 OLE 2.1 16/32 Interoperability Library compstui.dll 6.1.7600.16385 Common Property Sheet User Interface DLL comrepl.dll 2001.12.8530.16385 COM+ comres.dll 2001.12.8530.16385 COM+ Resources comsnap.dll 2001.12.8530.16385 COM+ Explorer MMC Snapin comsvcs.dll 2001.12.8530.16385 COM+ Services comuid.dll 2001.12.8530.16385 COM+ Explorer UI connect.dll 6.1.7600.16385 Get Connected Wizards console.dll 6.1.7600.16385 Control Panel Console Applet cpfilters.dll 6.6.7601.17528 PTFilter & Encypter/Decrypter Tagger Filters. credssp.dll 6.1.7601.17514 Credential Delegation Security Package credui.dll 6.1.7601.17514 Credential Manager User Interface crtdll.dll 4.0.1183.1 Microsoft C Runtime Library crypt32.dll 6.1.7601.17514 Crypto API32 cryptbase.dll 6.1.7600.16385 Base cryptographic API DLL cryptdlg.dll 6.1.7600.16385 Microsoft Common Certificate Dialogs cryptdll.dll 6.1.7600.16385 Cryptography Manager cryptext.dll 6.1.7600.16385 Crypto Shell Extensions cryptnet.dll 6.1.7600.16385 Crypto Network Related API cryptsp.dll 6.1.7600.16385 Cryptographic Service Provider API cryptsvc.dll 6.1.7601.17514 Cryptographic Services cryptui.dll 6.1.7601.17514 Microsoft Trust UI Provider cryptxml.dll 6.1.7600.16385 XML DigSig API cscapi.dll 6.1.7601.17514 Offline Files Win32 API cscdll.dll 6.1.7601.17514 Offline Files Temporary Shim csver.dll 9.2.0.1021 CSVer ctl3d32.dll 2.31.0.0 Ctl3D 3D Windows Controls d2d1.dll 6.1.7601.17563 Microsoft D2D Library d3d10.dll 6.1.7600.16385 Direct3D 10 Runtime d3d10_1.dll 6.1.7601.17544 Direct3D 10.1 Runtime d3d10_1core.dll 6.1.7601.17514 Direct3D 10.1 Runtime d3d10core.dll 6.1.7600.16385 Direct3D 10 Runtime d3d10level9.dll 6.1.7601.17514 Direct3D 10 to Direct3D9 Translation Runtime d3d10warp.dll 6.1.7601.17514 Direct3D 10 Rasterizer d3d11.dll 6.1.7601.17514 Direct3D 11 Runtime d3d8.dll 6.1.7600.16385 Microsoft Direct3D d3d8thk.dll 6.1.7600.16385 Microsoft Direct3D OS Thunk Layer d3d9.dll 6.1.7601.17514 Direct3D 9 Runtime d3dcompiler_41.dll 9.26.952.2844 Direct3D HLSL Compiler d3dim.dll 6.1.7600.16385 Microsoft Direct3D d3dim700.dll 6.1.7600.16385 Microsoft Direct3D d3dramp.dll 6.1.7600.16385 Microsoft Direct3D d3dx10_41.dll 9.26.952.2844 Direct3D 10.1 Extensions d3dx10_42.dll 9.27.952.3001 Direct3D 10.1 Extensions d3dx9_30.dll 9.12.589.0 Microsoft® DirectX for Windows® d3dx9_31.dll 9.15.779.0 Microsoft® DirectX for Windows® d3dx9_32.dll 9.16.843.0 Microsoft® DirectX for Windows® d3dx9_42.dll 9.27.952.3001 Direct3D 9 Extensions d3dxof.dll 6.1.7600.16385 DirectX Files DLL dataclen.dll 6.1.7600.16385 Disk Space Cleaner for Windows davclnt.dll 6.1.7601.17514 Web DAV Client DLL davhlpr.dll 6.1.7600.16385 DAV Helper DLL dbgeng.dll 6.1.7601.17514 Windows Symbolic Debugger Engine dbghelp.dll 6.1.7601.17514 Windows Image Helper dbnetlib.dll 6.1.7600.16385 Winsock Oriented Net DLL for SQL Clients dbnmpntw.dll 6.1.7600.16385 Named Pipes Net DLL for SQL Clients dciman32.dll 6.1.7600.16385 DCI Manager ddaclsys.dll 6.1.7600.16385 SysPrep module for Reseting Data Drive ACL ddoiproxy.dll 6.1.7600.16385 DDOI Interface Proxy ddores.dll 6.1.7600.16385 Device Category information and resources ddraw.dll 6.1.7600.16385 Microsoft DirectDraw ddrawex.dll 6.1.7600.16385 Direct Draw Ex defaultlocationcpl.dll 6.1.7601.17514 Default Location Control Panel deployjava1.dll 10.9.2.5 Java(TM) Platform SE binary deskadp.dll 6.1.7600.16385 Advanced display adapter properties deskmon.dll 6.1.7600.16385 Advanced display monitor properties deskperf.dll 6.1.7600.16385 Advanced display performance properties devenum.dll 6.6.7600.16385 Device enumeration. devicecenter.dll 6.1.7601.17514 Device Center devicedisplaystatusmanager.dll 6.1.7600.16385 Device Display Status Manager devicemetadataparsers.dll 6.1.7600.16385 Common Device Metadata parsers devicepairing.dll 6.1.7600.16385 Shell extensions for Device Pairing devicepairingfolder.dll 6.1.7601.17514 Device Pairing Folder devicepairinghandler.dll 6.1.7600.16385 Device Pairing Handler Dll devicepairingproxy.dll 6.1.7600.16385 Device Pairing Proxy Dll deviceuxres.dll 6.1.7600.16385 Windows Device User Experience Resource File devmgr.dll 6.1.7600.16385 Device Manager MMC Snapin devobj.dll 6.1.7601.17621 Device Information Set DLL devrtl.dll 6.1.7601.17621 Device Management Run Time Library dfscli.dll 6.1.7600.16385 Windows NT Distributed File System Client DLL dfshim.dll 4.0.40305.0 ClickOnce Application Deployment Support Library dfsshlex.dll 6.1.7600.16385 Distributed File System shell extension dhcpcmonitor.dll 6.1.7600.16385 DHCP Client Monitor Dll dhcpcore.dll 6.1.7601.17514 DHCP Client Service dhcpcore6.dll 6.1.7600.16385 DHCPv6 Client dhcpcsvc.dll 6.1.7600.16385 DHCP Client Service dhcpcsvc6.dll 6.1.7600.16385 DHCPv6 Client dhcpqec.dll 6.1.7600.16385 Microsoft DHCP NAP Enforcement Client dhcpsapi.dll 6.1.7600.16385 DHCP Server API Stub DLL difxapi.dll 2.1.0.0 Driver Install Frameworks for API library module dimsjob.dll 6.1.7600.16385 DIMS Job DLL dimsroam.dll 6.1.7600.16385 Key Roaming DIMS Provider DLL dinput.dll 6.1.7600.16385 Microsoft DirectInput dinput8.dll 6.1.7600.16385 Microsoft DirectInput directdb.dll 6.1.7600.16385 Microsoft Direct Database API diskcopy.dll 6.1.7600.16385 Windows DiskCopy dispex.dll 5.8.7600.16385 Microsoft ® DispEx display.dll 6.1.7601.17514 Display Control Panel dmband.dll 6.1.7600.16385 Microsoft DirectMusic Band dmcompos.dll 6.1.7600.16385 Microsoft DirectMusic Composer dmdlgs.dll 6.1.7600.16385 Disk Management Snap-in Dialogs dmdskmgr.dll 6.1.7600.16385 Disk Management Snap-in Support Library dmdskres.dll 6.1.7600.16385 Disk Management Snap-in Resources dmdskres2.dll 6.1.7600.16385 Disk Management Snap-in Resources dmime.dll 6.1.7600.16385 Microsoft DirectMusic Interactive Engine dmintf.dll 6.1.7600.16385 Disk Management DCOM Interface Stub dmloader.dll 6.1.7600.16385 Microsoft DirectMusic Loader dmocx.dll 6.1.7600.16385 TreeView OCX dmrc.dll 6.1.7600.16385 Windows MRC dmscript.dll 6.1.7600.16385 Microsoft DirectMusic Scripting dmstyle.dll 6.1.7600.16385 Microsoft DirectMusic Style Engline dmsynth.dll 6.1.7600.16385 Microsoft DirectMusic Software Synthesizer dmusic.dll 6.1.7600.16385 Microsoft DirectMusic Core Services dmutil.dll 6.1.7600.16385 Logical Disk Manager Utility Library dmvdsitf.dll 6.1.7600.16385 Disk Management Snap-in Support Library dnsapi.dll 6.1.7601.17570 DNS Client API DLL dnscmmc.dll 6.1.7601.17514 DNS Client MMC Snap-in DLL docprop.dll 6.1.7600.16385 OLE DocFile Property Page dot3api.dll 6.1.7601.17514 802.3 Autoconfiguration API dot3cfg.dll 6.1.7601.17514 802.3 Netsh Helper dot3dlg.dll 6.1.7600.16385 802.3 UI Helper dot3gpclnt.dll 6.1.7600.16385 802.3 Group Policy Client dot3gpui.dll 6.1.7600.16385 802.3 Network Policy Management Snap-in dot3hc.dll 6.1.7600.16385 Dot3 Helper Class dot3msm.dll 6.1.7601.17514 802.3 Media Specific Module dot3ui.dll 6.1.7601.17514 802.3 Advanced UI dpapiprovider.dll 6.1.7600.16385 dpapiprovider DLL dplayx.dll 6.1.7600.16385 Microsoft DirectPlay dpmodemx.dll 6.1.7600.16385 Modem and Serial Connection For DirectPlay dpnaddr.dll 6.1.7601.17514 Microsoft DirectPlay8 Address dpnathlp.dll 6.1.7600.16385 Microsoft DirectPlay NAT Helper UPnP dpnet.dll 6.1.7600.16385 Microsoft DirectPlay dpnhpast.dll 6.1.7600.16385 Microsoft DirectPlay NAT Helper PAST dpnhupnp.dll 6.1.7600.16385 Microsoft DirectPlay NAT Helper UPNP dpnlobby.dll 6.1.7600.16385 Microsoft DirectPlay8 Lobby dpwsockx.dll 6.1.7600.16385 Internet TCP/IP and IPX Connection For DirectPlay dpx.dll 6.1.7601.17514 Microsoft(R) Delta Package Expander drmmgrtn.dll 11.0.7601.17514 DRM Migration DLL drmv2clt.dll 11.0.7600.16385 DRMv2 Client DLL drprov.dll 6.1.7600.16385 Microsoft Remote Desktop Session Host Server Network Provider drt.dll 6.1.7600.16385 Distributed Routing Table drtprov.dll 6.1.7600.16385 Distributed Routing Table Providers drttransport.dll 6.1.7600.16385 Distributed Routing Table Transport Provider drvstore.dll 6.1.7601.17514 Driver Store API ds32gt.dll 6.1.7600.16385 ODBC Driver Setup Generic Thunk dsauth.dll 6.1.7601.17514 DS Authorization for Services dsdmo.dll 6.1.7600.16385 DirectSound Effects dshowrdpfilter.dll 1.0.0.0 RDP Renderer Filter (redirector) dskquota.dll 6.1.7600.16385 Windows Shell Disk Quota Support DLL dskquoui.dll 6.1.7601.17514 Windows Shell Disk Quota UI DLL dsound.dll 6.1.7600.16385 DirectSound dsprop.dll 6.1.7600.16385 Windows Active Directory Property Pages dsquery.dll 6.1.7600.16385 Directory Service Find dsrole.dll 6.1.7600.16385 DS Role Client DLL dssec.dll 6.1.7600.16385 Directory Service Security UI dssenh.dll 6.1.7600.16385 Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider dsuiext.dll 6.1.7601.17514 Directory Service Common UI dswave.dll 6.1.7600.16385 Microsoft DirectMusic Wave dtsh.dll 6.1.7600.16385 Detection and Sharing Status API dui70.dll 6.1.7600.16385 Windows DirectUI Engine duser.dll 6.1.7600.16385 Windows DirectUser Engine dwmapi.dll 6.1.7600.16385 Microsoft Desktop Window Manager API dwmcore.dll 6.1.7601.17514 Microsoft DWM Core Library dwrite.dll 6.1.7601.17563 Microsoft DirectX Typography Services dxdiagn.dll 6.1.7601.17514 Microsoft DirectX Diagnostic Tool dxgi.dll 6.1.7601.17514 DirectX Graphics Infrastructure dxmasf.dll 12.0.7601.17514 Microsoft Windows Media Component Removal File. dxptaskringtone.dll 6.1.7601.17514 Microsoft Ringtone Editor dxptasksync.dll 6.1.7601.17514 Microsoft Windows DXP Sync. dxtmsft.dll 9.0.8112.16421 DirectX Media -- Image DirectX Transforms dxtrans.dll 9.0.8112.16421 DirectX Media -- DirectX Transform Core dxva2.dll 6.1.7600.16385 DirectX Video Acceleration 2.0 DLL eapp3hst.dll 6.1.7601.17514 Microsoft ThirdPartyEapDispatcher eappcfg.dll 6.1.7600.16385 Eap Peer Config eappgnui.dll 6.1.7601.17514 EAP Generic UI eapphost.dll 6.1.7601.17514 Microsoft EAPHost Peer service eappprxy.dll 6.1.7600.16385 Microsoft EAPHost Peer Client DLL eapqec.dll 6.1.7600.16385 Microsoft EAP NAP Enforcement Client efsadu.dll 6.1.7600.16385 File Encryption Utility efscore.dll 6.1.7601.17514 EFS Core Library efsutil.dll 6.1.7600.16385 EFS Utility Library ehstorapi.dll 6.1.7601.17514 Windows Enhanced Storage API ehstorpwdmgr.dll 6.1.7600.16385 Windows Enhanced Storage Password Manager ehstorshell.dll 6.1.7600.16385 Windows Enhanced Storage Shell Extension DLL els.dll 6.1.7600.16385 Event Viewer Snapin elscore.dll 6.1.7600.16385 Els Core Platform DLL elslad.dll 6.1.7600.16385 ELS Language Detection elstrans.dll 6.1.7601.17514 ELS Transliteration Service encapi.dll 6.1.7600.16385 Encoder API encdec.dll 6.6.7601.17528 XDSCodec & Encypter/Decrypter Tagger Filters. eqossnap.dll 6.1.7600.16385 EQoS Snapin extension es.dll 2001.12.8530.16385 COM+ esent.dll 6.1.7601.17577 Extensible Storage Engine for Microsoft(R) Windows(R) esentprf.dll 6.1.7600.16385 Extensible Storage Engine Performance Monitoring Library for Microsoft(R) Windows(R) eventcls.dll 6.1.7600.16385 Microsoft® Volume Shadow Copy Service event class evr.dll 6.1.7601.17514 Enhanced Video Renderer DLL explorerframe.dll 6.1.7601.17514 ExplorerFrame expsrv.dll 6.0.72.9589 Visual Basic for Applications Runtime - Expression Service f3ahvoas.dll 6.1.7600.16385 JP Japanese Keyboard Layout for Fujitsu FMV oyayubi-shift keyboard faultrep.dll 6.1.7601.17514 Windows User Mode Crash Reporting DLL fdbth.dll 6.1.7600.16385 Function Discovery Bluetooth Provider Dll fdbthproxy.dll 6.1.7600.16385 Bluetooth Provider Proxy Dll fde.dll 6.1.7601.17514 Folder Redirection Snapin Extension fdeploy.dll 6.1.7601.17514 Folder Redirection Group Policy Extension fdpnp.dll 6.1.7600.16385 Pnp Provider Dll fdproxy.dll 6.1.7600.16385 Function Discovery Proxy Dll fdssdp.dll 6.1.7600.16385 Function Discovery SSDP Provider Dll fdwcn.dll 6.1.7600.16385 Windows Connect Now - Config Function Discovery Provider DLL fdwnet.dll 6.1.7600.16385 Function Discovery WNet Provider Dll fdwsd.dll 6.1.7600.16385 Function Discovery WS Discovery Provider Dll feclient.dll 6.1.7600.16385 Windows NT File Encryption Client Interfaces filemgmt.dll 6.1.7600.16385 Services and Shared Folders findnetprinters.dll 6.1.7600.16385 Find Network Printers COM Component firewallapi.dll 6.1.7600.16385 Windows Firewall API firewallcontrolpanel.dll 6.1.7601.17514 Windows Firewall Control Panel fltlib.dll 6.1.7600.16385 Filter Library fm20.dll 12.0.6415.1000 Microsoft® Forms DLL fm20enu.dll 12.0.4518.1014 Microsoft® Forms International DLL fmifs.dll 6.1.7600.16385 FM IFS Utility DLL fms.dll 1.1.6000.16384 Font Management Services fontext.dll 6.1.7601.17514 Windows Font Folder fontsub.dll 6.1.7601.17105 Font Subsetting DLL fphc.dll 6.1.7601.17514 Filtering Platform Helper Class framedyn.dll 6.1.7601.17514 WMI SDK Provider Framework framedynos.dll 6.1.7601.17514 WMI SDK Provider Framework fthsvc.dll 6.1.7600.16385 Microsoft Windows Fault Tolerant Heap Diagnostic Module fundisc.dll 6.1.7600.16385 Function Discovery Dll fwcfg.dll 6.1.7600.16385 Windows Firewall Configuration Helper fwpuclnt.dll 6.1.7601.17514 FWP/IPsec User-Mode API fwremotesvr.dll 6.1.7600.16385 Windows Firewall Remote APIs Server fxsapi.dll 6.1.7600.16385 Microsoft Fax API Support DLL fxscom.dll 6.1.7600.16385 Microsoft Fax Server COM Client Interface fxscomex.dll 6.1.7600.16385 Microsoft Fax Server Extended COM Client Interface fxsext32.dll 6.1.7600.16385 Microsoft Fax Exchange Command Extension fxsresm.dll 6.1.7600.16385 Microsoft Fax Resource DLL fxsxp32.dll 6.1.7600.16385 Microsoft Fax Transport Provider gameux.dll 6.1.7601.17514 Games Explorer gameuxlegacygdfs.dll 1.0.0.1 Legacy GDF resource DLL gcdef.dll 6.1.7600.16385 Game Controllers Default Sheets gdi32.dll 6.1.7601.17514 GDI Client DLL getuname.dll 6.1.7600.16385 Unicode name Dll for UCE glmf32.dll 6.1.7600.16385 OpenGL Metafiling DLL glu32.dll 6.1.7600.16385 OpenGL Utility Library DLL gpapi.dll 6.1.7600.16385 Group Policy Client API gpedit.dll 6.1.7600.16385 GPEdit gpprnext.dll 6.1.7600.16385 Group Policy Printer Extension gptext.dll 6.1.7600.16385 GPTExt hbaapi.dll 6.1.7601.17514 HBA API data interface dll for HBA_API_Rev_2-18_2002MAR1.doc hcproviders.dll 6.1.7600.16385 Action Center Providers helppaneproxy.dll 6.1.7600.16385 Microsoft® Help Proxy hgcpl.dll 6.1.7601.17514 HomeGroup Control Panel hhsetup.dll 6.1.7600.16385 Microsoft® HTML Help hid.dll 6.1.7600.16385 Hid User Library hidserv.dll 6.1.7600.16385 HID Service hlink.dll 6.1.7600.16385 Microsoft Office 2000 component hnetcfg.dll 6.1.7600.16385 Home Networking Configuration Manager hnetmon.dll 6.1.7600.16385 Home Networking Monitor DLL httpapi.dll 6.1.7601.17514 HTTP Protocol Stack API htui.dll 6.1.7600.16385 Common halftone Color Adjustment Dialogs ias.dll 6.1.7600.16385 Network Policy Server iasacct.dll 6.1.7601.17514 NPS Accounting Provider iasads.dll 6.1.7600.16385 NPS Active Directory Data Store iasdatastore.dll 6.1.7600.16385 NPS Datastore server iashlpr.dll 6.1.7600.16385 NPS Surrogate Component iasmigplugin.dll 6.1.7600.16385 NPS Migration DLL iasnap.dll 6.1.7600.16385 NPS NAP Provider iaspolcy.dll 6.1.7600.16385 NPS Pipeline iasrad.dll 6.1.7601.17514 NPS RADIUS Protocol Component iasrecst.dll 6.1.7601.17514 NPS XML Datastore Access iassam.dll 6.1.7600.16385 NPS NT SAM Provider iassdo.dll 6.1.7600.16385 NPS SDO Component iassvcs.dll 6.1.7600.16385 NPS Services Component icardie.dll 9.0.8112.16421 Microsoft Information Card IE Helper icardres.dll 3.0.4506.4926 Windows CardSpace iccvid.dll 1.10.0.13 Cinepak® Codec icm32.dll 6.1.7600.16385 Microsoft Color Management Module (CMM) icmp.dll 6.1.7600.16385 ICMP DLL icmui.dll 6.1.7600.16385 Microsoft Color Matching System User Interface DLL iconcodecservice.dll 6.1.7600.16385 Converts a PNG part of the icon to a legacy bmp icon icsigd.dll 6.1.7600.16385 Internet Gateway Device properties idndl.dll 6.1.7600.16385 Downlevel DLL idstore.dll 6.1.7600.16385 Identity Store ieadvpack.dll 9.0.8112.16421 ADVPACK ieakeng.dll 9.0.8112.16421 Internet Explorer Administration Kit Engine Library ieaksie.dll 9.0.8112.16421 Internet Explorer Snap-in Extension to Group Policy ieakui.dll 9.0.8112.16421 Microsoft IEAK Shared UI DLL ieapfltr.dll 9.0.8112.16421 Microsoft SmartScreen Filter iedkcs32.dll 18.0.8112.16421 IEAK branding ieframe.dll 9.0.8112.16434 Internet Browser iepeers.dll 9.0.8112.16421 Internet Explorer Peer Objects iernonce.dll 9.0.8112.16421 Extended RunOnce processing with UI iertutil.dll 9.0.8112.16434 Run time utility for Internet Explorer iesetup.dll 9.0.8112.16421 IOD Version Map iesysprep.dll 9.0.8112.16421 IE Sysprep Provider ieui.dll 9.0.8112.16434 Internet Explorer UI Engine ifmon.dll 6.1.7600.16385 IF Monitor DLL ifsutil.dll 6.1.7601.17514 IFS Utility DLL ifsutilx.dll 6.1.7600.16385 IFS Utility Extension DLL ig4icd32.dll igd10umd32.dll 8.15.10.2345 LDDM User Mode Driver for Intel(R) Graphics Technology igdde32.dll igdumd32.dll 8.15.10.2345 LDDM User Mode Driver for Intel(R) Graphics Technology igdumdx32.dll 8.15.10.2345 LDDM User Mode Driver for Intel(R) Graphics Technology igfxcmrt32.dll 1.0.0.1006 CM Runtime Dynamic Link Library igfxdv32.dll 8.15.10.2345 igfxdev Module igfxexps32.dll 8.15.10.2345 igfxext Module iglhcp32.dll 2.0.2.1 iglhcp32 Dynamic Link Library iglhsip32.dll 2.0.2.1 iglhsip32 Dynamic Link Library imagehlp.dll 6.1.7601.17514 Windows NT Image Helper imageres.dll 6.1.7600.16385 Windows Image Resource imagesp1.dll 6.1.7600.16385 Windows SP1 Image Resource imagx7.dll 7.0.74.0 ImagX7 Dynamic Link Library imagxpr7.dll 7.0.74.0 ImagXpr7 Module imagxr7.dll 7.0.495.0 ImagXR7 Dynamic Link Library imagxra7.dll 7.0.495.0 ImagXRA7 Dynamic Link Library imapi.dll 6.1.7600.16385 Image Mastering API imapi2.dll 6.1.7601.17514 Image Mastering API v2 imapi2fs.dll 6.1.7601.17514 Image Mastering File System Imaging API v2 imgutil.dll 9.0.8112.16421 IE plugin image decoder support DLL imjp10k.dll 10.1.7600.16385 Microsoft IME imm32.dll 6.1.7601.17514 Multi-User Windows IMM32 API Client DLL inetcomm.dll 6.1.7601.17609 Microsoft Internet Messaging API Resources inetmib1.dll 6.1.7601.17514 Microsoft MIB-II subagent inetres.dll 6.1.7600.16385 Microsoft Internet Messaging API Resources infocardapi.dll 3.0.4506.4926 Microsoft InfoCards inked.dll 6.1.7600.16385 Microsoft Tablet PC InkEdit Control input.dll 6.1.7601.17514 InputSetting DLL inseng.dll 9.0.8112.16421 Install engine iologmsg.dll 6.1.7600.16385 IO Logging DLL ipbusenumproxy.dll 6.1.7600.16385 Associated Device Presence Proxy Dll iphlpapi.dll 6.1.7601.17514 IP Helper API iprop.dll 6.1.7600.16385 OLE PropertySet Implementation iprtprio.dll 6.1.7600.16385 IP Routing Protocol Priority DLL iprtrmgr.dll 6.1.7601.17514 IP Router Manager ipsecsnp.dll 6.1.7600.16385 IP Security Policy Management Snap-in ipsmsnap.dll 6.1.7601.17514 IP Security Monitor Snap-in ir32_32.dll 3.24.15.3 Intel Indeo(R) Video R3.2 32-bit Driver ir41_qc.dll 4.30.62.2 Intel Indeo® Video Interactive Quick Compressor ir41_qcx.dll 4.30.62.2 Intel Indeo® Video Interactive Quick Compressor ir50_32.dll 5.2562.15.55 Intel Indeo® video 5.10 ir50_qc.dll 5.0.63.48 Intel Indeo® video 5.10 Quick Compressor ir50_qcx.dll 5.0.63.48 Intel Indeo® video 5.10 Quick Compressor irclass.dll 6.1.7600.16385 Infrared Class Coinstaller iscsicpl.dll 5.2.3790.1830 iSCSI Initiator Control Panel Applet iscsidsc.dll 6.1.7600.16385 iSCSI Discovery api iscsied.dll 6.1.7600.16385 iSCSI Extension DLL iscsium.dll 6.1.7601.17514 iSCSI Discovery api iscsiwmi.dll 6.1.7600.16385 MS iSCSI Initiator WMI Provider itircl.dll 6.1.7601.17514 Microsoft® InfoTech IR Local DLL itss.dll 6.1.7600.16385 Microsoft® InfoTech Storage System Library itvdata.dll 6.6.7601.17514 iTV Data Filters. iyuv_32.dll 6.1.7601.17514 Intel Indeo(R) Video YUV Codec jscript.dll 5.8.7601.16982 Microsoft ® JScript jscript9.dll 9.0.8112.16434 Microsoft ® JScript jsproxy.dll 9.0.8112.16434 JScript Proxy Auto-Configuration kbd101.dll 6.1.7600.16385 JP Japanese Keyboard Layout for 101 kbd101a.dll 6.1.7600.16385 KO Hangeul Keyboard Layout for 101 (Type A) kbd101b.dll 6.1.7600.16385 KO Hangeul Keyboard Layout for 101(Type B) kbd101c.dll 6.1.7600.16385 KO Hangeul Keyboard Layout for 101(Type C) kbd103.dll 6.1.7600.16385 KO Hangeul Keyboard Layout for 103 kbd106.dll 6.1.7600.16385 JP Japanese Keyboard Layout for 106 kbd106n.dll 6.1.7600.16385 JP Japanese Keyboard Layout for 106 kbda1.dll 6.1.7600.16385 Arabic_English_101 Keyboard Layout kbda2.dll 6.1.7600.16385 Arabic_2 Keyboard Layout kbda3.dll 6.1.7600.16385 Arabic_French_102 Keyboard Layout kbdal.dll 6.1.7600.16385 Albania Keyboard Layout kbdarme.dll 6.1.7600.16385 Eastern Armenian Keyboard Layout kbdarmw.dll 6.1.7600.16385 Western Armenian Keyboard Layout kbdax2.dll 6.1.7600.16385 JP Japanese Keyboard Layout for AX2 kbdaze.dll 6.1.7600.16385 Azerbaijan_Cyrillic Keyboard Layout kbdazel.dll 6.1.7600.16385 Azeri-Latin Keyboard Layout kbdbash.dll 6.1.7601.17514 Bashkir Keyboard Layout kbdbe.dll 6.1.7600.16385 Belgian Keyboard Layout kbdbene.dll 6.1.7600.16385 Belgian Dutch Keyboard Layout kbdbgph.dll 6.1.7600.16385 Bulgarian Phonetic Keyboard Layout kbdbgph1.dll 6.1.7600.16385 Bulgarian (Phonetic Traditional) Keyboard Layout kbdbhc.dll 6.1.7600.16385 Bosnian (Cyrillic) Keyboard Layout kbdblr.dll 6.1.7601.17514 Belarusian Keyboard Layout kbdbr.dll 6.1.7600.16385 Brazilian Keyboard Layout kbdbu.dll 6.1.7600.16385 Bulgarian (Typewriter) Keyboard Layout kbdbulg.dll 6.1.7601.17514 Bulgarian Keyboard Layout kbdca.dll 6.1.7600.16385 Canadian Multilingual Keyboard Layout kbdcan.dll 6.1.7600.16385 Canadian Multilingual Standard Keyboard Layout kbdcr.dll 6.1.7600.16385 Croatian/Slovenian Keyboard Layout kbdcz.dll 6.1.7600.16385 Czech Keyboard Layout kbdcz1.dll 6.1.7601.17514 Czech_101 Keyboard Layout kbdcz2.dll 6.1.7600.16385 Czech_Programmer's Keyboard Layout kbdda.dll 6.1.7600.16385 Danish Keyboard Layout kbddiv1.dll 6.1.7600.16385 Divehi Phonetic Keyboard Layout kbddiv2.dll 6.1.7600.16385 Divehi Typewriter Keyboard Layout kbddv.dll 6.1.7600.16385 Dvorak US English Keyboard Layout kbdes.dll 6.1.7600.16385 Spanish Alernate Keyboard Layout kbdest.dll 6.1.7600.16385 Estonia Keyboard Layout kbdfa.dll 6.1.7600.16385 Persian Keyboard Layout kbdfc.dll 6.1.7600.16385 Canadian French Keyboard Layout kbdfi.dll 6.1.7600.16385 Finnish Keyboard Layout kbdfi1.dll 6.1.7600.16385 Finnish-Swedish with Sami Keyboard Layout kbdfo.dll 6.1.7600.16385 Færoese Keyboard Layout kbdfr.dll 6.1.7600.16385 French Keyboard Layout kbdgae.dll 6.1.7600.16385 Gaelic Keyboard Layout kbdgeo.dll 6.1.7601.17514 Georgian Keyboard Layout kbdgeoer.dll 6.1.7600.16385 Georgian (Ergonomic) Keyboard Layout kbdgeoqw.dll 6.1.7600.16385 Georgian (QWERTY) Keyboard Layout kbdgkl.dll 6.1.7601.17514 Greek_Latin Keyboard Layout kbdgr.dll 6.1.7600.16385 German Keyboard Layout kbdgr1.dll 6.1.7601.17514 German_IBM Keyboard Layout kbdgrlnd.dll 6.1.7600.16385 Greenlandic Keyboard Layout kbdhau.dll 6.1.7600.16385 Hausa Keyboard Layout kbdhe.dll 6.1.7600.16385 Greek Keyboard Layout kbdhe220.dll 6.1.7600.16385 Greek IBM 220 Keyboard Layout kbdhe319.dll 6.1.7600.16385 Greek IBM 319 Keyboard Layout kbdheb.dll 6.1.7600.16385 KBDHEB Keyboard Layout kbdhela2.dll 6.1.7600.16385 Greek IBM 220 Latin Keyboard Layout kbdhela3.dll 6.1.7600.16385 Greek IBM 319 Latin Keyboard Layout kbdhept.dll 6.1.7600.16385 Greek_Polytonic Keyboard Layout kbdhu.dll 6.1.7600.16385 Hungarian Keyboard Layout kbdhu1.dll 6.1.7600.16385 Hungarian 101-key Keyboard Layout kbdibm02.dll 6.1.7600.16385 JP Japanese Keyboard Layout for IBM 5576-002/003 kbdibo.dll 6.1.7600.16385 Igbo Keyboard Layout kbdic.dll 6.1.7600.16385 Icelandic Keyboard Layout kbdinasa.dll 6.1.7600.16385 Assamese (Inscript) Keyboard Layout kbdinbe1.dll 6.1.7600.16385 Bengali - Inscript (Legacy) Keyboard Layout kbdinbe2.dll 6.1.7600.16385 Bengali (Inscript) Keyboard Layout kbdinben.dll 6.1.7601.17514 Bengali Keyboard Layout kbdindev.dll 6.1.7600.16385 Devanagari Keyboard Layout kbdinguj.dll 6.1.7600.16385 Gujarati Keyboard Layout kbdinhin.dll 6.1.7601.17514 Hindi Keyboard Layout kbdinkan.dll 6.1.7601.17514 Kannada Keyboard Layout kbdinmal.dll 6.1.7600.16385 Malayalam Keyboard Layout Keyboard Layout kbdinmar.dll 6.1.7601.17514 Marathi Keyboard Layout kbdinori.dll 6.1.7601.17514 Oriya Keyboard Layout kbdinpun.dll 6.1.7600.16385 Punjabi/Gurmukhi Keyboard Layout kbdintam.dll 6.1.7601.17514 Tamil Keyboard Layout kbdintel.dll 6.1.7601.17514 Telugu Keyboard Layout kbdinuk2.dll 6.1.7600.16385 Inuktitut Naqittaut Keyboard Layout kbdir.dll 6.1.7600.16385 Irish Keyboard Layout kbdit.dll 6.1.7600.16385 Italian Keyboard Layout kbdit142.dll 6.1.7600.16385 Italian 142 Keyboard Layout kbdiulat.dll 6.1.7600.16385 Inuktitut Latin Keyboard Layout kbdjpn.dll 6.1.7600.16385 JP Japanese Keyboard Layout Stub driver kbdkaz.dll 6.1.7600.16385 Kazak_Cyrillic Keyboard Layout kbdkhmr.dll 6.1.7600.16385 Cambodian Standard Keyboard Layout kbdkor.dll 6.1.7600.16385 KO Hangeul Keyboard Layout Stub driver kbdkyr.dll 6.1.7600.16385 Kyrgyz Keyboard Layout kbdla.dll 6.1.7600.16385 Latin-American Spanish Keyboard Layout kbdlao.dll 6.1.7600.16385 Lao Standard Keyboard Layout kbdlk41a.dll 6.1.7601.17514 DEC LK411-AJ Keyboard Layout kbdlt.dll 6.1.7600.16385 Lithuania Keyboard Layout kbdlt1.dll 6.1.7601.17514 Lithuanian Keyboard Layout kbdlt2.dll 6.1.7600.16385 Lithuanian Standard Keyboard Layout kbdlv.dll 6.1.7600.16385 Latvia Keyboard Layout kbdlv1.dll 6.1.7600.16385 Latvia-QWERTY Keyboard Layout kbdmac.dll 6.1.7600.16385 Macedonian (FYROM) Keyboard Layout kbdmacst.dll 6.1.7600.16385 Macedonian (FYROM) - Standard Keyboard Layout kbdmaori.dll 6.1.7601.17514 Maori Keyboard Layout kbdmlt47.dll 6.1.7600.16385 Maltese 47-key Keyboard Layout kbdmlt48.dll 6.1.7600.16385 Maltese 48-key Keyboard Layout kbdmon.dll 6.1.7601.17514 Mongolian Keyboard Layout kbdmonmo.dll 6.1.7600.16385 Mongolian (Mongolian Script) Keyboard Layout kbdne.dll 6.1.7600.16385 Dutch Keyboard Layout kbdnec.dll 6.1.7600.16385 JP Japanese Keyboard Layout for (NEC PC-9800) kbdnec95.dll 6.1.7600.16385 JP Japanese Keyboard Layout for (NEC PC-9800 Windows 95) kbdnecat.dll 6.1.7600.16385 JP Japanese Keyboard Layout for (NEC PC-9800 on PC98-NX) kbdnecnt.dll 6.1.7600.16385 JP Japanese NEC PC-9800 Keyboard Layout kbdnepr.dll 6.1.7601.17514 Nepali Keyboard Layout kbdno.dll 6.1.7600.16385 Norwegian Keyboard Layout kbdno1.dll 6.1.7600.16385 Norwegian with Sami Keyboard Layout kbdnso.dll 6.1.7600.16385 Sesotho sa Leboa Keyboard Layout kbdpash.dll 6.1.7600.16385 Pashto (Afghanistan) Keyboard Layout kbdpl.dll 6.1.7600.16385 Polish Keyboard Layout kbdpl1.dll 6.1.7600.16385 Polish Programmer's Keyboard Layout kbdpo.dll 6.1.7601.17514 Portuguese Keyboard Layout kbdro.dll 6.1.7600.16385 Romanian (Legacy) Keyboard Layout kbdropr.dll 6.1.7600.16385 Romanian (Programmers) Keyboard Layout kbdrost.dll 6.1.7600.16385 Romanian (Standard) Keyboard Layout kbdru.dll 6.1.7600.16385 Russian Keyboard Layout kbdru1.dll 6.1.7600.16385 Russia(Typewriter) Keyboard Layout kbdsf.dll 6.1.7601.17514 Swiss French Keyboard Layout kbdsg.dll 6.1.7601.17514 Swiss German Keyboard Layout kbdsl.dll 6.1.7600.16385 Slovak Keyboard Layout kbdsl1.dll 6.1.7600.16385 Slovak(QWERTY) Keyboard Layout kbdsmsfi.dll 6.1.7600.16385 Sami Extended Finland-Sweden Keyboard Layout kbdsmsno.dll 6.1.7600.16385 Sami Extended Norway Keyboard Layout kbdsn1.dll 6.1.7600.16385 Sinhala Keyboard Layout kbdsorex.dll 6.1.7600.16385 Sorbian Extended Keyboard Layout kbdsors1.dll 6.1.7600.16385 Sorbian Standard Keyboard Layout kbdsorst.dll 6.1.7600.16385 Sorbian Standard (Legacy) Keyboard Layout kbdsp.dll 6.1.7600.16385 Spanish Keyboard Layout kbdsw.dll 6.1.7600.16385 Swedish Keyboard Layout kbdsw09.dll 6.1.7600.16385 Sinhala - Wij 9 Keyboard Layout kbdsyr1.dll 6.1.7600.16385 Syriac Standard Keyboard Layout kbdsyr2.dll 6.1.7600.16385 Syriac Phoenetic Keyboard Layout kbdtajik.dll 6.1.7601.17514 Tajik Keyboard Layout kbdtat.dll 6.1.7600.16385 Tatar_Cyrillic Keyboard Layout kbdth0.dll 6.1.7600.16385 Thai Kedmanee Keyboard Layout kbdth1.dll 6.1.7600.16385 Thai Pattachote Keyboard Layout kbdth2.dll 6.1.7600.16385 Thai Kedmanee (non-ShiftLock) Keyboard Layout kbdth3.dll 6.1.7600.16385 Thai Pattachote (non-ShiftLock) Keyboard Layout kbdtiprc.dll 6.1.7600.16385 Tibetan (PRC) Keyboard Layout kbdtuf.dll 6.1.7601.17514 Turkish F Keyboard Layout kbdtuq.dll 6.1.7601.17514 Turkish Q Keyboard Layout kbdturme.dll 6.1.7601.17514 Turkmen Keyboard Layout kbdughr.dll 6.1.7600.16385 Uyghur (Legacy) Keyboard Layout kbdughr1.dll 6.1.7601.17514 Uyghur Keyboard Layout kbduk.dll 6.1.7600.16385 United Kingdom Keyboard Layout kbdukx.dll 6.1.7600.16385 United Kingdom Extended Keyboard Layout kbdur.dll 6.1.7600.16385 Ukrainian Keyboard Layout kbdur1.dll 6.1.7600.16385 Ukrainian (Enhanced) Keyboard Layout kbdurdu.dll 6.1.7600.16385 Urdu Keyboard Layout kbdus.dll 6.1.7601.17514 United States Keyboard Layout kbdusa.dll 6.1.7600.16385 US IBM Arabic 238_L Keyboard Layout kbdusl.dll 6.1.7600.16385 Dvorak Left-Hand US English Keyboard Layout kbdusr.dll 6.1.7600.16385 Dvorak Right-Hand US English Keyboard Layout kbdusx.dll 6.1.7600.16385 US Multinational Keyboard Layout kbduzb.dll 6.1.7600.16385 Uzbek_Cyrillic Keyboard Layout kbdvntc.dll 6.1.7600.16385 Vietnamese Keyboard Layout kbdwol.dll 6.1.7600.16385 Wolof Keyboard Layout kbdyak.dll 6.1.7600.16385 Yakut - Russia Keyboard Layout kbdyba.dll 6.1.7600.16385 Yoruba Keyboard Layout kbdycc.dll 6.1.7600.16385 Serbian (Cyrillic) Keyboard Layout kbdycl.dll 6.1.7600.16385 Serbian (Latin) Keyboard Layout kerberos.dll 6.1.7601.17527 Kerberos Security Package kernel32.dll 6.1.7601.17651 Windows NT BASE API Client DLL kernelbase.dll 6.1.7601.17651 Windows NT BASE API Client DLL keyiso.dll 6.1.7600.16385 CNG Key Isolation Service keymgr.dll 6.1.7600.16385 Stored User Names and Passwords korwbrkr.dll 6.1.7600.16385 korwbrkr ksuser.dll 6.1.7600.16385 User CSA Library ktmw32.dll 6.1.7600.16385 Windows KTM Win32 Client DLL l2gpstore.dll 6.1.7600.16385 Policy Storage dll l2nacp.dll 6.1.7600.16385 Windows Onex Credential Provider l2sechc.dll 6.1.7600.16385 Layer 2 Security Diagnostics Helper Classes laprxy.dll 12.0.7600.16385 Windows Media Logagent Proxy licmgr10.dll 9.0.8112.16421 Microsoft® License Manager DLL linkinfo.dll 6.1.7600.16385 Windows Volume Tracking livessp.dll 7.250.4232.0 LiveSSP loadperf.dll 6.1.7600.16385 Load & Unload Performance Counters localsec.dll 6.1.7601.17514 Local Users and Groups MMC Snapin locationapi.dll 6.1.7600.16385 Microsoft Windows Location API loghours.dll 6.1.7600.16385 Schedule Dialog logoncli.dll 6.1.7601.17514 Net Logon Client DLL lpk.dll 6.1.7600.16385 Language Pack lsmproxy.dll 6.1.7601.17514 LSM interfaces proxy Dll luainstall.dll 6.1.7601.17514 Lua manifest install lz32.dll 6.1.7600.16385 LZ Expand/Compress API DLL magnification.dll 6.1.7600.16385 Microsoft Magnification API mapi32.dll 1.0.2536.0 Extended MAPI 1.0 for Windows NT mapistub.dll 1.0.2536.0 Extended MAPI 1.0 for Windows NT mcewmdrmndbootstrap.dll 1.3.2302.0 Windows® Media Center WMDRM-ND Receiver Bridge Bootstrap DLL mciavi32.dll 6.1.7601.17514 Video For Windows MCI driver mcicda.dll 6.1.7600.16385 MCI driver for cdaudio devices mciqtz32.dll 6.6.7601.17514 DirectShow MCI Driver mciseq.dll 6.1.7600.16385 MCI driver for MIDI sequencer mciwave.dll 6.1.7600.16385 MCI driver for waveform audio mctres.dll 6.1.7600.16385 MCT resource DLL mdminst.dll 6.1.7600.16385 Modem Class Installer mediametadatahandler.dll 6.1.7601.17514 Media Metadata Handler mf.dll 12.0.7601.17514 Media Foundation DLL mf3216.dll 6.1.7600.16385 32-bit to 16-bit Metafile Conversion DLL mfaacenc.dll 6.1.7600.16385 Media Foundation AAC Encoder mfc100.dll 10.0.40219.325 MFCDLL Shared Library - Retail Version mfc100chs.dll 10.0.40219.325 MFC Language Specific Resources mfc100cht.dll 10.0.40219.325 MFC Language Specific Resources mfc100deu.dll 10.0.40219.325 MFC Language Specific Resources mfc100enu.dll 10.0.40219.325 MFC Language Specific Resources mfc100esn.dll 10.0.40219.325 MFC Language Specific Resources mfc100fra.dll 10.0.40219.325 MFC Language Specific Resources mfc100ita.dll 10.0.40219.325 MFC Language Specific Resources mfc100jpn.dll 10.0.40219.325 MFC Language Specific Resources mfc100kor.dll 10.0.40219.325 MFC Language Specific Resources mfc100rus.dll 10.0.40219.325 MFC Language Specific Resources mfc100u.dll 10.0.40219.325 MFCDLL Shared Library - Retail Version mfc40.dll 4.1.0.6151 MFCDLL Shared Library - Retail Version mfc40u.dll 4.1.0.6151 MFCDLL Shared Library - Retail Version mfc42.dll 6.6.8064.0 MFCDLL Shared Library - Retail Version mfc42u.dll 6.6.8064.0 MFCDLL Shared Library - Retail Version mfc70.dll 7.0.9466.0 MFCDLL Shared Library - Retail Version mfc70u.dll 7.0.9466.0 MFCDLL Shared Library - Retail Version mfc71.dll 7.10.3077.0 MFCDLL Shared Library - Retail Version mfc71u.dll 7.10.3077.0 MFCDLL Shared Library - Retail Version mfcm100.dll 10.0.40219.325 MFC Managed Library - Retail Version mfcm100u.dll 10.0.40219.325 MFC Managed Library - Retail Version mfcsubs.dll 2001.12.8530.16385 COM+ mfds.dll 12.0.7601.17514 Media Foundation Direct Show wrapper DLL mfdvdec.dll 6.1.7600.16385 Media Foundation DV Decoder mferror.dll 12.0.7600.16385 Media Foundation Error DLL mfh264enc.dll 6.1.7600.16385 Media Foundation H264 Encoder mfmjpegdec.dll 6.1.7600.16385 Media Foundation MJPEG Decoder mfplat.dll 12.0.7600.16385 Media Foundation Platform DLL mfplay.dll 12.0.7601.17514 Media Foundation Playback API DLL mfps.dll 12.0.7600.16385 Media Foundation Proxy DLL mfreadwrite.dll 12.0.7601.17514 Media Foundation ReadWrite DLL mfvdsp.dll 6.1.7600.16385 Windows Media Foundation Video DSP Components mfwmaaec.dll 6.1.7600.16385 Windows Media Audio AEC for Media Foundation mgmtapi.dll 6.1.7600.16385 Microsoft SNMP Manager API (uses WinSNMP) midimap.dll 6.1.7600.16385 Microsoft MIDI Mapper migisol.dll 6.1.7601.17514 Migration System Isolation Layer miguiresource.dll 6.1.7600.16385 MIG wini32 resources mimefilt.dll 2008.0.7601.17514 MIME Filter mlang.dll 6.1.7600.16385 Multi Language Support DLL mmcbase.dll 6.1.7600.16385 MMC Base DLL mmci.dll 6.1.7600.16385 Media class installer mmcico.dll 6.1.7600.16385 Media class co-installer mmcndmgr.dll 6.1.7601.17514 MMC Node Manager DLL mmcshext.dll 6.1.7600.16385 MMC Shell Extension DLL mmdevapi.dll 6.1.7601.17514 MMDevice API mmres.dll 6.1.7600.16385 General Audio Resources modemui.dll 6.1.7600.16385 Windows Modem Properties moricons.dll 6.1.7600.16385 Windows NT Setup Icon Resources Library mp3dmod.dll 6.1.7600.16385 Microsoft MP3 Decoder DMO mp43decd.dll 6.1.7600.16385 Windows Media MPEG-4 Video Decoder mp4sdecd.dll 6.1.7600.16385 Windows Media MPEG-4 S Video Decoder mpg4decd.dll 6.1.7600.16385 Windows Media MPEG-4 Video Decoder mpr.dll 6.1.7600.16385 Multiple Provider Router DLL mprapi.dll 6.1.7601.17514 Windows NT MP Router Administration DLL mprddm.dll 6.1.7601.17514 Demand Dial Manager Supervisor mprdim.dll 6.1.7600.16385 Dynamic Interface Manager mprmsg.dll 6.1.7600.16385 Multi-Protocol Router Service Messages DLL msaatext.dll 2.0.10413.0 Active Accessibility text support msac3enc.dll 6.1.7601.17514 Microsoft AC-3 Encoder msacm32.dll 6.1.7600.16385 Microsoft ACM Audio Filter msadce.dll 6.1.7601.17514 OLE DB Cursor Engine msadcer.dll 6.1.7600.16385 OLE DB Cursor Engine Resources msadcf.dll 6.1.7601.17514 Remote Data Services Data Factory msadcfr.dll 6.1.7600.16385 Remote Data Services Data Factory Resources msadco.dll 6.1.7601.17514 Remote Data Services Data Control msadcor.dll 6.1.7600.16385 Remote Data Services Data Control Resources msadcs.dll 6.1.7601.17514 Remote Data Services ISAPI Library msadds.dll 6.1.7600.16385 OLE DB Data Shape Provider msaddsr.dll 6.1.7600.16385 OLE DB Data Shape Provider Resources msader15.dll 6.1.7600.16385 ActiveX Data Objects Resources msado15.dll 6.1.7601.17514 ActiveX Data Objects msadomd.dll 6.1.7601.17514 ActiveX Data Objects (Multi-Dimensional) msador15.dll 6.1.7601.17514 Microsoft ActiveX Data Objects Recordset msadox.dll 6.1.7601.17514 ActiveX Data Objects Extensions msadrh15.dll 6.1.7600.16385 ActiveX Data Objects Rowset Helper msafd.dll 6.1.7600.16385 Microsoft Windows Sockets 2.0 Service Provider msasn1.dll 6.1.7601.17514 ASN.1 Runtime APIs msaudite.dll 6.1.7600.16385 Security Audit Events DLL mscandui.dll 6.1.7600.16385 MSCANDUI Server DLL mscat32.dll 6.1.7600.16385 MSCAT32 Forwarder DLL msclmd.dll 6.1.7601.17514 Microsoft Class Mini-driver mscms.dll 6.1.7601.17514 Microsoft Color Matching System DLL mscoree.dll 4.0.40305.0 Microsoft .NET Runtime Execution Engine mscorier.dll 2.0.50727.5420 Microsoft .NET Runtime IE resources mscories.dll 2.0.50727.5420 Microsoft .NET IE SECURITY REGISTRATION mscpx32r.dll 6.1.7600.16385 ODBC Code Page Translator Resources mscpxl32.dll 6.1.7600.16385 ODBC Code Page Translator msctf.dll 6.1.7600.16385 MSCTF Server DLL msctfmonitor.dll 6.1.7600.16385 MsCtfMonitor DLL msctfp.dll 6.1.7600.16385 MSCTFP Server DLL msctfui.dll 6.1.7600.16385 MSCTFUI Server DLL msdadc.dll 6.1.7600.16385 OLE DB Data Conversion Stub msdadiag.dll 6.1.7600.16385 Built-In Diagnostics msdaenum.dll 6.1.7600.16385 OLE DB Root Enumerator Stub msdaer.dll 6.1.7600.16385 OLE DB Error Collection Stub msdaora.dll 6.1.7600.16385 OLE DB Provider for Oracle msdaorar.dll 6.1.7600.16385 OLE DB Provider for Oracle Resources msdaosp.dll 6.1.7601.17632 OLE DB Simple Provider msdaprsr.dll 6.1.7600.16385 OLE DB Persistence Services Resources msdaprst.dll 6.1.7600.16385 OLE DB Persistence Services msdaps.dll 6.1.7600.16385 OLE DB Interface Proxies/Stubs msdarem.dll 6.1.7601.17514 OLE DB Remote Provider msdaremr.dll 6.1.7600.16385 OLE DB Remote Provider Resources msdart.dll 6.1.7600.16385 OLE DB Runtime Routines msdasc.dll 6.1.7600.16385 OLE DB Service Components Stub msdasql.dll 6.1.7601.17514 OLE DB Provider for ODBC Drivers msdasqlr.dll 6.1.7600.16385 OLE DB Provider for ODBC Drivers Resources msdatl3.dll 6.1.7600.16385 OLE DB Implementation Support Routines msdatt.dll 6.1.7600.16385 OLE DB Temporary Table Services msdaurl.dll 6.1.7600.16385 OLE DB RootBinder Stub msdelta.dll 6.1.7600.16385 Microsoft Patch Engine msdfmap.dll 6.1.7601.17514 Data Factory Handler msdmeng.dll 8.0.2039.0 Microsoft Data Mining Engine msdmine.dll 8.0.2039.0 Microsoft OLE DB Provider for Data Mining Services msdmo.dll 6.6.7601.17514 DMO Runtime msdrm.dll 6.1.7601.17514 Windows Rights Management client msdtcprx.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator OLE Transactions Interface Proxy DLL msdtcuiu.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator Administrative DLL msdtcvsp1res.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator Resources for Vista SP1 msexch40.dll 4.0.9756.0 Microsoft Jet Exchange Isam msexcl40.dll 4.0.9756.0 Microsoft Jet Excel Isam msfeeds.dll 9.0.8112.16421 Microsoft Feeds Manager msfeedsbs.dll 9.0.8112.16421 Microsoft Feeds Background Sync msftedit.dll 5.41.21.2510 Rich Text Edit Control, v4.1 mshtml.dll 9.0.8112.16434 Microsoft (R) HTML Viewer mshtmled.dll 9.0.8112.16434 Microsoft® HTML Editing Component mshtmler.dll 9.0.8112.16421 Microsoft® HTML Editing Component's Resource DLL msi.dll 5.0.7601.17514 Windows Installer msidcrl30.dll 6.1.7600.16385 IDCRL Dynamic Link Library msident.dll 6.1.7600.16385 Microsoft Identity Manager msidle.dll 6.1.7600.16385 User Idle Monitor msidntld.dll 6.1.7600.16385 Microsoft Identity Manager msieftp.dll 6.1.7601.17514 Microsoft Internet Explorer FTP Folder Shell Extension msihnd.dll 5.0.7601.17514 Windows® installer msiltcfg.dll 5.0.7600.16385 Windows Installer Configuration API Stub msimg32.dll 6.1.7600.16385 GDIEXT Client DLL msimsg.dll 5.0.7600.16385 Windows® Installer International Messages msimtf.dll 6.1.7600.16385 Active IMM Server DLL msisip.dll 5.0.7600.16385 MSI Signature SIP Provider msjet40.dll 4.0.9756.0 Microsoft Jet Engine Library msjetoledb40.dll 4.0.9756.0 msjint40.dll 4.0.9756.0 Microsoft Jet Database Engine International DLL msjro.dll 6.1.7601.17514 Jet and Replication Objects msjter40.dll 4.0.9756.0 Microsoft Jet Database Engine Error DLL msjtes40.dll 4.0.9756.0 Microsoft Jet Expression Service msls31.dll 3.10.349.0 Microsoft Line Services library file msltus40.dll 4.0.9756.0 Microsoft Jet Lotus 1-2-3 Isam msmapi32.dll 12.0.6413.1000 Extended MAPI 1.0 for Windows NT msmdcb80.dll 8.0.2039.0 PivotTable Service dll msmdgd80.dll 8.0.2039.0 Microsoft SQL Server Analysis Services driver msmdlocal.dll 9.0.3042.0 Microsoft SQL Server Analysis Services msmdun80.dll 2000.80.2039.0 String Function .DLL for SQL Enterprise Components msmgdsrv.dll 9.0.3042.0 Microsoft SQL Server Analysis Services Managed Module msmpeg2adec.dll 6.1.7140.0 Microsoft DTV-DVD Audio Decoder msmpeg2enc.dll 6.1.7601.17514 Microsoft MPEG-2 Encoder msmpeg2vdec.dll 6.1.7140.0 Microsoft DTV-DVD Video Decoder msnetobj.dll 11.0.7601.17514 DRM ActiveX Network Object msobjs.dll 6.1.7600.16385 System object audit names msoeacct.dll 6.1.7600.16385 Microsoft Internet Account Manager msoert2.dll 6.1.7600.16385 Microsoft Windows Mail RT Lib msolap80.dll 8.0.2216.0 Microsoft OLE DB Provider for Analysis Services 8.0 msolap90.dll 9.0.3042.0 Microsoft OLE DB Provider for Analysis Services 9.0 msolui80.dll 8.0.0.2039 Microsoft OLE DB provider for Analysis Services connection dialog 8.0 msolui90.dll 9.0.3042.0 Microsoft OLE DB Provider for Analysis Services Connection Dialog 9.0 msorc32r.dll 6.1.7600.16385 ODBC Driver for Oracle Resources msorcl32.dll 6.1.7601.17514 ODBC Driver for Oracle mspatcha.dll 6.1.7600.16385 Microsoft File Patch Application API mspbde40.dll 4.0.9756.0 Microsoft Jet Paradox Isam msports.dll 6.1.7600.16385 Ports Class Installer msrating.dll 9.0.8112.16421 Internet Ratings and Local User Management DLL msrd2x40.dll 4.0.9756.0 Microsoft (R) Red ISAM msrd3x40.dll 4.0.9756.0 Microsoft (R) Red ISAM msrdc.dll 6.1.7600.16385 Remote Differential Compression COM server msrdpwebaccess.dll 6.1.7600.16385 Microsoft Remote Desktop Services Web Access Control msrepl40.dll 4.0.9756.0 Microsoft Replication Library msrle32.dll 6.1.7601.17514 Microsoft RLE Compressor msscntrs.dll 7.0.7601.17610 msscntrs.dll msscp.dll 11.0.7601.17514 Windows Media Secure Content Provider mssha.dll 6.1.7600.16385 Windows Security Health Agent msshavmsg.dll 6.1.7600.16385 Windows Security Health Agent Validator Message msshooks.dll 7.0.7600.16385 MSSHooks.dll mssign32.dll 6.1.7600.16385 Microsoft Trust Signing APIs mssip32.dll 6.1.7600.16385 MSSIP32 Forwarder DLL mssitlb.dll 7.0.7600.16385 mssitlb mssph.dll 7.0.7601.17610 Microsoft Search Protocol Handler mssphtb.dll 7.0.7601.17610 Outlook MSSearch Connector mssprxy.dll 7.0.7600.16385 Microsoft Search Proxy mssrch.dll 7.0.7601.17610 mssrch.dll msstdfmt.dll 6.0.84.50 Microsoft Standard Data Formating Object DLL mssvp.dll 7.0.7601.17610 MSSearch Vista Platform msswch.dll 6.1.7600.16385 msswch mstask.dll 6.1.7601.17514 Task Scheduler interface DLL mstext40.dll 4.0.9756.0 Microsoft Jet Text Isam mstscax.dll 6.1.7601.17514 Remote Desktop Services ActiveX Client msutb.dll 6.1.7601.17514 MSUTB Server DLL msv1_0.dll 6.1.7601.17514 Microsoft Authentication Package v1.0 msvbvm60.dll 6.0.98.15 Visual Basic Virtual Machine msvci70.dll 7.0.9466.0 Microsoft® C++ Runtime Library msvcirt.dll 7.0.7600.16385 Windows NT IOStreams DLL msvcp100.dll 10.0.40219.325 Microsoft® C Runtime Library msvcp60.dll 7.0.7600.16385 Windows NT C++ Runtime Library DLL msvcp70.dll 7.0.9466.0 Microsoft® C++ Runtime Library msvcp71.dll 7.10.3077.0 Microsoft® C++ Runtime Library msvcr100.dll 10.0.40219.325 Microsoft® C Runtime Library msvcr70.dll 7.0.9466.0 Microsoft® C Runtime Library msvcr71.dll 7.10.3052.4 Microsoft® C Runtime Library msvcrt.dll 7.0.7600.16385 Windows NT CRT DLL msvcrt20.dll 2.12.0.0 Microsoft® C Runtime Library msvcrt40.dll 6.1.7600.16385 VC 4.x CRT DLL (Forwarded to msvcrt.dll) msvfw32.dll 6.1.7601.17514 Microsoft Video for Windows DLL msvidc32.dll 6.1.7601.17514 Microsoft Video 1 Compressor msvidctl.dll 6.5.7601.17514 ActiveX control for streaming video mswdat10.dll 4.0.9756.0 Microsoft Jet Sort Tables mswmdm.dll 12.0.7600.16385 Windows Media Device Manager Core mswsock.dll 6.1.7601.17514 Microsoft Windows Sockets 2.0 Service Provider mswstr10.dll 4.0.9756.0 Microsoft Jet Sort Library msxactps.dll 6.1.7600.16385 OLE DB Transaction Proxies/Stubs msxbde40.dll 4.0.9756.0 Microsoft Jet xBASE Isam msxml3.dll 8.110.7601.17514 MSXML 3.0 SP11 msxml3a.dll 8.10.8308.0 XML Resources msxml3r.dll 8.110.7600.16385 XML Resources msxml4.dll 4.20.9818.0 MSXML 4.0 SP 2 msxml4r.dll 4.10.9404.0 MSXML 4.0 SP1 Resources msxml6.dll 6.30.7601.17514 MSXML 6.0 SP3 msxml6r.dll 6.30.7600.16385 XML Resources msyuv.dll 6.1.7601.17514 Microsoft UYVY Video Decompressor mtxclu.dll 2001.12.8531.17514 Microsoft Distributed Transaction Coordinator Failover Clustering Support DLL mtxdm.dll 2001.12.8530.16385 COM+ mtxex.dll 2001.12.8530.16385 COM+ mtxlegih.dll 2001.12.8530.16385 COM+ mtxoci.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator Database Support DLL for Oracle muifontsetup.dll 6.1.7601.17514 MUI Callback for font registry settings mycomput.dll 6.1.7600.16385 Computer Management mydocs.dll 6.1.7601.17514 My Documents Folder UI napcrypt.dll 6.1.7601.17514 NAP Cryptographic API helper napdsnap.dll 6.1.7601.17514 NAP GPEdit Extension naphlpr.dll 6.1.7601.17514 NAP client config API helper napinsp.dll 6.1.7600.16385 E-mail Naming Shim Provider napipsec.dll 6.1.7600.16385 NAP IPSec Enforcement Client napmontr.dll 6.1.7600.16385 NAP Netsh Helper nativehooks.dll 6.1.7600.16385 Microsoft Narrator Native hook handler naturallanguage6.dll 6.1.7601.17514 Natural Language Development Platform 6 ncdprop.dll 6.1.7600.16385 Advanced network device properties nci.dll 6.1.7601.17514 CoInstaller: NET ncobjapi.dll 6.1.7600.16385 Microsoft® Windows® Operating System ncrypt.dll 6.1.7600.16385 Windows cryptographic library ncryptui.dll 6.1.7601.17514 Windows cryptographic key protection UI library ncsi.dll 6.1.7601.17514 Network Connectivity Status Indicator nddeapi.dll 6.1.7600.16385 Network DDE Share Management APIs ndfapi.dll 6.1.7600.16385 Network Diagnostic Framework Client API ndfetw.dll 6.1.7600.16385 Network Diagnostic Engine Event Interface ndfhcdiscovery.dll 6.1.7600.16385 Network Diagnostic Framework HC Discovery API ndiscapcfg.dll 6.1.7600.16385 NdisCap Notify Object ndishc.dll 6.1.7600.16385 NDIS Helper Classes ndproxystub.dll 6.1.7600.16385 Network Diagnostic Engine Proxy/Stub negoexts.dll 6.1.7600.16385 NegoExtender Security Package netapi32.dll 6.1.7601.17514 Net Win32 API DLL netbios.dll 6.1.7600.16385 NetBIOS Interface Library netcenter.dll 6.1.7601.17514 Network Center control panel netcfgx.dll 6.1.7601.17514 Network Configuration Objects netcorehc.dll 6.1.7600.16385 Networking Core Diagnostics Helper Classes netdiagfx.dll 6.1.7601.17514 Network Diagnostic Framework netevent.dll 6.1.7600.16385 Net Event Handler netfxperf.dll 4.0.40305.0 Extensible Performance Counter Shim neth.dll 6.1.7600.16385 Net Help Messages DLL netid.dll 6.1.7601.17514 System Control Panel Applet; Network ID Page netiohlp.dll 6.1.7601.17514 Netio Helper DLL netjoin.dll 6.1.7601.17514 Domain Join DLL netlogon.dll 6.1.7601.17514 Net Logon Services DLL netmsg.dll 6.1.7600.16385 Net Messages DLL netplwiz.dll 6.1.7601.17514 Map Network Drives/Network Places Wizard netprof.dll 6.1.7600.16385 Network Profile Management UI netprofm.dll 6.1.7600.16385 Network List Manager netshell.dll 6.1.7601.17514 Network Connections Shell netutils.dll 6.1.7601.17514 Net Win32 API Helpers DLL networkexplorer.dll 6.1.7601.17514 Network Explorer networkitemfactory.dll 6.1.7600.16385 NetworkItem Factory networkmap.dll 6.1.7601.17514 Network Map newdev.dll 6.0.5054.0 Add Hardware Device Library nlaapi.dll 6.1.7601.17514 Network Location Awareness 2 nlhtml.dll 2008.0.7600.16385 HTML filter nlmgp.dll 6.1.7600.16385 Network List Manager Snapin nlmsprep.dll 6.1.7600.16385 Network List Manager Sysprep Module nlsbres.dll 6.1.7601.17514 NLSBuild resource DLL nlsdata0000.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0001.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0002.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0003.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0007.dll 6.1.7600.16385 Microsoft German Natural Language Server Data and Code nlsdata0009.dll 6.1.7600.16385 Microsoft English Natural Language Server Data and Code nlsdata000a.dll 6.1.7600.16385 Microsoft Spanish Natural Language Server Data and Code nlsdata000c.dll 6.1.7600.16385 Microsoft French Natural Language Server Data and Code nlsdata000d.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata000f.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0010.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0011.dll 6.1.7600.16385 Microsoft Japanese Natural Language Server Data and Code nlsdata0013.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0018.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0019.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata001a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata001b.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata001d.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0020.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0021.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0022.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0024.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0026.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0027.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata002a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0039.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata003e.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0045.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0046.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0047.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0049.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata004a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata004b.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata004c.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata004e.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0414.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0416.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0816.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata081a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0c1a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdl.dll 6.1.7600.16385 Nls Downlevel DLL nlslexicons0001.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0002.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0003.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0007.dll 6.1.7600.16385 Microsoft German Natural Language Server Data and Code nlslexicons0009.dll 6.1.7600.16385 Microsoft English Natural Language Server Data and Code nlslexicons000a.dll 6.1.7600.16385 Microsoft Spanish Natural Language Server Data and Code nlslexicons000c.dll 6.1.7600.16385 Microsoft French Natural Language Server Data and Code nlslexicons000d.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons000f.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0010.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0011.dll 6.1.7600.16385 Microsoft Japanese Natural Language Server Data and Code nlslexicons0013.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0018.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0019.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons001a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons001b.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons001d.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0020.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0021.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0022.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0024.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0026.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0027.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons002a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0039.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons003e.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0045.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0046.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0047.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0049.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons004a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons004b.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons004c.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons004e.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0414.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0416.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0816.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons081a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0c1a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsmodels0011.dll 6.1.7600.16385 Microsoft Japanese Natural Language Server Data and Code normaliz.dll 6.1.7600.16385 Unicode Normalization DLL npdeployjava1.dll 10.9.2.5 NPRuntime Script Plug-in Library for Java(TM) Deploy npmproxy.dll 6.1.7600.16385 Network List Manager Proxy nshhttp.dll 6.1.7600.16385 HTTP netsh DLL nshipsec.dll 6.1.7601.17514 Net Shell IP Security helper DLL nshwfp.dll 6.1.7601.17514 Windows Filtering Platform Netsh Helper nsi.dll 6.1.7600.16385 NSI User-mode interface DLL ntdll.dll 6.1.7601.17514 NT Layer DLL ntdsapi.dll 6.1.7600.16385 Active Directory Domain Services API ntlanman.dll 6.1.7601.17514 Microsoft® Lan Manager ntlanui2.dll 6.1.7600.16385 Network object shell UI ntmarta.dll 6.1.7600.16385 Windows NT MARTA provider ntprint.dll 6.1.7601.17514 Spooler Setup DLL ntshrui.dll 6.1.7601.17514 Shell extensions for sharing ntvdm64.dll 6.1.7601.17651 16-bit Emulation on NT64 nvapi.dll 8.17.12.8590 NVIDIA NVAPI Library, Version 285.90 nvcompiler.dll 8.17.12.8590 NVIDIA Compiler, Version 285.90 nvcuda.dll 8.17.12.8590 NVIDIA CUDA Driver, Version 285.90 nvcuvenc.dll 6.14.12.8590 NVIDIA CUDA Video Encoder, Version 285.90 nvcuvid.dll 8.17.12.8590 NVIDIA CUDA Video Decode API, Version 285.90 nvd3dum.dll 8.17.12.8590 NVIDIA WDDM D3D Driver, Version 285.90 nvdecodemft.dll 8.17.12.8590 NVIDIA Video Decoder MFT, Version 285.90 nvinit.dll 8.17.12.8590 NVIDIA shim initialization dll, Version 285.90 nvoglv32.dll 8.17.12.8590 NVIDIA Compatible OpenGL ICD nvoptimusmft.dll 8.17.12.8590 NVIDIA Optimus Playback MFT, Version 285.90 nvumdshim.dll 8.17.12.8590 NVIDIA D3D Shim Driver, Version 285.90 nvwgf2um.dll 8.17.12.8590 NVIDIA D3D10 Driver, Version 285.90 objsel.dll 6.1.7600.16385 Object Picker Dialog occache.dll 9.0.8112.16421 Object Control Viewer ocsetapi.dll 6.1.7601.17514 Windows Optional Component Setup API odbc32.dll 6.1.7601.17514 ODBC Driver Manager odbc32gt.dll 6.1.7600.16385 ODBC Driver Generic Thunk odbcbcp.dll 6.1.7600.16385 BCP for ODBC odbcconf.dll 6.1.7601.17514 ODBC Driver Configuration Program odbccp32.dll 6.1.7601.17632 ODBC Installer odbccr32.dll 6.1.7601.17632 ODBC Cursor Library odbccu32.dll 6.1.7601.17632 ODBC Cursor Library odbcint.dll 6.1.7600.16385 ODBC Resources odbcji32.dll 6.1.7600.16385 Microsoft ODBC Desktop Driver Pack 3.5 odbcjt32.dll 6.1.7601.17632 Microsoft ODBC Desktop Driver Pack 3.5 odbctrac.dll 6.1.7601.17632 ODBC Driver Manager Trace oddbse32.dll 6.1.7600.16385 ODBC (3.0) driver for DBase odexl32.dll 6.1.7600.16385 ODBC (3.0) driver for Excel odfox32.dll 6.1.7600.16385 ODBC (3.0) driver for FoxPro odpdx32.dll 6.1.7600.16385 ODBC (3.0) driver for Paradox odtext32.dll 6.1.7600.16385 ODBC (3.0) driver for text files offfilt.dll 2008.0.7600.16385 OFFICE Filter ogldrv.dll 6.1.7600.16385 MSOGL ole2.dll 2.10.35.35 OLE 2.1 16/32 Interoperability Library ole2disp.dll 2.10.3050.1 OLE 2.1 16/32 Interoperability Library ole2nls.dll 2.10.3050.1 OLE 2.1 16/32 Interoperability Library ole32.dll 6.1.7601.17514 Microsoft OLE for Windows oleacc.dll 7.0.0.0 Active Accessibility Core Component oleacchooks.dll 7.0.0.0 Active Accessibility Event Hooks Library oleaccrc.dll 7.0.0.0 Active Accessibility Resource DLL oleaut32.dll 6.1.7601.17567 olecli32.dll 6.1.7600.16385 Object Linking and Embedding Client Library oledb32.dll 6.1.7601.17514 OLE DB Core Services oledb32r.dll 6.1.7600.16385 OLE DB Core Services Resources oledlg.dll 6.1.7600.16385 OLE User Interface Support oleprn.dll 6.1.7600.16385 Oleprn DLL olepro32.dll 6.1.7601.17514 oleres.dll 6.1.7600.16385 Ole resource dll olesvr32.dll 6.1.7600.16385 Object Linking and Embedding Server Library olethk32.dll 6.1.7601.17514 Microsoft OLE for Windows onex.dll 6.1.7601.17514 IEEE 802.1X supplicant library onexui.dll 6.1.7601.17514 IEEE 802.1X supplicant UI library onlineidcpl.dll 6.1.7601.17514 Online IDs Control Panel oobefldr.dll 6.1.7601.17514 Getting Started opcservices.dll 6.1.7601.17514 Native Code OPC Services Library opencl.dll 1.0.0.0 OpenCL Client DLL opengl32.dll 6.1.7600.16385 OpenGL Client DLL osbaseln.dll 6.1.7600.16385 Service Reporting API osuninst.dll 6.1.7600.16385 Uninstall Interface p2p.dll 6.1.7600.16385 Peer-to-Peer Grouping p2pcollab.dll 6.1.7600.16385 Peer-to-Peer Collaboration p2pgraph.dll 6.1.7600.16385 Peer-to-Peer Graphing p2pnetsh.dll 6.1.7600.16385 Peer-to-Peer NetSh Helper packager.dll 6.1.7600.16385 Object Packager2 panmap.dll 6.1.7600.16385 PANOSE(tm) Font Mapper pautoenr.dll 6.1.7600.16385 Auto Enrollment DLL pcaui.dll 6.1.7600.16385 Program Compatibility Assistant User Interface Module pcwum.dll 6.1.7600.16385 Performance Counters for Windows Native DLL pdh.dll 6.1.7601.17514 Windows Performance Data Helper DLL pdhui.dll 6.1.7601.17514 PDH UI perfcentercpl.dll 6.1.7601.17514 Performance Center perfctrs.dll 6.1.7600.16385 Performance Counters perfdisk.dll 6.1.7600.16385 Windows Disk Performance Objects DLL perfnet.dll 6.1.7600.16385 Windows Network Service Performance Objects DLL perfos.dll 6.1.7600.16385 Windows System Performance Objects DLL perfproc.dll 6.1.7600.16385 Windows System Process Performance Objects DLL perfts.dll 6.1.7601.17514 Windows Remote Desktop Services Performance Objects photometadatahandler.dll 6.1.7600.16385 Photo Metadata Handler photowiz.dll 6.1.7601.17514 Photo Printing Wizard pid.dll 6.1.7600.16385 Microsoft PID pidgenx.dll 6.1.7600.16385 Pid Generation pifmgr.dll 6.1.7601.17514 Windows NT PIF Manager Icon Resources Library pku2u.dll 6.1.7600.16385 Pku2u Security Package pla.dll 6.1.7601.17514 Performance Logs & Alerts playsndsrv.dll 6.1.7600.16385 PlaySound Service pncrt.dll 4.20.0.0 pndx5016.dll 5.0.0.0 16 bit DirectX helper DLL pndx5032.dll 5.0.0.0 32 bit DirectX helper DLL pngfilt.dll 9.0.8112.16421 IE PNG plugin image decoder pnidui.dll 6.1.7601.17514 Network System Icon pnpsetup.dll 6.1.7600.16385 Pnp installer for CMI pnrpnsp.dll 6.1.7600.16385 PNRP Name Space Provider polstore.dll 6.1.7600.16385 Policy Storage dll portabledeviceapi.dll 6.1.7601.17514 Windows Portable Device API Components portabledeviceclassextension.dll 6.1.7600.16385 Windows Portable Device Class Extension Component portabledeviceconnectapi.dll 6.1.7600.16385 Portable Device Connection API Components portabledevicestatus.dll 6.1.7601.17514 Microsoft Windows Portable Device Status Provider portabledevicesyncprovider.dll 6.1.7601.17514 Microsoft Windows Portable Device Provider. portabledevicetypes.dll 6.1.7600.16385 Windows Portable Device (Parameter) Types Component portabledevicewiacompat.dll 6.1.7600.16385 PortableDevice WIA Compatibility Driver portabledevicewmdrm.dll 6.1.7600.16385 Windows Portable Device WMDRM Component pots.dll 6.1.7600.16385 Power Troubleshooter powercpl.dll 6.1.7601.17514 Power Options Control Panel powrprof.dll 6.1.7600.16385 Power Profile Helper DLL presentationcffrasterizernative_v0300.dll 3.0.6920.4902 WinFX OpenType/CFF Rasterizer presentationhostproxy.dll 4.0.40305.0 Windows Presentation Foundation Host Proxy presentationnative_v0300.dll 3.0.6920.4902 PresentationNative_v0300.dll prflbmsg.dll 6.1.7600.16385 Perflib Event Messages printui.dll 6.1.7601.17514 Printer Settings User Interface prncache.dll 6.1.7601.17514 Print UI Cache prnfldr.dll 6.1.7601.17514 prnfldr dll prnntfy.dll 6.1.7600.16385 prnntfy DLL prntvpt.dll 6.1.7601.17514 Print Ticket Services Module profapi.dll 6.1.7600.16385 User Profile Basic API propsys.dll 7.0.7601.17514 Microsoft Property System provsvc.dll 6.1.7601.17514 Windows HomeGroup provthrd.dll 6.1.7600.16385 WMI Provider Thread & Log Library psapi.dll 6.1.7600.16385 Process Status Helper psbase.dll 6.1.7600.16385 Protected Storage default provider pshed.dll 6.1.7600.16385 Platform Specific Hardware Error Driver psisdecd.dll 6.6.7600.16385 Microsoft SI/PSI parser for MPEG2 based networks. pstorec.dll 6.1.7600.16385 Protected Storage COM interfaces pstorsvc.dll 6.1.7600.16385 Protected storage server puiapi.dll 6.1.7600.16385 puiapi DLL puiobj.dll 6.1.7601.17514 PrintUI Objects DLL pwrshplugin.dll 6.1.7600.16385 pwrshplugin.dll qagent.dll 6.1.7601.17514 Quarantine Agent Proxy qasf.dll 12.0.7601.17514 DirectShow ASF Support qcap.dll 6.6.7601.17514 DirectShow Runtime. qcliprov.dll 6.1.7601.17514 Quarantine Client WMI Provider qdv.dll 6.6.7601.17514 DirectShow Runtime. qdvd.dll 6.6.7601.17514 DirectShow DVD PlayBack Runtime. qedit.dll 6.6.7601.17514 DirectShow Editing. qedwipes.dll 6.6.7600.16385 DirectShow Editing SMPTE Wipes qmgrprxy.dll 7.5.7600.16385 Background Intelligent Transfer Service Proxy qshvhost.dll 6.1.7601.17514 Quarantine SHV Host qsvrmgmt.dll 6.1.7601.17514 Quarantine Server Management quartz.dll 6.6.7601.17514 DirectShow Runtime. query.dll 6.1.7601.17514 Content Index Utility DLL qutil.dll 6.1.7601.17514 Quarantine Utilities qwave.dll 6.1.7600.16385 Windows NT racengn.dll 6.1.7601.17514 Reliability analysis metrics calculation engine racpldlg.dll 6.1.7600.16385 Remote Assistance Contact List radardt.dll 6.1.7600.16385 Microsoft Windows Resource Exhaustion Detector radarrs.dll 6.1.7600.16385 Microsoft Windows Resource Exhaustion Resolver rasadhlp.dll 6.1.7600.16385 Remote Access AutoDial Helper rasapi32.dll 6.1.7600.16385 Remote Access API rascfg.dll 6.1.7600.16385 RAS Configuration Objects raschap.dll 6.1.7601.17514 Remote Access PPP CHAP rasctrs.dll 6.1.7600.16385 Windows NT Remote Access Perfmon Counter dll rasdiag.dll 6.1.7600.16385 RAS Diagnostics Helper Classes rasdlg.dll 6.1.7600.16385 Remote Access Common Dialog API rasgcw.dll 6.1.7600.16385 RAS Wizard Pages rasman.dll 6.1.7600.16385 Remote Access Connection Manager rasmm.dll 6.1.7600.16385 RAS Media Manager rasmontr.dll 6.1.7600.16385 RAS Monitor DLL rasmxs.dll 6.1.7600.16385 Remote Access Device DLL for modems, PADs and switches rasplap.dll 6.1.7600.16385 RAS PLAP Credential Provider rasppp.dll 6.1.7601.17514 Remote Access PPP rasser.dll 6.1.7600.16385 Remote Access Media DLL for COM ports rastapi.dll 6.1.7601.17514 Remote Access TAPI Compliance Layer rastls.dll 6.1.7601.17514 Remote Access PPP EAP-TLS rdpcore.dll 6.1.7601.17514 RDP Core DLL rdpd3d.dll 6.1.7601.17514 RDP Direct3D Remoting DLL rdpencom.dll 6.1.7601.17514 RDPSRAPI COM Objects rdprefdrvapi.dll 6.1.7601.17514 Reflector Driver API reagent.dll 6.1.7601.17514 Microsoft Windows Recovery Agent DLL regapi.dll 6.1.7601.17514 Registry Configuration APIs regctrl.dll 6.1.7600.16385 RegCtrl remotepg.dll 6.1.7601.17514 Remote Sessions CPL Extension resampledmo.dll 6.1.7600.16385 Windows Media Resampler resutils.dll 6.1.7601.17514 Microsoft Cluster Resource Utility DLL rgb9rast.dll 6.1.7600.16385 Microsoft® Windows® Operating System riched20.dll 5.31.23.1230 Rich Text Edit Control, v3.1 riched32.dll 6.1.7601.17514 Wrapper Dll for Richedit 1.0 rmoc3260.dll 15.0.6.14 Real Player(tm) ActiveX Control rnr20.dll 6.1.7600.16385 Windows Socket2 NameSpace DLL rpcdiag.dll 6.1.7600.16385 RPC Diagnostics rpchttp.dll 6.1.7601.17514 RPC HTTP DLL rpcndfp.dll 1.0.0.1 RPC NDF Helper Class rpcns4.dll 6.1.7600.16385 Remote Procedure Call Name Service Client rpcnsh.dll 6.1.7600.16385 RPC Netshell Helper rpcrt4.dll 6.1.7601.17514 Remote Procedure Call Runtime rpcrtremote.dll 6.1.7601.17514 Remote RPC Extension rsaenh.dll 6.1.7600.16385 Microsoft Enhanced Cryptographic Provider rshx32.dll 6.1.7600.16385 Security Shell Extension rstrtmgr.dll 6.1.7600.16385 Restart Manager rtffilt.dll 2008.0.7600.16385 RTF Filter rtm.dll 6.1.7600.16385 Routing Table Manager rtutils.dll 6.1.7601.17514 Routing Utilities samcli.dll 6.1.7601.17514 Security Accounts Manager Client DLL samlib.dll 6.1.7600.16385 SAM Library DLL sampleres.dll 6.1.7600.16385 Microsoft Samples sas.dll 6.1.7600.16385 WinLogon Software SAS Library sbe.dll 6.6.7601.17528 DirectShow Stream Buffer Filter. sbeio.dll 12.0.7600.16385 Stream Buffer IO DLL sberes.dll 6.6.7600.16385 DirectShow Stream Buffer Filter Resouces. scansetting.dll 6.1.7601.17514 Microsoft® Windows(TM) ScanSettings Profile and Scanning implementation scarddlg.dll 6.1.7600.16385 SCardDlg - Smart Card Common Dialog scecli.dll 6.1.7601.17514 Windows Security Configuration Editor Client Engine scesrv.dll 6.1.7601.17514 Windows Security Configuration Editor Engine schannel.dll 6.1.7601.17514 TLS / SSL Security Provider schedcli.dll 6.1.7601.17514 Scheduler Service Client DLL scksp.dll 6.1.7600.16385 Microsoft Smart Card Key Storage Provider scp32.dll 2.0.330.0 Code Page Translation Library scripto.dll 6.6.7600.16385 Microsoft ScriptO scrobj.dll 5.8.7600.16385 Windows ® Script Component Runtime scrrun.dll 5.8.7600.16385 Microsoft ® Script Runtime sdiageng.dll 6.1.7600.16385 Scripted Diagnostics Execution Engine sdiagprv.dll 6.1.7600.16385 Windows Scripted Diagnostic Provider API sdohlp.dll 6.1.7600.16385 NPS SDO Helper Component searchfolder.dll 6.1.7601.17514 SearchFolder sechost.dll 6.1.7600.16385 Host for SCM/SDDL/LSA Lookup APIs secproc.dll 6.1.7601.17514 Windows Rights Management Desktop Security Processor secproc_isv.dll 6.1.7601.17514 Windows Rights Management Desktop Security Processor secproc_ssp.dll 6.1.7601.17514 Windows Rights Management Services Server Security Processor secproc_ssp_isv.dll 6.1.7601.17514 Windows Rights Management Services Server Security Processor (Pre-production) secur32.dll 6.1.7601.17514 Security Support Provider Interface security.dll 6.1.7600.16385 Security Support Provider Interface sendmail.dll 6.1.7600.16385 Send Mail sens.dll 6.1.7600.16385 System Event Notification Service (SENS) sensapi.dll 6.1.7600.16385 SENS Connectivity API DLL sensorsapi.dll 6.1.7600.16385 Sensor API sensorscpl.dll 6.1.7601.17514 Open Location and Other Sensors serialui.dll 6.1.7600.16385 Serial Port Property Pages serwvdrv.dll 6.1.7600.16385 Unimodem Serial Wave driver sessenv.dll 6.1.7601.17514 Remote Desktop Configuration service setupapi.dll 6.1.7601.17514 Windows Setup API setupcln.dll 6.1.7601.17514 Setup Files Cleanup sfc.dll 6.1.7600.16385 Windows File Protection sfc_os.dll 6.1.7600.16385 Windows File Protection sfcom.dll 3.0.0.11 SFCOM.DLL shacct.dll 6.1.7601.17514 Shell Accounts Classes shdocvw.dll 6.1.7601.17514 Shell Doc Object and Control Library shell32.dll 6.1.7601.17514 Windows Shell Common Dll shellstyle.dll 6.1.7600.16385 Windows Shell Style Resource Dll shfolder.dll 6.1.7600.16385 Shell Folder Service shgina.dll 6.1.7601.17514 Windows Shell User Logon shimeng.dll 6.1.7600.16385 Shim Engine DLL shimgvw.dll 6.1.7601.17514 Photo Gallery Viewer shlwapi.dll 6.1.7601.17514 Shell Light-weight Utility Library shpafact.dll 6.1.7600.16385 Windows Shell LUA/PA Elevation Factory Dll shsetup.dll 6.1.7601.17514 Shell setup helper shsvcs.dll 6.1.7601.17514 Windows Shell Services Dll shunimpl.dll 6.1.7601.17514 Windows Shell Obsolete APIs shwebsvc.dll 6.1.7601.17514 Windows Shell Web Services signdrv.dll 6.1.7600.16385 WMI provider for Signed Drivers sirenacm.dll 15.4.3538.513 Messenger Audio Codec sisbkup.dll 6.1.7601.17514 Single-Instance Store Backup Support Functions slc.dll 6.1.7600.16385 Software Licensing Client Dll slcext.dll 6.1.7600.16385 Software Licensing Client Extension Dll slwga.dll 6.1.7601.17514 Software Licensing WGA API smartcardcredentialprovider.dll 6.1.7601.17514 Windows Smartcard Credential Provider smbhelperclass.dll 1.0.0.1 SMB (File Sharing) Helper Class for Network Diagnostic Framework sndvolsso.dll 6.1.7601.17514 SCA Volume snmpapi.dll 6.1.7600.16385 SNMP Utility Library softkbd.dll 6.1.7600.16385 Soft Keyboard Server and Tip softpub.dll 6.1.7600.16385 Softpub Forwarder DLL sortserver2003compat.dll 6.1.7600.16385 Sort Version Server 2003 sortwindows6compat.dll 6.1.7600.16385 Sort Version Windows 6.0 spbcd.dll 6.1.7601.17514 BCD Sysprep Plugin spfileq.dll 6.1.7600.16385 Windows SPFILEQ spinf.dll 6.1.7600.16385 Windows SPINF spnet.dll 6.1.7600.16385 Net Sysprep Plugin spopk.dll 6.1.7601.17514 OPK Sysprep Plugin spp.dll 6.1.7601.17514 Microsoft® Windows Shared Protection Point Library sppc.dll 6.1.7601.17514 Software Licensing Client Dll sppcc.dll 6.1.7600.16385 Software Licensing Commerce Client sppcext.dll 6.1.7600.16385 Software Protection Platform Client Extension Dll sppcomapi.dll 6.1.7601.17514 Software Licensing Library sppcommdlg.dll 6.1.7600.16385 Software Licensing UI API sppinst.dll 6.1.7601.17514 SPP CMI Installer Plug-in DLL sppwmi.dll 6.1.7600.16385 Software Protection Platform WMI provider spwinsat.dll 6.1.7600.16385 WinSAT Sysprep Plugin spwizeng.dll 6.1.7601.17514 Setup Wizard Framework spwizimg.dll 6.1.7600.16385 Setup Wizard Framework Resources spwizres.dll 6.1.7601.17514 Setup Wizard Framework Resources spwmp.dll 6.1.7601.17514 Windows Media Player System Preparation DLL sqlceoledb30.dll 3.0.7600.0 Microsoft SQL Mobile sqlceqp30.dll 3.0.7600.0 Microsoft SQL Mobile sqlcese30.dll 3.0.7601.0 Microsoft SQL Mobile sqloledb.dll 6.1.7601.17514 OLE DB Provider for SQL Server sqlsrv32.dll 6.1.7601.17514 SQL Server ODBC Driver sqlunirl.dll 2000.80.728.0 String Function .DLL for SQL Enterprise Components sqlwid.dll 1999.10.20.0 Unicode Function .DLL for SQL Enterprise Components sqlwoa.dll 1999.10.20.0 Unicode/ANSI Function .DLL for SQL Enterprise Components sqlxmlx.dll 6.1.7600.16385 XML extensions for SQL Server sqmapi.dll 6.1.7601.17514 SQM Client srchadmin.dll 7.0.7601.17514 Indexing Options srclient.dll 6.1.7600.16385 Microsoft® Windows System Restore Client Library srhelper.dll 6.1.7600.16385 Microsoft® Windows driver and windows update enumeration library srvcli.dll 6.1.7601.17514 Server Service Client DLL sscore.dll 6.1.7601.17514 Server Service Core DLL ssdpapi.dll 6.1.7600.16385 SSDP Client API DLL sspicli.dll 6.1.7601.17514 Security Support Provider Interface ssshim.dll 6.1.7600.16385 Windows Componentization Platform Servicing API stclient.dll 2001.12.8530.16385 COM+ Configuration Catalog Client sti.dll 6.1.7600.16385 Still Image Devices client DLL stobject.dll 6.1.7601.17514 Systray shell service object storage.dll 2.10.35.35 OLE 2.1 16/32 Interoperability Library storagecontexthandler.dll 6.1.7600.16385 Device Center Storage Context Menu Handler storprop.dll 6.1.7600.16385 Property Pages for Storage Devices structuredquery.dll 7.0.7601.17514 Structured Query sud.dll 6.1.7601.17514 SUD Control Panel sxproxy.dll 6.1.7600.16385 Microsoft® Windows System Protection Proxy Library sxs.dll 6.1.7601.17514 Fusion 2.5 sxshared.dll 6.1.7600.16385 Microsoft® Windows SX Shared Library sxsstore.dll 6.1.7600.16385 Sxs Store DLL synccenter.dll 6.1.7601.17514 Microsoft Sync Center synceng.dll 6.1.7600.16385 Windows Briefcase Engine synchostps.dll 6.1.7600.16385 Proxystub for sync host syncinfrastructure.dll 6.1.7600.16385 Microsoft Windows Sync Infrastructure. syncinfrastructureps.dll 6.1.7600.16385 Microsoft Windows sync infrastructure proxy stub. syncom.dll 15.1.18.0 SynCOM syncreg.dll 2007.94.7600.16385 Microsoft Synchronization Framework Registration synctrl.dll 15.1.18.0 SynCtrl syncui.dll 6.1.7601.17514 Windows Briefcase syntpcom.dll 15.1.18.0 Synaptics TouchPad Interfaces syssetup.dll 6.1.7601.17514 Windows NT System Setup systemcpl.dll 6.1.7601.17514 My System CPL t2embed.dll 6.1.7601.17514 Microsoft T2Embed Font Embedding tapi3.dll 6.1.7600.16385 Microsoft TAPI3 tapi32.dll 6.1.7600.16385 Microsoft® Windows(TM) Telephony API Client DLL tapimigplugin.dll 6.1.7600.16385 Microsoft® Windows(TM) TAPI Migration Plugin Dll tapiperf.dll 6.1.7600.16385 Microsoft® Windows(TM) Telephony Performance Monitor tapisrv.dll 6.1.7601.17514 Microsoft® Windows(TM) Telephony Server tapisysprep.dll 6.1.7600.16385 Microsoft® Windows(TM) Telephony Sysprep Work tapiui.dll 6.1.7600.16385 Microsoft® Windows(TM) Telephony API UI DLL taskcomp.dll 6.1.7601.17514 Task Scheduler Backward Compatibility Plug-in taskschd.dll 6.1.7601.17514 Task Scheduler COM API taskschdps.dll 6.1.7600.16385 Task Scheduler Interfaces Proxy tbs.dll 6.1.7600.16385 TBS tcpipcfg.dll 6.1.7601.17514 Network Configuration Objects tcpmonui.dll 6.1.7600.16385 Standard TCP/IP Port Monitor UI DLL tdh.dll 6.1.7600.16385 Event Trace Helper Library termmgr.dll 6.1.7601.17514 Microsoft TAPI3 Terminal Manager thawbrkr.dll 6.1.7600.16385 Thai Word Breaker themecpl.dll 6.1.7601.17514 Personalization CPL themeui.dll 6.1.7601.17514 Windows Theme API thumbcache.dll 6.1.7601.17514 Microsoft Thumbnail Cache timedatemuicallback.dll 6.1.7600.16385 Time Date Control UI Language Change plugin tlscsp.dll 6.1.7601.17514 Microsoft® Remote Desktop Services Cryptographic Utility tpmcompc.dll 6.1.7600.16385 Computer Chooser Dialog tquery.dll 7.0.7601.17610 tquery.dll traffic.dll 6.1.7600.16385 Microsoft Traffic Control 1.0 DLL trapi.dll 6.1.7601.17514 Microsoft Narrator Text Renderer tsbyuv.dll 6.1.7601.17514 Toshiba Video Codec tschannel.dll 6.1.7600.16385 Task Scheduler Proxy tsgqec.dll 6.1.7601.17514 RD Gateway QEC tsmf.dll 6.1.7601.17514 RDP MF Plugin tspkg.dll 6.1.7601.17514 Web Service Security Package tsworkspace.dll 6.1.7601.17514 RemoteApp and Desktop Connection Component tvratings.dll 6.6.7600.16385 Module for managing TV ratings twext.dll 6.1.7601.17514 Previous Versions property page twnlib4.dll 4.0.19.0 TwnLib4 txflog.dll 2001.12.8530.16385 COM+ txfw32.dll 6.1.7600.16385 TxF Win32 DLL typelib.dll 2.10.3029.1 OLE 2.1 16/32 Interoperability Library tzres.dll 6.1.7601.17514 Time Zones resource DLL ubpm.dll 6.1.7600.16385 Unified Background Process Manager DLL ucmhc.dll 6.1.7600.16385 UCM Helper Class udhisapi.dll 6.1.7600.16385 UPnP Device Host ISAPI Extension uexfat.dll 6.1.7600.16385 eXfat Utility DLL ufat.dll 6.1.7600.16385 FAT Utility DLL uianimation.dll 6.1.7600.16385 Windows Animation Manager uiautomationcore.dll 7.0.0.0 Microsoft UI Automation Core uicom.dll 6.1.7600.16385 Add/Remove Modems uiribbon.dll 6.1.7601.17514 Windows Ribbon Framework uiribbonres.dll 6.1.7601.17514 Windows Ribbon Framework Resources ulib.dll 6.1.7600.16385 File Utilities Support DLL umdmxfrm.dll 6.1.7600.16385 Unimodem Tranform Module unimdmat.dll 6.1.7601.17514 Unimodem Service Provider AT Mini Driver uniplat.dll 6.1.7600.16385 Unimodem AT Mini Driver Platform Driver for Windows NT unrar.dll 4.20.100.526 untfs.dll 6.1.7601.17514 NTFS Utility DLL upnp.dll 6.1.7601.17514 UPnP Control Point API upnphost.dll 6.1.7600.16385 UPnP Device Host ureg.dll 6.1.7600.16385 Registry Utility DLL url.dll 9.0.8112.16434 Internet Shortcut Shell Extension DLL urlmon.dll 9.0.8112.16434 OLE32 Extensions for Win32 usbceip.dll 6.1.7600.16385 USBCEIP Task usbperf.dll 6.1.7600.16385 USB Performance Objects DLL usbui.dll 6.1.7600.16385 USB UI Dll user32.dll 6.1.7601.17514 Multi-User Windows USER API Client DLL useraccountcontrolsettings.dll 6.1.7601.17514 UserAccountControlSettings usercpl.dll 6.1.7601.17514 User control panel userenv.dll 6.1.7601.17514 Userenv usp10.dll 1.626.7601.17514 Uniscribe Unicode script processor utildll.dll 6.1.7601.17514 WinStation utility support DLL uudf.dll 6.1.7600.16385 UDF Utility DLL uxinit.dll 6.1.7600.16385 Windows User Experience Session Initialization Dll uxlib.dll 6.1.7601.17514 Setup Wizard Framework uxlibres.dll 6.1.7600.16385 UXLib Resources uxtheme.dll 6.1.7600.16385 Microsoft UxTheme Library van.dll 6.1.7601.17514 View Available Networks vault.dll 6.1.7601.17514 Windows vault Control Panel vaultcli.dll 6.1.7600.16385 Credential Vault Client Library vbajet32.dll 6.0.1.9431 Visual Basic for Applications Development Environment - Expression Service Loader vbame.dll 2.0.2.5 VBA : Middle East Support vbscript.dll 5.8.7601.16978 Microsoft ® VBScript vcomp100.dll 10.0.40219.325 Microsoft® C/C++ OpenMP Runtime vdmdbg.dll 6.1.7600.16385 VDMDBG.DLL vds_ps.dll 6.1.7600.16385 Microsoft® Virtual Disk Service proxy/stub vdsbas.dll 6.1.7601.17514 Virtual Disk Service Basic Provider vdsdyn.dll 6.1.7600.16385 VDS Dynamic Volume Provider, Version 2.1.0.1 vdsvd.dll 6.1.7600.16385 VDS Virtual Disk Provider, Version 1.0 verifier.dll 6.1.7600.16385 Standard application verifier provider dll version.dll 6.1.7600.16385 Version Checking and File Installation Libraries vfpodbc.dll 1.0.2.0 vfpodbc vfwwdm32.dll 6.1.7601.17514 VfW MM Driver for WDM Video Capture Devices vidreszr.dll 6.1.7600.16385 Windows Media Resizer virtdisk.dll 6.1.7600.16385 Virtual Disk API DLL vpnikeapi.dll 6.1.7601.17514 VPN IKE API's vss_ps.dll 6.1.7600.16385 Microsoft® Volume Shadow Copy Service proxy/stub vssapi.dll 6.1.7601.17514 Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL vsstrace.dll 6.1.7600.16385 Microsoft® Volume Shadow Copy Service Tracing Library w32topl.dll 6.1.7600.16385 Windows NT Topology Maintenance Tool wab32.dll 6.1.7600.16385 Microsoft (R) Contacts DLL wab32res.dll 6.1.7600.16385 Microsoft (R) Contacts DLL wabsyncprovider.dll 6.1.7600.16385 Microsoft Windows Contacts Sync Provider wavemsp.dll 6.1.7601.17514 Microsoft Wave MSP wbemcomn.dll 6.1.7601.17514 WMI wcnapi.dll 6.1.7600.16385 Windows Connect Now - API Helper DLL wcncsvc.dll 6.1.7601.17514 Windows Connect Now - Config Registrar Service wcneapauthproxy.dll 6.1.7600.16385 Windows Connect Now - WCN EAP Authenticator Proxy wcneappeerproxy.dll 6.1.7600.16385 Windows Connect Now - WCN EAP PEER Proxy wcnwiz.dll 6.1.7600.16385 Windows Connect Now Wizards wcspluginservice.dll 6.1.7600.16385 WcsPlugInService DLL wdc.dll 6.1.7601.17514 Performance Monitor wdi.dll 6.1.7600.16385 Windows Diagnostic Infrastructure wdigest.dll 6.1.7600.16385 Microsoft Digest Access wdscore.dll 6.1.7601.17514 Panther Engine Module webcheck.dll 9.0.8112.16421 Web Site Monitor webclnt.dll 6.1.7601.17514 Web DAV Service DLL webio.dll 6.1.7601.17514 Web Transfer Protocols API webservices.dll 6.1.7601.17514 Windows Web Services Runtime wecapi.dll 6.1.7600.16385 Event Collector Configuration API wer.dll 6.1.7601.17514 Windows Error Reporting DLL werdiagcontroller.dll 6.1.7600.16385 WER Diagnostic Controller werui.dll 6.1.7600.16385 Windows Error Reporting UI DLL wevtapi.dll 6.1.7600.16385 Eventing Consumption and Configuration API wevtfwd.dll 6.1.7600.16385 WS-Management Event Forwarding Plug-in wfapigp.dll 6.1.7600.16385 Windows Firewall GPO Helper dll wfhc.dll 6.1.7600.16385 Windows Firewall Helper Class whealogr.dll 6.1.7600.16385 WHEA Troubleshooter whhelper.dll 6.1.7600.16385 Net shell helper DLL for winHttp wiaaut.dll 6.1.7600.16385 WIA Automation Layer wiadefui.dll 6.1.7601.17514 WIA Scanner Default UI wiadss.dll 6.1.7600.16385 WIA TWAIN compatibility layer wiaextensionhost64.dll 6.1.7600.16385 WIA Extension Host for thunking APIs from 32-bit to 64-bit process wiascanprofiles.dll 6.1.7600.16385 Microsoft Windows ScanProfiles wiashext.dll 6.1.7600.16385 Imaging Devices Shell Folder UI wiatrace.dll 6.1.7600.16385 WIA Tracing wiavideo.dll 6.1.7601.17514 WIA Video wimgapi.dll 6.1.7601.17514 Windows Imaging Library win32spl.dll 6.1.7601.17514 Client Side Rendering Print Provider winbio.dll 6.1.7600.16385 Windows Biometrics Client API winbrand.dll 6.1.7600.16385 Windows Branding Resources wincredprovider.dll 6.1.7600.16385 wincredprovider DLL windowsaccessbridge-32.dll 2.0.7.0 Java Access Bridge for Windows windowscodecs.dll 6.1.7601.17514 Microsoft Windows Codecs Library windowscodecsext.dll 6.1.7600.16385 Microsoft Windows Codecs Extended Library winfax.dll 6.1.7600.16385 Microsoft Fax API Support DLL winhttp.dll 6.1.7601.17514 Windows HTTP Services wininet.dll 9.0.8112.16434 Internet Extensions for Win32 winipsec.dll 6.1.7600.16385 Windows IPsec SPD Client DLL winmm.dll 6.1.7601.17514 MCI API DLL winnsi.dll 6.1.7600.16385 Network Store Information RPC interface winrnr.dll 6.1.7600.16385 LDAP RnR Provider DLL winrscmd.dll 6.1.7600.16385 remtsvc winrsmgr.dll 6.1.7600.16385 WSMan Shell API winrssrv.dll 6.1.7600.16385 winrssrv winsatapi.dll 6.1.7601.17514 Windows System Assessment Tool API winscard.dll 6.1.7601.17514 Microsoft Smart Card API winshfhc.dll 6.1.7600.16385 File Risk Estimation winsockhc.dll 6.1.7600.16385 Winsock Network Diagnostic Helper Class winsrpc.dll 6.1.7600.16385 WINS RPC LIBRARY winsta.dll 6.1.7601.17514 Winstation Library winsync.dll 2007.94.7600.16385 Synchronization Framework winsyncmetastore.dll 2007.94.7600.16385 Windows Synchronization Metadata Store winsyncproviders.dll 2007.94.7600.16385 Windows Synchronization Provider Framework wintrust.dll 6.1.7601.17514 Microsoft Trust Verification APIs winusb.dll 6.1.7600.16385 Windows USB Driver User Library wkscli.dll 6.1.7601.17514 Workstation Service Client DLL wksprtps.dll 6.1.7600.16385 WorkspaceRuntime ProxyStub DLL wlanapi.dll 6.1.7600.16385 Windows WLAN AutoConfig Client Side API DLL wlancfg.dll 6.1.7600.16385 Wlan Netsh Helper DLL wlanconn.dll 6.1.7600.16385 Dot11 Connection Flows wlandlg.dll 6.1.7600.16385 Wireless Lan Dialog Wizards wlangpui.dll 6.1.7601.17514 Wireless Network Policy Management Snap-in wlanhlp.dll 6.1.7600.16385 Windows Wireless LAN 802.11 Client Side Helper API wlaninst.dll 6.1.7600.16385 Windows NET Device Class Co-Installer for Wireless LAN wlanmm.dll 6.1.7600.16385 Dot11 Media and AdHoc Managers wlanmsm.dll 6.1.7601.17514 Windows Wireless LAN 802.11 MSM DLL wlanpref.dll 6.1.7601.17514 Wireless Preferred Networks wlansec.dll 6.1.7600.16385 Windows Wireless LAN 802.11 MSM Security Module DLL wlanui.dll 6.1.7601.17514 Wireless Profile UI wlanutil.dll 6.1.7600.16385 Windows Wireless LAN 802.11 Utility DLL wldap32.dll 6.1.7601.17514 Win32 LDAP API DLL wlgpclnt.dll 6.1.7600.16385 802.11 Group Policy Client wls0wndh.dll 6.1.7600.16385 Session0 Viewer Window Hook DLL wmadmod.dll 6.1.7601.17514 Windows Media Audio Decoder wmadmoe.dll 6.1.7600.16385 Windows Media Audio 10 Encoder/Transcoder wmasf.dll 12.0.7600.16385 Windows Media ASF DLL wmcodecdspps.dll 6.1.7600.16385 Windows Media CodecDSP Proxy Stub Dll wmdmlog.dll 12.0.7600.16385 Windows Media Device Manager Logger wmdmps.dll 12.0.7600.16385 Windows Media Device Manager Proxy Stub wmdrmdev.dll 12.0.7601.17514 Windows Media DRM for Network Devices Registration DLL wmdrmnet.dll 12.0.7601.17514 Windows Media DRM for Network Devices DLL wmdrmsdk.dll 11.0.7601.17514 Windows Media DRM SDK DLL wmerror.dll 12.0.7600.16385 Windows Media Error Definitions (English) wmi.dll 6.1.7600.16385 WMI DC and DP functionality wmidx.dll 12.0.7600.16385 Windows Media Indexer DLL wmiprop.dll 6.1.7600.16385 WDM Provider Dynamic Property Page CoInstaller wmnetmgr.dll 12.0.7601.17514 Windows Media Network Plugin Manager DLL wmp.dll 12.0.7601.17514 Windows Media Player wmpcm.dll 12.0.7600.16385 Windows Media Player Compositing Mixer wmpdui.dll 12.0.7600.16385 Windows Media Player UI Engine wmpdxm.dll 12.0.7601.17514 Windows Media Player Extension wmpeffects.dll 12.0.7601.17514 Windows Media Player Effects wmpencen.dll 12.0.7601.17514 Windows Media Player Encoding Module wmphoto.dll 6.1.7601.17514 Windows Media Photo Codec wmploc.dll 12.0.7601.17514 Windows Media Player Resources wmpmde.dll 12.0.7601.17514 WMPMDE DLL wmpps.dll 12.0.7601.17514 Windows Media Player Proxy Stub Dll wmpshell.dll 12.0.7601.17514 Windows Media Player Launcher wmpsrcwp.dll 12.0.7601.17514 WMPSrcWp Module wmsgapi.dll 6.1.7600.16385 WinLogon IPC Client wmspdmod.dll 6.1.7601.17514 Windows Media Audio Voice Decoder wmspdmoe.dll 6.1.7600.16385 Windows Media Audio Voice Encoder wmvcore.dll 12.0.7601.17514 Windows Media Playback/Authoring DLL wmvdecod.dll 6.1.7601.17514 Windows Media Video Decoder wmvdspa.dll 6.1.7600.16385 Windows Media Video DSP Components - Advanced wmvencod.dll 6.1.7600.16385 Windows Media Video 9 Encoder wmvsdecd.dll 6.1.7601.17514 Windows Media Screen Decoder wmvsencd.dll 6.1.7600.16385 Windows Media Screen Encoder wmvxencd.dll 6.1.7600.16385 Windows Media Video Encoder wow32.dll 6.1.7601.17651 Wow32 wpc.dll 1.0.0.1 WPC Settings Library wpcao.dll 6.1.7600.16385 WPC Administrator Override wpcsvc.dll 1.0.0.1 WPC Filtering Service wpdshext.dll 6.1.7601.17514 Portable Devices Shell Extension wpdshserviceobj.dll 6.1.7601.17514 Windows Portable Device Shell Service Object wpdsp.dll 6.1.7601.17514 WMDM Service Provider for Windows Portable Devices wpdwcn.dll 6.1.7601.17514 Windows Portable Device WCN Wizard ws2_32.dll 6.1.7601.17514 Windows Socket 2.0 32-Bit DLL ws2help.dll 6.1.7600.16385 Windows Socket 2.0 Helper for Windows NT wscapi.dll 6.1.7601.17514 Windows Security Center API wscinterop.dll 6.1.7600.16385 Windows Health Center WSC Interop wscisvif.dll 6.1.7600.16385 Windows Security Center ISV API wscmisetup.dll 6.1.7600.16385 Installers for Winsock Transport and Name Space Providers wscproxystub.dll 6.1.7600.16385 Windows Security Center ISV Proxy Stub wsdapi.dll 6.1.7601.17514 Web Services for Devices API DLL wsdchngr.dll 6.1.7601.17514 WSD Challenge Component wsecedit.dll 6.1.7600.16385 Security Configuration UI Module wshbth.dll 6.1.7601.17514 Windows Sockets Helper DLL wshcon.dll 5.8.7600.16385 Microsoft ® Windows Script Controller wshelper.dll 6.1.7600.16385 Winsock Net shell helper DLL for winsock wshext.dll 5.8.7600.16385 Microsoft ® Shell Extension for Windows Script Host wship6.dll 6.1.7600.16385 Winsock2 Helper DLL (TL/IPv6) wshirda.dll 6.1.7601.17514 Windows Sockets Helper DLL wshqos.dll 6.1.7600.16385 QoS Winsock2 Helper DLL wshrm.dll 6.1.7600.16385 Windows Sockets Helper DLL for PGM wshtcpip.dll 6.1.7600.16385 Winsock2 Helper DLL (TL/IPv4) wsmanmigrationplugin.dll 6.1.7600.16385 WinRM Migration Plugin wsmauto.dll 6.1.7600.16385 WSMAN Automation wsmplpxy.dll 6.1.7600.16385 wsmplpxy wsmres.dll 6.1.7600.16385 WSMan Resource DLL wsmsvc.dll 6.1.7601.17514 WSMan Service wsmwmipl.dll 6.1.7600.16385 WSMAN WMI Provider wsnmp32.dll 6.1.7601.17514 Microsoft WinSNMP v2.0 Manager API wsock32.dll 6.1.7600.16385 Windows Socket 32-Bit DLL wtsapi32.dll 6.1.7601.17514 Windows Remote Desktop Session Host Server SDK APIs wuapi.dll 7.5.7601.17514 Windows Update Client API wudriver.dll 7.5.7601.17514 Windows Update WUDriver Stub wups.dll 7.5.7601.17514 Windows Update client proxy stub wuwebv.dll 7.5.7601.17514 Windows Update Vista Web Control wvc.dll 6.1.7601.17514 Windows Visual Components wwanapi.dll 6.1.7600.16385 Mbnapi wwapi.dll 8.1.2.0 WWAN API wzcdlg.dll 6.1.7600.16385 Windows Connect Now - Flash Config Enrollee xapofx1_3.dll 9.26.1590.0 Audio Effect Library xaudio2_5.dll 9.27.1734.0 XAudio2 Game Audio API xinput9_1_0.dll 6.1.7600.16385 XNA Common Controller xmlfilter.dll 2008.0.7600.16385 XML Filter xmllite.dll 1.3.1001.0 Microsoft XmlLite Library xmlprovi.dll 6.1.7600.16385 Network Provisioning Service Client API xmlrw.dll 2.0.3609.0 Microsoft XML Slim Library xmlrwbin.dll 2.0.3609.0 Microsoft XML Slim Library xolehlp.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator Helper APIs DLL xpsfilt.dll 6.1.7600.16385 XML Paper Specification Document IFilter xpsgdiconverter.dll 6.1.7601.17566 XPS to GDI Converter xpsprint.dll 6.1.7601.17537 XPS Printing DLL xpsrasterservice.dll 6.1.7601.17514 XPS Rasterization Service Component xpsservices.dll 6.1.7601.17514 Xps Object Model in memory creation and deserialization xpsshhdr.dll 6.1.7600.16385 Package Document Shell Extension Handler xpssvcs.dll 6.1.7600.16385 Native Code Xps Services Library xwizards.dll 6.1.7600.16385 Extensible Wizards Manager Module xwreg.dll 6.1.7600.16385 Extensible Wizard Registration Manager Module xwtpdui.dll 6.1.7600.16385 Extensible Wizard Type Plugin for DUI xwtpw32.dll 6.1.7600.16385 Extensible Wizard Type Plugin for Win32 zipfldr.dll 6.1.7601.17514 Compressed (zipped) Folders --------[ UpTime ]------------------------------------------------------------------------------------------------------ Current Session: Last Shutdown Time 30/11/2012 12:26:31 PM Last Boot Time 30/11/2012 3:21:02 PM Current Time 30/11/2012 3:33:55 PM UpTime 788 sec (0 days, 0 hours, 13 min, 8 sec) UpTime Statistics: First Boot Time 25/11/2012 5:30:16 PM First Shutdown Time 25/11/2012 5:29:15 PM Total UpTime 72466 sec (0 days, 20 hours, 7 min, 46 sec) Total DownTime 356997 sec (4 days, 3 hours, 9 min, 57 sec) Longest UpTime 46475 sec (0 days, 12 hours, 54 min, 35 sec) Longest DownTime 227344 sec (2 days, 15 hours, 9 min, 4 sec) Total Reboots 27 System Availability 16.87% Bluescreen Statistics: Total Bluescreens 0 Information: Information The above statistics are based on System Event Log entries --------[ Share ]------------------------------------------------------------------------------------------------------- ADMIN$ Folder Remote Admin C:\Windows C$ Folder Default share C:\ D$ Folder Default share D:\ IPC$ IPC Remote IPC --------[ Account Security ]-------------------------------------------------------------------------------------------- Account Security Properties: Computer Role Primary Domain Name user-PC Primary Domain Controller Not Specified Forced Logoff Time Disabled Min / Max Password Age 0 / 42 days Minimum Password Length 0 chars Password History Length Disabled Lockout Threshold Disabled Lockout Duration 30 min Lockout Observation Window 30 min --------[ Logon ]------------------------------------------------------------------------------------------------------- UpdatusUser UpdatusUser USER-PC user-PC user USER-PC user-PC user USER-PC user-PC --------[ Users ]------------------------------------------------------------------------------------------------------- [ Administrator ] User Properties: User Name Administrator Full Name Administrator Comment Built-in account for administering the computer/domain Member Of Groups Administrators Logon Count 25 Disk Quota - User Features: Logon Script Executed Yes Account Disabled Yes Locked Out User No Home Folder Required No Password Required Yes Read-Only Password No Password Never Expires Yes [ Guest ] User Properties: User Name Guest Full Name Guest Comment Built-in account for guest access to the computer/domain Member Of Groups Guests Logon Count 0 Disk Quota - User Features: Logon Script Executed Yes Account Disabled Yes Locked Out User No Home Folder Required No Password Required No Read-Only Password Yes Password Never Expires Yes [ UpdatusUser ] User Properties: User Name UpdatusUser Full Name UpdatusUser Comment Used to provide NVIDIA software updates Logon Count 24 Disk Quota - User Features: Logon Script Executed Yes Account Disabled No Locked Out User No Home Folder Required No Password Required Yes Read-Only Password No Password Never Expires Yes [ user ] User Properties: User Name user Full Name user Member Of Groups Administrators Logon Count 29 Disk Quota - User Features: Logon Script Executed Yes Account Disabled No Locked Out User No Home Folder Required No Password Required No Read-Only Password No Password Never Expires Yes --------[ Local Groups ]------------------------------------------------------------------------------------------------ [ Administrators ] Local Group Properties: Comment Administrators have complete and unrestricted access to the computer/domain Group Members: Administrator user [ Distributed COM Users ] Local Group Properties: Comment Members are allowed to launch, activate and use Distributed COM objects on this machine. [ Event Log Readers ] Local Group Properties: Comment Members of this group can read event logs from local machine [ Guests ] Local Group Properties: Comment Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted Group Members: Guest [ IIS_IUSRS ] Local Group Properties: Comment Built-in group used by Internet Information Services. Group Members: IUSR [ Performance Log Users ] Local Group Properties: Comment Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer [ Performance Monitor Users ] Local Group Properties: Comment Members of this group can access performance counter data locally and remotely [ Users ] Local Group Properties: Comment Users are prevented from making accidental or intentional system-wide changes and can run most applications Group Members: Authenticated Users INTERACTIVE --------[ Global Groups ]----------------------------------------------------------------------------------------------- [ None ] Global Group Properties: Comment Ordinary users Group Members: Administrator Guest UpdatusUser UpdatusUser user --------[ Windows Video ]----------------------------------------------------------------------------------------------- [ Intel(R) HD Graphics Family ] Video Adapter Properties: Device Description Intel(R) HD Graphics Family Adapter String Intel(R) HD Graphics 3000 BIOS String Intel Video BIOS Chip Type Intel(R) HD Graphics Family DAC Type Internal Driver Date 26/3/2011 Driver Version 8.15.10.2345 Driver Provider Intel Corporation Memory Size 1869408 KB Installed Drivers: igdumd64 8.15.10.2345 igd10umd64 8.15.10.2345 igd10umd64 8.15.10.2345 igdumdx32 8.15.10.2345 igd10umd32 8.15.10.2345 igd10umd32 8.15.10.2345 Video Adapter Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/graphics Driver Update http://www.aida64.com/driver-updates [ Intel(R) HD Graphics Family ] Video Adapter Properties: Device Description Intel(R) HD Graphics Family Adapter String Intel(R) HD Graphics 3000 BIOS String Intel Video BIOS Chip Type Intel(R) HD Graphics Family DAC Type Internal Driver Date 26/3/2011 Driver Version 8.15.10.2345 Driver Provider Intel Corporation Memory Size 1869408 KB Installed Drivers: igdumd64 8.15.10.2345 igd10umd64 8.15.10.2345 igd10umd64 8.15.10.2345 igdumdx32 8.15.10.2345 igd10umd32 8.15.10.2345 igd10umd32 8.15.10.2345 Video Adapter Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/graphics Driver Update http://www.aida64.com/driver-updates [ NVIDIA GeForce 610M ] Video Adapter Properties: Device Description NVIDIA GeForce 610M Adapter String GeForce 610M BIOS String Version 70.8.7d.0.3 Chip Type GeForce 610M DAC Type Integrated RAMDAC Driver Date 27/11/2011 Driver Version 8.17.12.8590 - nVIDIA ForceWare 285.90 Driver Provider NVIDIA Memory Size 1024 MB Installed Drivers: nvd3dumx 8.17.12.8590 nvwgf2umx 8.17.12.8590 nvwgf2umx 8.17.12.8590 nvd3dum 8.17.12.8590 - nVIDIA ForceWare 285.90 nvwgf2um 8.17.12.8590 nvwgf2um 8.17.12.8590 Video Adapter Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/products.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ NVIDIA GeForce 610M ] Video Adapter Properties: Device Description NVIDIA GeForce 610M Adapter String GeForce 610M BIOS String Version 70.8.7d.0.3 Chip Type GeForce 610M DAC Type Integrated RAMDAC Driver Date 27/11/2011 Driver Version 8.17.12.8590 - nVIDIA ForceWare 285.90 Driver Provider NVIDIA Memory Size 1024 MB Installed Drivers: nvd3dumx 8.17.12.8590 nvwgf2umx 8.17.12.8590 nvwgf2umx 8.17.12.8590 nvd3dum 8.17.12.8590 - nVIDIA ForceWare 285.90 nvwgf2um 8.17.12.8590 nvwgf2um 8.17.12.8590 Video Adapter Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/products.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates --------[ PCI / AGP Video ]--------------------------------------------------------------------------------------------- Intel HD Graphics 3000 Video Adapter Intel HD Graphics 3000 3D Accelerator --------[ GPU ]--------------------------------------------------------------------------------------------------------- [ Integrated: Intel Sandy Bridge-MB - Integrated Graphics Controller (MB GT2 1.3GHz+) ] Graphics Processor Properties: Video Adapter Intel Sandy Bridge-MB - Integrated Graphics Controller (MB GT2 1.3GHz+) BIOS Version Build Number: snm21080.iev PC 14.34 03/07/2011 19:08:40 GPU Code Name Sandy Bridge-MB GT2 PCI Device 8086-0126 / 1025-0507 (Rev 09) Process Technology 32 nm Bus Type Integrated GPU Clock 650 MHz GPU Clock (Turbo) 650 - 1300 MHz RAMDAC Clock 350 MHz Pixel Pipelines 4 TMU Per Pipeline 1 Unified Shaders 48 (v4.1) DirectX Hardware Support DirectX v10.1 Pixel Fillrate 2600 MPixel/s Texel Fillrate 2600 MTexel/s Utilization: Dedicated Memory 8 MB Dynamic Memory 48 MB Graphics Processor Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/graphics Driver Update http://www.aida64.com/driver-updates --------[ Monitor ]----------------------------------------------------------------------------------------------------- [ AU Optronics B140XW01 V8 ] Monitor Properties: Monitor Name AU Optronics B140XW01 V8 Monitor ID AUO183C Manufacturer AUO Model B140XW01 V8 Monitor Type 14" LCD (WXGA) Manufacture Date Week 1 / 2009 Serial Number None Max. Visible Display Size 31 cm x 17 cm (13.9") Picture Aspect Ratio 17:9 Horizontal Frequency 30 - 83 kHz Vertical Frequency 56 - 75 Hz Maximum Resolution 1366 x 768 Gamma 2.20 DPMS Mode Support None Supported Video Modes: 640 x 480 75 Hz 800 x 480 75 Hz 800 x 600 75 Hz 1024 x 600 75 Hz 1024 x 768 75 Hz 1280 x 720 75 Hz 1280 x 768 75 Hz 1366 x 768 75 Hz Monitor Manufacturer: Company Name AU Optronics Corp. Product Information http://www.auo.com/?sn=149&lang=en-US&c=33 Driver Download http://www.auo.com/?sn=171&lang=en-US Driver Update http://www.aida64.com/driver-updates --------[ Desktop ]----------------------------------------------------------------------------------------------------- Desktop Properties: Device Technology Raster Display Resolution 1366 x 768 Color Depth 32-bit Color Planes 1 Font Resolution 96 dpi Pixel Width / Height 36 / 36 Pixel Diagonal 51 Vertical Refresh Rate 60 Hz Desktop Wallpaper C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Desktop Effects: Combo-Box Animation Enabled Drop Shadow Effect Enabled Flat Menu Effect Enabled Font Smoothing Enabled ClearType Enabled Full Window Dragging Enabled Gradient Window Title Bars Enabled Hide Menu Access Keys Enabled Hot Tracking Effect Enabled Icon Title Wrapping Enabled List-Box Smooth Scrolling Enabled Menu Animation Enabled Menu Fade Effect Enabled Minimize/Restore Animation Enabled Mouse Cursor Shadow Enabled Selection Fade Effect Enabled ShowSounds Accessibility Feature Disabled ToolTip Animation Enabled ToolTip Fade Effect Enabled Windows Aero Enabled Windows Plus! Extension Disabled --------[ Multi-Monitor ]----------------------------------------------------------------------------------------------- \\.\DISPLAY1 Yes (0,0) (1366,768) --------[ Video Modes ]------------------------------------------------------------------------------------------------- 320 x 200 8-bit 60 Hz 320 x 200 8-bit 60 Hz 320 x 200 8-bit 60 Hz 320 x 200 16-bit 60 Hz 320 x 200 16-bit 60 Hz 320 x 200 16-bit 60 Hz 320 x 200 32-bit 60 Hz 320 x 200 32-bit 60 Hz 320 x 200 32-bit 60 Hz 320 x 240 8-bit 60 Hz 320 x 240 8-bit 60 Hz 320 x 240 8-bit 60 Hz 320 x 240 16-bit 60 Hz 320 x 240 16-bit 60 Hz 320 x 240 16-bit 60 Hz 320 x 240 32-bit 60 Hz 320 x 240 32-bit 60 Hz 320 x 240 32-bit 60 Hz 400 x 300 8-bit 60 Hz 400 x 300 8-bit 60 Hz 400 x 300 8-bit 60 Hz 400 x 300 16-bit 60 Hz 400 x 300 16-bit 60 Hz 400 x 300 16-bit 60 Hz 400 x 300 32-bit 60 Hz 400 x 300 32-bit 60 Hz 400 x 300 32-bit 60 Hz 512 x 384 8-bit 60 Hz 512 x 384 8-bit 60 Hz 512 x 384 8-bit 60 Hz 512 x 384 16-bit 60 Hz 512 x 384 16-bit 60 Hz 512 x 384 16-bit 60 Hz 512 x 384 32-bit 60 Hz 512 x 384 32-bit 60 Hz 512 x 384 32-bit 60 Hz 640 x 400 8-bit 60 Hz 640 x 400 8-bit 60 Hz 640 x 400 8-bit 60 Hz 640 x 400 16-bit 60 Hz 640 x 400 16-bit 60 Hz 640 x 400 16-bit 60 Hz 640 x 400 32-bit 60 Hz 640 x 400 32-bit 60 Hz 640 x 400 32-bit 60 Hz 640 x 480 8-bit 60 Hz 640 x 480 8-bit 60 Hz 640 x 480 8-bit 60 Hz 640 x 480 16-bit 60 Hz 640 x 480 16-bit 60 Hz 640 x 480 16-bit 60 Hz 640 x 480 32-bit 60 Hz 640 x 480 32-bit 60 Hz 640 x 480 32-bit 60 Hz 800 x 600 8-bit 60 Hz 800 x 600 8-bit 60 Hz 800 x 600 8-bit 60 Hz 800 x 600 16-bit 60 Hz 800 x 600 16-bit 60 Hz 800 x 600 16-bit 60 Hz 800 x 600 32-bit 60 Hz 800 x 600 32-bit 60 Hz 800 x 600 32-bit 60 Hz 1024 x 768 8-bit 60 Hz 1024 x 768 8-bit 60 Hz 1024 x 768 8-bit 60 Hz 1024 x 768 16-bit 60 Hz 1024 x 768 16-bit 60 Hz 1024 x 768 16-bit 60 Hz 1024 x 768 32-bit 60 Hz 1024 x 768 32-bit 60 Hz 1024 x 768 32-bit 60 Hz 1280 x 720 8-bit 60 Hz 1280 x 720 8-bit 60 Hz 1280 x 720 8-bit 60 Hz 1280 x 720 16-bit 60 Hz 1280 x 720 16-bit 60 Hz 1280 x 720 16-bit 60 Hz 1280 x 720 32-bit 60 Hz 1280 x 720 32-bit 60 Hz 1280 x 720 32-bit 60 Hz 1280 x 768 8-bit 60 Hz 1280 x 768 8-bit 60 Hz 1280 x 768 8-bit 60 Hz 1280 x 768 16-bit 60 Hz 1280 x 768 16-bit 60 Hz 1280 x 768 16-bit 60 Hz 1280 x 768 32-bit 60 Hz 1280 x 768 32-bit 60 Hz 1280 x 768 32-bit 60 Hz 1360 x 768 8-bit 60 Hz 1360 x 768 8-bit 60 Hz 1360 x 768 8-bit 60 Hz 1360 x 768 16-bit 60 Hz 1360 x 768 16-bit 60 Hz 1360 x 768 16-bit 60 Hz 1360 x 768 32-bit 60 Hz 1360 x 768 32-bit 60 Hz 1360 x 768 32-bit 60 Hz 1366 x 768 8-bit 60 Hz 1366 x 768 16-bit 60 Hz 1366 x 768 32-bit 60 Hz --------[ OpenGL ]------------------------------------------------------------------------------------------------------ OpenGL Properties: Vendor Intel Renderer Intel(R) HD Graphics Family Version 3.1.0 - Build 8.15.10.2345 Shading Language Version 1.40 - Intel Build 8.15.10.2345 OpenGL DLL 6.1.7600.16385(win7_rtm.090713-1255) Multitexture Texture Units 8 Occlusion Query Counter Bits 64 Sub-Pixel Precision 4-bit Max Viewport Size 4096 x 4096 Max Cube Map Texture Size 4096 x 4096 Max Rectangle Texture Size 4096 x 4096 Max 3D Texture Size 256 x 256 x 256 Max Anisotropy 16 Max Clipping Planes 6 Max Display-List Nesting Level 64 Max Draw Buffers 8 Max Evaluator Order 32 Max Light Sources 8 Max Pixel Map Table Size 65536 Max Texture Array Layers 256 Max Texture LOD Bias 15 OpenGL Compliancy: OpenGL 1.1 Yes (100%) OpenGL 1.2 Yes (100%) OpenGL 1.3 Yes (100%) OpenGL 1.4 Yes (100%) OpenGL 1.5 Yes (100%) OpenGL 2.0 Yes (100%) OpenGL 2.1 Yes (100%) OpenGL 3.0 Yes (100%) OpenGL 3.1 Yes (100%) OpenGL 3.2 No (60%) OpenGL 3.3 No (10%) OpenGL 4.0 No (0%) OpenGL 4.1 No (0%) OpenGL 4.2 No (0%) OpenGL 4.3 No (0%) Max Stack Depth: Attribute Stack 16 Client Attribute Stack 16 Modelview Matrix Stack 32 Name Stack 128 Projection Matrix Stack 4 Texture Matrix Stack 10 Draw Range Elements: Max Index Count 1200 Max Vertex Count 1200 Transform Feedback: Max Interleaved Components 64 Max Separate Attributes 4 Max Separate Components 4 Framebuffer Object: Max Color Attachments 8 Max Render Buffer Size 4096 x 4096 Vertex Shader: Max Uniform Vertex Components 512 Max Varying Floats 41 Max Vertex Texture Image Units 16 Max Combined Texture Image Units 16 Fragment Shader: Max Uniform Fragment Components 1024 Vertex Program: Max Local Parameters 256 Max Environment Parameters 300 Max Program Matrices 8 Max Program Matrix Stack Depth 2 Max Vertex Attributes 16 Max Instructions 1024 Max Native Instructions 1024 Max Temporaries 31 Max Native Temporaries 31 Max Parameters 512 Max Native Parameters 400 Max Attributes 16 Max Native Attributes 16 Max Address Registers 1 Max Native Address Registers 1 Fragment Program: Max Local Parameters 256 Max Environment Parameters 256 Max Texture Coordinates 8 Max Texture Image Units 16 Max Instructions 1447 Max Native Instructions 1447 Max Temporaries 256 Max Native Temporaries 256 Max Parameters 512 Max Native Parameters 32 Max Attributes 13 Max Native Attributes 13 Max Address Registers 0 Max Native Address Registers 0 Max ALU Instructions 1447 Max Native ALU Instructions 1447 Max Texture Instructions 1447 Max Native Texture Instructions 1447 Max Texture Indirections 128 Max Native Texture Indirections 128 OpenGL Extensions: Total / Supported Extensions 767 / 115 GL_3DFX_multisample Not Supported GL_3DFX_tbuffer Not Supported GL_3DFX_texture_compression_FXT1 Supported GL_3DL_direct_texture_access2 Not Supported GL_3Dlabs_multisample_transparency_id Not Supported GL_3Dlabs_multisample_transparency_range Not Supported GL_AMD_blend_minmax_factor Not Supported GL_AMD_compressed_3DC_texture Not Supported GL_AMD_compressed_ATC_texture Not Supported GL_AMD_conservative_depth Not Supported GL_AMD_debug_output Not Supported GL_AMD_depth_clamp_separate Not Supported GL_AMD_draw_buffers_blend Not Supported GL_AMD_multi_draw_indirect Not Supported GL_AMD_name_gen_delete Not Supported GL_AMD_performance_monitor Not Supported GL_AMD_pinned_memory Not Supported GL_AMD_program_binary_Z400 Not Supported GL_AMD_query_buffer_object Not Supported GL_AMD_sample_positions Not Supported GL_AMD_seamless_cubemap_per_texture Not Supported GL_AMD_shader_stencil_export Not Supported GL_AMD_shader_stencil_value_export Not Supported GL_AMD_shader_trace Not Supported GL_AMD_sparse_texture Not Supported GL_AMD_stencil_operation_extended Not Supported GL_AMD_texture_compression_dxt6 Not Supported GL_AMD_texture_compression_dxt7 Not Supported GL_AMD_texture_cube_map_array Not Supported GL_AMD_texture_texture4 Not Supported GL_AMD_transform_feedback3_lines_triangles Not Supported GL_AMD_transform_feedback4 Not Supported GL_AMD_vertex_shader_layer Not Supported GL_AMD_vertex_shader_tessellator Not Supported GL_AMD_vertex_shader_viewport_index Not Supported GL_AMDX_debug_output Not Supported GL_AMDX_name_gen_delete Not Supported GL_AMDX_random_access_target Not Supported GL_AMDX_vertex_shader_tessellator Not Supported GL_ANGLE_framebuffer_blit Not Supported GL_ANGLE_framebuffer_multisample Not Supported GL_ANGLE_pack_reverse_row_order Not Supported GL_ANGLE_texture_compression_dxt3 Not Supported GL_ANGLE_texture_compression_dxt5 Not Supported GL_ANGLE_texture_usage Not Supported GL_ANGLE_translated_shader_source Not Supported GL_APPLE_aux_depth_stencil Not Supported GL_APPLE_client_storage Not Supported GL_APPLE_element_array Not Supported GL_APPLE_fence Not Supported GL_APPLE_float_pixels Not Supported GL_APPLE_flush_buffer_range Not Supported GL_APPLE_flush_render Not Supported GL_APPLE_framebuffer_multisample Not Supported GL_APPLE_object_purgeable Not Supported GL_APPLE_packed_pixel Not Supported GL_APPLE_packed_pixels Not Supported GL_APPLE_pixel_buffer Not Supported GL_APPLE_rgb_422 Not Supported GL_APPLE_specular_vector Not Supported GL_APPLE_texture_format_BGRA8888 Not Supported GL_APPLE_texture_max_level Not Supported GL_APPLE_texture_range Not Supported GL_APPLE_transform_hint Not Supported GL_APPLE_vertex_array_object Not Supported GL_APPLE_vertex_array_range Not Supported GL_APPLE_vertex_program_evaluators Not Supported GL_APPLE_ycbcr_422 Not Supported GL_ARB_arrays_of_arrays Not Supported GL_ARB_base_instance Not Supported GL_ARB_blend_func_extended Not Supported GL_ARB_clear_buffer_object Not Supported GL_ARB_color_buffer_float Supported GL_ARB_compatibility Supported GL_ARB_compressed_texture_pixel_storage Not Supported GL_ARB_compute_shader Not Supported GL_ARB_conservative_depth Not Supported GL_ARB_copy_buffer Supported GL_ARB_copy_image Not Supported GL_ARB_debug_group Not Supported GL_ARB_debug_label Not Supported GL_ARB_debug_output Not Supported GL_ARB_debug_output2 Not Supported GL_ARB_depth_buffer_float Supported GL_ARB_depth_clamp Supported GL_ARB_depth_texture Supported GL_ARB_draw_buffers Supported GL_ARB_draw_buffers_blend Not Supported GL_ARB_draw_elements_base_vertex Supported GL_ARB_draw_indirect Not Supported GL_ARB_draw_instanced Supported GL_ARB_ES2_compatibility Not Supported GL_ARB_ES3_compatibility Not Supported GL_ARB_explicit_attrib_location Not Supported GL_ARB_explicit_uniform_location Not Supported GL_ARB_fragment_coord_conventions Supported GL_ARB_fragment_layer_viewport Not Supported GL_ARB_fragment_program Supported GL_ARB_fragment_program_shadow Not Supported GL_ARB_fragment_shader Supported GL_ARB_framebuffer_no_attachments Not Supported GL_ARB_framebuffer_object Supported GL_ARB_framebuffer_sRGB Supported GL_ARB_geometry_shader4 Not Supported GL_ARB_get_program_binary Not Supported GL_ARB_gpu_shader_fp64 Not Supported GL_ARB_gpu_shader5 Not Supported GL_ARB_half_float_pixel Supported GL_ARB_half_float_vertex Supported GL_ARB_imaging Not Supported GL_ARB_instanced_arrays Not Supported GL_ARB_internalformat_query Not Supported GL_ARB_internalformat_query2 Not Supported GL_ARB_invalidate_subdata Not Supported GL_ARB_make_current_read Not Supported GL_ARB_map_buffer_alignment Not Supported GL_ARB_map_buffer_range Supported GL_ARB_matrix_palette Not Supported GL_ARB_multi_draw_indirect Not Supported GL_ARB_multisample Supported GL_ARB_multitexture Supported GL_ARB_occlusion_query Supported GL_ARB_occlusion_query2 Not Supported GL_ARB_pixel_buffer_object Supported GL_ARB_point_parameters Supported GL_ARB_point_sprite Supported GL_ARB_program_interface_query Not Supported GL_ARB_provoking_vertex Not Supported GL_ARB_robust_buffer_access_behavior Not Supported GL_ARB_robustness Not Supported GL_ARB_robustness_isolation Not Supported GL_ARB_sample_shading Not Supported GL_ARB_sampler_objects Supported GL_ARB_seamless_cube_map Supported GL_ARB_separate_shader_objects Not Supported GL_ARB_shader_atomic_counters Not Supported GL_ARB_shader_bit_encoding Not Supported GL_ARB_shader_image_load_store Not Supported GL_ARB_shader_image_size Not Supported GL_ARB_shader_objects Supported GL_ARB_shader_precision Not Supported GL_ARB_shader_stencil_export Not Supported GL_ARB_shader_storage_buffer_object Not Supported GL_ARB_shader_subroutine Not Supported GL_ARB_shader_texture_lod Not Supported GL_ARB_shading_language_100 Supported GL_ARB_shading_language_120 Not Supported GL_ARB_shading_language_420pack Not Supported GL_ARB_shading_language_include Not Supported GL_ARB_shading_language_packing Not Supported GL_ARB_shadow Supported GL_ARB_shadow_ambient Not Supported GL_ARB_stencil_texturing Not Supported GL_ARB_swap_buffers Not Supported GL_ARB_sync Supported GL_ARB_tessellation_shader Not Supported GL_ARB_texture_border_clamp Supported GL_ARB_texture_buffer_object Not Supported GL_ARB_texture_buffer_object_rgb32 Not Supported GL_ARB_texture_buffer_range Not Supported GL_ARB_texture_compression Supported GL_ARB_texture_compression_bptc Not Supported GL_ARB_texture_compression_rgtc Supported GL_ARB_texture_compression_rtgc Not Supported GL_ARB_texture_cube_map Supported GL_ARB_texture_cube_map_array Not Supported GL_ARB_texture_env_add Supported GL_ARB_texture_env_combine Supported GL_ARB_texture_env_crossbar Supported GL_ARB_texture_env_dot3 Supported GL_ARB_texture_float Supported GL_ARB_texture_gather Not Supported GL_ARB_texture_mirrored_repeat Not Supported GL_ARB_texture_multisample Not Supported GL_ARB_texture_non_power_of_two Supported GL_ARB_texture_query_levels Not Supported GL_ARB_texture_query_lod Not Supported GL_ARB_texture_rectangle Supported GL_ARB_texture_rg Supported GL_ARB_texture_rgb10_a2ui Not Supported GL_ARB_texture_snorm Not Supported GL_ARB_texture_storage Not Supported GL_ARB_texture_storage_multisample Not Supported GL_ARB_texture_swizzle Not Supported GL_ARB_texture_view Not Supported GL_ARB_timer_query Not Supported GL_ARB_transform_feedback_instanced Not Supported GL_ARB_transform_feedback2 Not Supported GL_ARB_transform_feedback3 Not Supported GL_ARB_transpose_matrix Supported GL_ARB_uber_buffers Not Supported GL_ARB_uber_mem_image Not Supported GL_ARB_uber_vertex_array Not Supported GL_ARB_uniform_buffer_object Supported GL_ARB_vertex_array_bgra Supported GL_ARB_vertex_array_object Supported GL_ARB_vertex_attrib_64bit Not Supported GL_ARB_vertex_attrib_binding Not Supported GL_ARB_vertex_blend Not Supported GL_ARB_vertex_buffer_object Supported GL_ARB_vertex_program Supported GL_ARB_vertex_shader Supported GL_ARB_vertex_type_2_10_10_10_rev Not Supported GL_ARB_viewport_array Not Supported GL_ARB_window_pos Supported GL_ARM_mali_shader_binary Not Supported GL_ARM_rgba8 Not Supported GL_ATI_array_rev_comps_in_4_bytes Not Supported GL_ATI_blend_equation_separate Not Supported GL_ATI_blend_weighted_minmax Not Supported GL_ATI_draw_buffers Not Supported GL_ATI_element_array Not Supported GL_ATI_envmap_bumpmap Not Supported GL_ATI_fragment_shader Not Supported GL_ATI_lock_texture Not Supported GL_ATI_map_object_buffer Not Supported GL_ATI_meminfo Not Supported GL_ATI_pixel_format_float Not Supported GL_ATI_pn_triangles Not Supported GL_ATI_point_cull_mode Not Supported GL_ATI_separate_stencil Supported GL_ATI_shader_texture_lod Not Supported GL_ATI_text_fragment_shader Not Supported GL_ATI_texture_compression_3dc Not Supported GL_ATI_texture_env_combine3 Not Supported GL_ATI_texture_float Not Supported GL_ATI_texture_mirror_once Not Supported GL_ATI_vertex_array_object Not Supported GL_ATI_vertex_attrib_array_object Not Supported GL_ATI_vertex_blend Not Supported GL_ATI_vertex_shader Not Supported GL_ATI_vertex_streams Not Supported GL_ATIX_pn_triangles Not Supported GL_ATIX_texture_env_combine3 Not Supported GL_ATIX_texture_env_route Not Supported GL_ATIX_vertex_shader_output_point_size Not Supported GL_Autodesk_facet_normal Not Supported GL_Autodesk_valid_back_buffer_hint Not Supported GL_DIMD_YUV Not Supported GL_EXT_422_pixels Not Supported GL_EXT_abgr Supported GL_EXT_bgra Supported GL_EXT_bindable_uniform Not Supported GL_EXT_blend_color Supported GL_EXT_blend_equation_separate Supported GL_EXT_blend_func_separate Supported GL_EXT_blend_logic_op Not Supported GL_EXT_blend_minmax Supported GL_EXT_blend_subtract Supported GL_EXT_Cg_shader Not Supported GL_EXT_clip_volume_hint Supported GL_EXT_cmyka Not Supported GL_EXT_color_matrix Not Supported GL_EXT_color_subtable Not Supported GL_EXT_color_table Not Supported GL_EXT_compiled_vertex_array Supported GL_EXT_convolution Not Supported GL_EXT_convolution_border_modes Not Supported GL_EXT_coordinate_frame Not Supported GL_EXT_copy_buffer Not Supported GL_EXT_copy_texture Not Supported GL_EXT_cull_vertex Not Supported GL_EXT_depth_bounds_test Not Supported GL_EXT_depth_buffer_float Not Supported GL_EXT_direct_state_access Not Supported GL_EXT_discard_framebuffer Not Supported GL_EXT_draw_buffers2 Supported GL_EXT_draw_indirect Not Supported GL_EXT_draw_instanced Not Supported GL_EXT_draw_range_elements Supported GL_EXT_fog_coord Supported GL_EXT_fog_function Not Supported GL_EXT_fog_offset Not Supported GL_EXT_fragment_lighting Not Supported GL_EXT_framebuffer_blit Supported GL_EXT_framebuffer_multisample Supported GL_EXT_framebuffer_object Supported GL_EXT_framebuffer_sRGB Not Supported GL_EXT_generate_mipmap Not Supported GL_EXT_geometry_shader4 Not Supported GL_EXT_gpu_program_parameters Supported GL_EXT_gpu_shader_fp64 Not Supported GL_EXT_gpu_shader4 Not Supported GL_EXT_gpu_shader5 Not Supported GL_EXT_histogram Not Supported GL_EXT_import_sync_object Not Supported GL_EXT_index_array_formats Not Supported GL_EXT_index_func Not Supported GL_EXT_index_material Not Supported GL_EXT_index_texture Not Supported GL_EXT_interlace Not Supported GL_EXT_light_texture Not Supported GL_EXT_misc_attribute Not Supported GL_EXT_multi_draw_arrays Supported GL_EXT_multisample Not Supported GL_EXT_occlusion_query_boolean Not Supported GL_EXT_packed_depth_stencil Supported GL_EXT_packed_float Supported GL_EXT_packed_pixels Supported GL_EXT_packed_pixels_12 Not Supported GL_EXT_paletted_texture Not Supported GL_EXT_pixel_buffer_object Not Supported GL_EXT_pixel_format Not Supported GL_EXT_pixel_texture Not Supported GL_EXT_pixel_transform Not Supported GL_EXT_pixel_transform_color_table Not Supported GL_EXT_point_parameters Not Supported GL_EXT_polygon_offset Not Supported GL_EXT_provoking_vertex Not Supported GL_EXT_read_format_bgra Not Supported GL_EXT_rescale_normal Supported GL_EXT_robustness Not Supported GL_EXT_scene_marker Not Supported GL_EXT_secondary_color Supported GL_EXT_separate_shader_objects Not Supported GL_EXT_separate_specular_color Supported GL_EXT_shader_atomic_counters Not Supported GL_EXT_shader_image_load_store Not Supported GL_EXT_shader_subroutine Not Supported GL_EXT_shader_texture_lod Not Supported GL_EXT_shadow_funcs Supported GL_EXT_shared_texture_palette Not Supported GL_EXT_static_vertex_array Not Supported GL_EXT_stencil_clear_tag Not Supported GL_EXT_stencil_two_side Supported GL_EXT_stencil_wrap Supported GL_EXT_subtexture Not Supported GL_EXT_swap_control Not Supported GL_EXT_tessellation_shader Not Supported GL_EXT_texgen_reflection Not Supported GL_EXT_texture Not Supported GL_EXT_texture_array Supported GL_EXT_texture_border_clamp Not Supported GL_EXT_texture_buffer_object Not Supported GL_EXT_texture_buffer_object_rgb32 Not Supported GL_EXT_texture_color_table Not Supported GL_EXT_texture_compression_bptc Not Supported GL_EXT_texture_compression_dxt1 Not Supported GL_EXT_texture_compression_latc Not Supported GL_EXT_texture_compression_rgtc Not Supported GL_EXT_texture_compression_s3tc Supported GL_EXT_texture_cube_map Not Supported GL_EXT_texture_edge_clamp Supported GL_EXT_texture_env Not Supported GL_EXT_texture_env_add Supported GL_EXT_texture_env_combine Supported GL_EXT_texture_env_dot3 Not Supported GL_EXT_texture_filter_anisotropic Supported GL_EXT_texture_format_BGRA8888 Not Supported GL_EXT_texture_integer Supported GL_EXT_texture_lod Not Supported GL_EXT_texture_lod_bias Supported GL_EXT_texture_mirror_clamp Not Supported GL_EXT_texture_object Not Supported GL_EXT_texture_perturb_normal Not Supported GL_EXT_texture_rectangle Supported GL_EXT_texture_shared_exponent Supported GL_EXT_texture_snorm Supported GL_EXT_texture_sRGB Supported GL_EXT_texture_sRGB_decode Not Supported GL_EXT_texture_storage Not Supported GL_EXT_texture_swizzle Supported GL_EXT_texture_type_2_10_10_10_REV Not Supported GL_EXT_texture3D Supported GL_EXT_texture4D Not Supported GL_EXT_timer_query Not Supported GL_EXT_transform_feedback Supported GL_EXT_transform_feedback2 Not Supported GL_EXT_transform_feedback3 Not Supported GL_EXT_vertex_array Not Supported GL_EXT_vertex_array_bgra Not Supported GL_EXT_vertex_array_set Not Supported GL_EXT_vertex_array_setXXX Not Supported GL_EXT_vertex_attrib_64bit Not Supported GL_EXT_vertex_shader Not Supported GL_EXT_vertex_weighting Not Supported GL_EXTX_framebuffer_mixed_formats Not Supported GL_EXTX_packed_depth_stencil Not Supported GL_FGL_lock_texture Not Supported GL_GL2_geometry_shader Not Supported GL_GREMEDY_frame_terminator Not Supported GL_GREMEDY_string_marker Not Supported GL_HP_convolution_border_modes Not Supported GL_HP_image_transform Not Supported GL_HP_occlusion_test Not Supported GL_HP_texture_lighting Not Supported GL_I3D_argb Not Supported GL_I3D_color_clamp Not Supported GL_I3D_interlace_read Not Supported GL_IBM_clip_check Not Supported GL_IBM_cull_vertex Not Supported GL_IBM_load_named_matrix Not Supported GL_IBM_multi_draw_arrays Not Supported GL_IBM_multimode_draw_arrays Not Supported GL_IBM_occlusion_cull Not Supported GL_IBM_pixel_filter_hint Not Supported GL_IBM_rasterpos_clip Not Supported GL_IBM_rescale_normal Not Supported GL_IBM_static_data Not Supported GL_IBM_texture_clamp_nodraw Not Supported GL_IBM_texture_mirrored_repeat Supported GL_IBM_vertex_array_lists Not Supported GL_IBM_YCbCr Not Supported GL_IMG_multisampled_render_to_texture Not Supported GL_IMG_program_binary Not Supported GL_IMG_read_format Not Supported GL_IMG_shader_binary Not Supported GL_IMG_texture_compression_pvrtc Not Supported GL_IMG_texture_env_enhanced_fixed_function Not Supported GL_IMG_texture_format_BGRA8888 Not Supported GL_IMG_user_clip_planes Not Supported GL_IMG_vertex_program Not Supported GL_INGR_blend_func_separate Not Supported GL_INGR_color_clamp Not Supported GL_INGR_interlace_read Not Supported GL_INGR_multiple_palette Not Supported GL_INTEL_parallel_arrays Not Supported GL_INTEL_performance_queries Supported GL_INTEL_texture_scissor Not Supported GL_KHR_debug Not Supported GL_KTX_buffer_region Not Supported GL_MESA_pack_invert Not Supported GL_MESA_program_debug Not Supported GL_MESA_resize_buffers Not Supported GL_MESA_window_pos Not Supported GL_MESA_ycbcr_texture Not Supported GL_MESAX_texture_stack Not Supported GL_MTX_fragment_shader Not Supported GL_MTX_precision_dpi Not Supported GL_NV_alpha_test Not Supported GL_NV_bindless_texture Not Supported GL_NV_blend_minmax Not Supported GL_NV_blend_square Supported GL_NV_centroid_sample Not Supported GL_NV_complex_primitives Not Supported GL_NV_compute_program5 Not Supported GL_NV_conditional_render Supported GL_NV_copy_depth_to_color Not Supported GL_NV_copy_image Not Supported GL_NV_coverage_sample Not Supported GL_NV_depth_buffer_float Not Supported GL_NV_depth_clamp Not Supported GL_NV_depth_nonlinear Not Supported GL_NV_depth_range_unclamped Not Supported GL_NV_ES1_1_compatibility Not Supported GL_NV_evaluators Not Supported GL_NV_explicit_multisample Not Supported GL_NV_fbo_color_attachments Not Supported GL_NV_fence Not Supported GL_NV_float_buffer Not Supported GL_NV_fog_distance Not Supported GL_NV_fragdepth Not Supported GL_NV_fragment_program Not Supported GL_NV_fragment_program_option Not Supported GL_NV_fragment_program2 Not Supported GL_NV_fragment_program4 Not Supported GL_NV_framebuffer_multisample_coverage Not Supported GL_NV_framebuffer_multisample_ex Not Supported GL_NV_geometry_program4 Not Supported GL_NV_geometry_shader4 Not Supported GL_NV_gpu_program_fp64 Not Supported GL_NV_gpu_program4 Not Supported GL_NV_gpu_program4_1 Not Supported GL_NV_gpu_program5 Not Supported GL_NV_gpu_shader5 Not Supported GL_NV_half_float Not Supported GL_NV_light_max_exponent Not Supported GL_NV_multisample_coverage Not Supported GL_NV_multisample_filter_hint Not Supported GL_NV_occlusion_query Not Supported GL_NV_packed_depth_stencil Not Supported GL_NV_parameter_buffer_object Not Supported GL_NV_parameter_buffer_object2 Not Supported GL_NV_path_rendering Not Supported GL_NV_pixel_buffer_object Not Supported GL_NV_pixel_data_range Not Supported GL_NV_point_sprite Not Supported GL_NV_present_video Not Supported GL_NV_primitive_restart Supported GL_NV_register_combiners Not Supported GL_NV_register_combiners2 Not Supported GL_NV_shader_atomic_counters Not Supported GL_NV_shader_atomic_float Not Supported GL_NV_shader_buffer_load Not Supported GL_NV_shader_buffer_store Not Supported GL_NV_shader_storage_buffer_object Not Supported GL_NV_tessellation_program5 Not Supported GL_NV_texgen_emboss Not Supported GL_NV_texgen_reflection Supported GL_NV_texture_barrier Not Supported GL_NV_texture_compression_latc Not Supported GL_NV_texture_compression_vtc Not Supported GL_NV_texture_env_combine4 Not Supported GL_NV_texture_expand_normal Not Supported GL_NV_texture_lod_clamp Not Supported GL_NV_texture_multisample Not Supported GL_NV_texture_rectangle Not Supported GL_NV_texture_shader Not Supported GL_NV_texture_shader2 Not Supported GL_NV_texture_shader3 Not Supported GL_NV_timer_query Not Supported GL_NV_transform_feedback Not Supported GL_NV_transform_feedback2 Not Supported GL_NV_vdpau_interop Not Supported GL_NV_vertex_array_range Not Supported GL_NV_vertex_array_range2 Not Supported GL_NV_vertex_attrib_64bit Not Supported GL_NV_vertex_attrib_integer_64bit Not Supported GL_NV_vertex_buffer_unified_memory Not Supported GL_NV_vertex_program Not Supported GL_NV_vertex_program1_1 Not Supported GL_NV_vertex_program2 Not Supported GL_NV_vertex_program2_option Not Supported GL_NV_vertex_program3 Not Supported GL_NV_vertex_program4 Not Supported GL_NVX_conditional_render Not Supported GL_NVX_flush_hold Not Supported GL_NVX_gpu_memory_info Not Supported GL_NVX_instanced_arrays Not Supported GL_NVX_ycrcb Not Supported GL_OES_blend_subtract Not Supported GL_OES_byte_coordinates Not Supported GL_OES_compressed_EAC_R11_signed_texture Not Supported GL_OES_compressed_EAC_R11_unsigned_texture Not Supported GL_OES_compressed_EAC_RG11_signed_texture Not Supported GL_OES_compressed_EAC_RG11_unsigned_texture Not Supported GL_OES_compressed_ETC1_RGB8_texture Not Supported GL_OES_compressed_ETC2_punchthroughA_RGBA8_textureNot Supported GL_OES_compressed_ETC2_punchthroughA_sRGB8_alpha_textureNot Supported GL_OES_compressed_ETC2_RGB8_texture Not Supported GL_OES_compressed_ETC2_RGBA8_texture Not Supported GL_OES_compressed_ETC2_sRGB8_alpha8_texture Not Supported GL_OES_compressed_ETC2_sRGB8_texture Not Supported GL_OES_compressed_paletted_texture Not Supported GL_OES_conditional_query Not Supported GL_OES_depth_texture Not Supported GL_OES_depth24 Not Supported GL_OES_depth32 Not Supported GL_OES_draw_texture Not Supported GL_OES_EGL_image Not Supported GL_OES_element_index_uint Not Supported GL_OES_fbo_render_mipmap Not Supported GL_OES_fixed_point Not Supported GL_OES_fragment_precision_high Not Supported GL_OES_framebuffer_object Not Supported GL_OES_get_program_binary Not Supported GL_OES_mapbuffer Not Supported GL_OES_matrix_get Not Supported GL_OES_matrix_palette Not Supported GL_OES_packed_depth_stencil Not Supported GL_OES_point_size_array Not Supported GL_OES_point_sprite Not Supported GL_OES_query_matrix Not Supported GL_OES_read_format Not Supported GL_OES_rgb8_rgba8 Not Supported GL_OES_single_precision Not Supported GL_OES_standard_derivatives Not Supported GL_OES_stencil1 Not Supported GL_OES_stencil4 Not Supported GL_OES_texture_3D Not Supported GL_OES_texture_float Not Supported GL_OES_texture_float_linear Not Supported GL_OES_texture_half_float Not Supported GL_OES_texture_half_float_linear Not Supported GL_OES_texture_mirrored_repeat Not Supported GL_OES_texture_npot Not Supported GL_OES_vertex_array_object Not Supported GL_OES_vertex_half_float Not Supported GL_OES_vertex_type_10_10_10_2 Not Supported GL_OML_interlace Not Supported GL_OML_resample Not Supported GL_OML_subsample Not Supported GL_PGI_misc_hints Not Supported GL_PGI_vertex_hints Not Supported GL_QCOM_driver_control Not Supported GL_QCOM_extended_get2 Not Supported GL_QCOM_perfmon_global_mode Not Supported GL_QCOM_tiled_rendering Not Supported GL_QCOM_writeonly_rendering Not Supported GL_REND_screen_coordinates Not Supported GL_S3_performance_analyzer Not Supported GL_S3_s3tc Not Supported GL_SGI_color_matrix Not Supported GL_SGI_color_table Not Supported GL_SGI_compiled_vertex_array Not Supported GL_SGI_cull_vertex Not Supported GL_SGI_index_array_formats Not Supported GL_SGI_index_func Not Supported GL_SGI_index_material Not Supported GL_SGI_index_texture Not Supported GL_SGI_make_current_read Not Supported GL_SGI_texture_add_env Not Supported GL_SGI_texture_color_table Not Supported GL_SGI_texture_edge_clamp Not Supported GL_SGI_texture_lod Not Supported GL_SGIS_color_range Not Supported GL_SGIS_detail_texture Not Supported GL_SGIS_fog_function Not Supported GL_SGIS_generate_mipmap Supported GL_SGIS_multisample Not Supported GL_SGIS_multitexture Not Supported GL_SGIS_pixel_texture Not Supported GL_SGIS_point_line_texgen Not Supported GL_SGIS_sharpen_texture Not Supported GL_SGIS_texture_border_clamp Not Supported GL_SGIS_texture_color_mask Not Supported GL_SGIS_texture_edge_clamp Supported GL_SGIS_texture_filter4 Not Supported GL_SGIS_texture_lod Supported GL_SGIS_texture_select Not Supported GL_SGIS_texture4D Not Supported GL_SGIX_async Not Supported GL_SGIX_async_histogram Not Supported GL_SGIX_async_pixel Not Supported GL_SGIX_blend_alpha_minmax Not Supported GL_SGIX_clipmap Not Supported GL_SGIX_convolution_accuracy Not Supported GL_SGIX_depth_pass_instrument Not Supported GL_SGIX_depth_texture Not Supported GL_SGIX_flush_raster Not Supported GL_SGIX_fog_offset Not Supported GL_SGIX_fog_texture Not Supported GL_SGIX_fragment_specular_lighting Not Supported GL_SGIX_framezoom Not Supported GL_SGIX_instruments Not Supported GL_SGIX_interlace Not Supported GL_SGIX_ir_instrument1 Not Supported GL_SGIX_list_priority Not Supported GL_SGIX_pbuffer Not Supported GL_SGIX_pixel_texture Not Supported GL_SGIX_pixel_texture_bits Not Supported GL_SGIX_reference_plane Not Supported GL_SGIX_resample Not Supported GL_SGIX_shadow Not Supported GL_SGIX_shadow_ambient Not Supported GL_SGIX_sprite Not Supported GL_SGIX_subsample Not Supported GL_SGIX_tag_sample_buffer Not Supported GL_SGIX_texture_add_env Not Supported GL_SGIX_texture_coordinate_clamp Not Supported GL_SGIX_texture_lod_bias Not Supported GL_SGIX_texture_multi_buffer Not Supported GL_SGIX_texture_range Not Supported GL_SGIX_texture_scale_bias Not Supported GL_SGIX_vertex_preclip Not Supported GL_SGIX_vertex_preclip_hint Not Supported GL_SGIX_ycrcb Not Supported GL_SGIX_ycrcb_subsample Not Supported GL_SUN_convolution_border_modes Not Supported GL_SUN_global_alpha Not Supported GL_SUN_mesh_array Not Supported GL_SUN_multi_draw_arrays Not Supported GL_SUN_read_video_pixels Not Supported GL_SUN_slice_accum Not Supported GL_SUN_triangle_list Not Supported GL_SUN_vertex Not Supported GL_SUNX_constant_data Not Supported GL_WGL_ARB_extensions_string Not Supported GL_WGL_EXT_extensions_string Not Supported GL_WGL_EXT_swap_control Not Supported GL_WIN_phong_shading Not Supported GL_WIN_specular_fog Not Supported GL_WIN_swap_hint Supported GLU_EXT_nurbs_tessellator Not Supported GLU_EXT_object_space_tess Not Supported GLU_SGI_filter4_parameters Not Supported GLX_ARB_create_context Not Supported GLX_ARB_fbconfig_float Not Supported GLX_ARB_framebuffer_sRGB Not Supported GLX_ARB_get_proc_address Not Supported GLX_ARB_multisample Not Supported GLX_EXT_fbconfig_packed_float Not Supported GLX_EXT_framebuffer_sRGB Not Supported GLX_EXT_import_context Not Supported GLX_EXT_scene_marker Not Supported GLX_EXT_texture_from_pixmap Not Supported GLX_EXT_visual_info Not Supported GLX_EXT_visual_rating Not Supported GLX_MESA_agp_offset Not Supported GLX_MESA_copy_sub_buffer Not Supported GLX_MESA_pixmap_colormap Not Supported GLX_MESA_release_buffers Not Supported GLX_MESA_set_3dfx_mode Not Supported GLX_NV_present_video Not Supported GLX_NV_swap_group Not Supported GLX_NV_video_output Not Supported GLX_OML_interlace Not Supported GLX_OML_swap_method Not Supported GLX_OML_sync_control Not Supported GLX_SGI_cushion Not Supported GLX_SGI_make_current_read Not Supported GLX_SGI_swap_control Not Supported GLX_SGI_video_sync Not Supported GLX_SGIS_blended_overlay Not Supported GLX_SGIS_color_range Not Supported GLX_SGIS_multisample Not Supported GLX_SGIX_dm_buffer Not Supported GLX_SGIX_fbconfig Not Supported GLX_SGIX_hyperpipe Not Supported GLX_SGIX_pbuffer Not Supported GLX_SGIX_swap_barrier Not Supported GLX_SGIX_swap_group Not Supported GLX_SGIX_video_resize Not Supported GLX_SGIX_video_source Not Supported GLX_SGIX_visual_select_group Not Supported GLX_SUN_get_transparent_index Not Supported GLX_SUN_video_resize Not Supported WGL_3DFX_gamma_control Not Supported WGL_3DFX_multisample Not Supported WGL_3DL_stereo_control Not Supported WGL_AMD_gpu_association Not Supported WGL_AMDX_gpu_association Not Supported WGL_ARB_buffer_region Supported WGL_ARB_create_context Supported WGL_ARB_create_context_profile Not Supported WGL_ARB_create_context_robustness Not Supported WGL_ARB_extensions_string Supported WGL_ARB_framebuffer_sRGB Supported WGL_ARB_make_current_read Supported WGL_ARB_multisample Supported WGL_ARB_pbuffer Supported WGL_ARB_pixel_format Supported WGL_ARB_pixel_format_float Supported WGL_ARB_render_texture Not Supported WGL_ATI_pbuffer_memory_hint Not Supported WGL_ATI_pixel_format_float Not Supported WGL_ATI_render_texture_rectangle Not Supported WGL_EXT_buffer_region Not Supported WGL_EXT_create_context_es_profile Not Supported WGL_EXT_create_context_es2_profile Not Supported WGL_EXT_depth_float Supported WGL_EXT_display_color_table Not Supported WGL_EXT_extensions_string Supported WGL_EXT_framebuffer_sRGB Not Supported WGL_EXT_framebuffer_sRGBWGL_ARB_create_context Not Supported WGL_EXT_gamma_control Not Supported WGL_EXT_make_current_read Not Supported WGL_EXT_multisample Not Supported WGL_EXT_pbuffer Not Supported WGL_EXT_pixel_format Not Supported WGL_EXT_pixel_format_packed_float Supported WGL_EXT_render_texture Not Supported WGL_EXT_swap_control Supported WGL_EXT_swap_control_tear Not Supported WGL_EXT_swap_interval Not Supported WGL_I3D_digital_video_control Not Supported WGL_I3D_gamma Not Supported WGL_I3D_genlock Not Supported WGL_I3D_image_buffer Not Supported WGL_I3D_swap_frame_lock Not Supported WGL_I3D_swap_frame_usage Not Supported WGL_MTX_video_preview Not Supported WGL_NV_copy_image Not Supported WGL_NV_DX_interop Not Supported WGL_NV_DX_interop2 Not Supported WGL_NV_float_buffer Not Supported WGL_NV_gpu_affinity Not Supported WGL_NV_multisample_coverage Not Supported WGL_NV_present_video Not Supported WGL_NV_render_depth_texture Not Supported WGL_NV_render_texture_rectangle Not Supported WGL_NV_swap_group Not Supported WGL_NV_vertex_array_range Not Supported WGL_NV_video_output Not Supported WGL_NVX_DX_interop Not Supported WGL_OML_sync_control Not Supported WGL_S3_cl_sharingWGL_ARB_create_context_profile Not Supported Supported Compressed Texture Formats: RGB DXT1 Supported RGBA DXT1 Supported RGBA DXT3 Supported RGBA DXT5 Supported RGB FXT1 Supported RGBA FXT1 Supported 3Dc Not Supported Video Adapter Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/graphics Driver Update http://www.aida64.com/driver-updates --------[ GPGPU ]------------------------------------------------------------------------------------------------------- [ CUDA: GeForce 610M ] Device Properties: Device Name GeForce 610M Clock Rate 1344 MHz Asynchronous Engines 1 Multiprocessors / Cores 1 / 48 L2 Cache 128 KB Max Threads Per Multiprocessor 1536 Max Threads Per Block 1024 Max Registers Per Block 32768 Warp Size 32 threads Max Block Size 1024 x 1024 x 64 Max Grid Size 65535 x 65535 x 65535 Max 1D Texture Width 65536 Max 2D Texture Size 65536 x 65535 Max 3D Texture Size 2048 x 2048 x 2048 Max Texture Array Size 16384 x 16384 Max Texture Array Slices 2048 Compute Mode Default: Multiple contexts allowed per device Compute Capability 2.1 CUDA DLL nvcuda.dll (8.17.12.8590 - nVIDIA ForceWare 285.90) Memory Properties: Memory Clock 800 MHz Global Memory Bus Width 64-bit Total Memory 1024 MB Total Constant Memory 64 KB Max Shared Memory Per Block 48 KB Max Memory Pitch 2147483647 bytes Texture Alignment 512 bytes Surface Alignment 512 bytes Device Features: 32-bit Floating-Point Atomic Addition Supported 32-bit Integer Atomic Operations Supported 64-bit Integer Atomic Operations Supported Concurrent Kernel Execution Supported Concurrent Memory Copy & Execute Supported Double-Precision Floating-Point Supported ECC Disabled Host Memory Mapping Supported Integrated Device No Surface Functions Supported TCC Driver No Unified Addressing No Warp Vote Functions Supported __ballot() Supported __syncthreads_and() Supported __syncthreads_count() Supported __syncthreads_or() Supported __threadfence_system() Supported Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/products.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ Direct3D: Intel(R) HD Graphics Family ] Device Properties: Device Name Intel(R) HD Graphics Family Driver Name igdumdx32.dll Driver Version 8.15.10.2345 Shader Model SM 4.1 Max Threads 768 Multiple UAV Access Not Supported Thread Dispatch 2D Thread Local Storage 16 KB Device Features: Append/Consume Buffers Not Supported Atomic Operations Not Supported Double-Precision Floating-Point Not Supported Gather4 Supported Indirect Compute Dispatch Not Supported Device Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/graphics Driver Update http://www.aida64.com/driver-updates [ OpenCL: GeForce 610M ] OpenCL Properties: Platform Name NVIDIA CUDA Platform Vendor NVIDIA Corporation Platform Version OpenCL 1.1 CUDA 4.1.1 Platform Profile Full Device Properties: Device Name GeForce 610M Device Type GPU Device Vendor NVIDIA Corporation Device Version OpenCL 1.1 CUDA Device Profile Full OpenCL C Version OpenCL C 1.1 Clock Rate 1344 MHz Multiprocessors 1 Max 2D Image Size 32768 x 32768 Max 3D Image Size 2048 x 2048 x 2048 Max Samplers 16 Max Work-Item Size 1024 x 1024 x 64 Max Work-Group Size 1024 Max Argument Size 4352 bytes Max Constant Buffer Size 64 KB Max Constant Arguments 9 Profiling Timer Resolution 1000 ns OpenCL DLL opencl.dll (1.0.0) Memory Properties: Global Memory 1024 MB Global Memory Cache 16 KB (Read/Write, 128-byte line) Local Memory 48 KB Memory Base Address Alignment 4096-bit Min Data Type Alignment 128 bytes Device Features: Command-Queue Out Of Order Execution Enabled Command-Queue Profiling Enabled Compiler Available Yes Error Correction Not Supported Images Supported Kernel Execution Supported Linker Available No Native Kernel Execution Not Supported Unified Memory No Double-Precision Floating-Point Features: Correctly Rounded Divide and Sqrt Not Supported Denorms Supported IEEE754-2008 FMA Supported INF and NaNs Supported Rounding to Infinity Supported Rounding to Nearest Even Supported Rounding to Zero Supported Software Basic Floating-Point Operations No Device Extensions: Total / Supported Extensions 43 / 15 cl_amd_d3d10_interop Not Supported cl_amd_d3d9_interop Not Supported cl_amd_device_attribute_query Not Supported cl_amd_device_memory_flags Not Supported cl_amd_fp64 Not Supported cl_amd_media_ops Not Supported cl_amd_offline_devices Not Supported cl_amd_popcnt Not Supported cl_amd_printf Not Supported cl_amd_vec3 Not Supported cl_apple_contextloggingfunctions Not Supported cl_apple_gl_sharing Not Supported cl_apple_setmemobjectdestructor Not Supported cl_ext_atomic_counters_32 Not Supported cl_ext_atomic_counters_64 Not Supported cl_ext_device_fission Not Supported cl_ext_migrate_memobject Not Supported cl_intel_dx9_media_sharing Not Supported cl_intel_exec_by_local_thread Not Supported cl_intel_printf Not Supported cl_khr_3d_image_writes Not Supported cl_khr_byte_addressable_store Supported cl_khr_d3d10_sharing Supported cl_khr_d3d11_sharing Not Supported cl_khr_dx9_media_sharing Not Supported cl_khr_fp16 Not Supported cl_khr_fp64 Supported cl_khr_gl_event Not Supported cl_khr_gl_sharing Supported cl_khr_global_int32_base_atomics Supported cl_khr_global_int32_extended_atomics Supported cl_khr_icd Supported cl_khr_int64_base_atomics Not Supported cl_khr_int64_extended_atomics Not Supported cl_khr_local_int32_base_atomics Supported cl_khr_local_int32_extended_atomics Supported cl_khr_select_fprounding_mode Not Supported cl_nv_compiler_options Supported cl_nv_d3d10_sharing Supported cl_nv_d3d11_sharing Supported cl_nv_d3d9_sharing Supported cl_nv_device_attribute_query Supported cl_nv_pragma_unroll Supported Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/products.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates --------[ Fonts ]------------------------------------------------------------------------------------------------------- @Arial Unicode MS Swiss Regular Arabic 14 x 43 40 % @Arial Unicode MS Swiss Regular Baltic 14 x 43 40 % @Arial Unicode MS Swiss Regular Central European 14 x 43 40 % @Arial Unicode MS Swiss Regular CHINESE_BIG5 14 x 43 40 % @Arial Unicode MS Swiss Regular CHINESE_GB2312 14 x 43 40 % @Arial Unicode MS Swiss Regular Cyrillic 14 x 43 40 % @Arial Unicode MS Swiss Regular Greek 14 x 43 40 % @Arial Unicode MS Swiss Regular Hangul(Johab) 14 x 43 40 % @Arial Unicode MS Swiss Regular Hangul 14 x 43 40 % @Arial Unicode MS Swiss Regular Hebrew 14 x 43 40 % @Arial Unicode MS Swiss Regular Japanese 14 x 43 40 % @Arial Unicode MS Swiss Regular Thai 14 x 43 40 % @Arial Unicode MS Swiss Regular Turkish 14 x 43 40 % @Arial Unicode MS Swiss Regular Vietnamese 14 x 43 40 % @Arial Unicode MS Swiss Regular Western 14 x 43 40 % @Batang Roman Regular Baltic 16 x 32 40 % @Batang Roman Regular Central European 16 x 32 40 % @Batang Roman Regular Cyrillic 16 x 32 40 % @Batang Roman Regular Greek 16 x 32 40 % @Batang Roman Regular Hangul 16 x 32 40 % @Batang Roman Regular Turkish 16 x 32 40 % @Batang Roman Regular Western 16 x 32 40 % @BatangChe Modern Regular Baltic 16 x 32 40 % @BatangChe Modern Regular Central European 16 x 32 40 % @BatangChe Modern Regular Cyrillic 16 x 32 40 % @BatangChe Modern Regular Greek 16 x 32 40 % @BatangChe Modern Regular Hangul 16 x 32 40 % @BatangChe Modern Regular Turkish 16 x 32 40 % @BatangChe Modern Regular Western 16 x 32 40 % @chs_boot Swiss Regular CHINESE_BIG5 26 x 32 40 % @chs_boot Swiss Regular CHINESE_GB2312 26 x 32 40 % @chs_boot Swiss Regular Western 26 x 32 40 % @cht_boot Swiss Regular CHINESE_BIG5 26 x 32 40 % @cht_boot Swiss Regular Western 26 x 32 40 % @DFKai-SB Script Regular CHINESE_BIG5 16 x 32 40 % @DFKai-SB Script Regular Western 16 x 32 40 % @Dotum Swiss Regular Baltic 16 x 32 40 % @Dotum Swiss Regular Central European 16 x 32 40 % @Dotum Swiss Regular Cyrillic 16 x 32 40 % @Dotum Swiss Regular Greek 16 x 32 40 % @Dotum Swiss Regular Hangul 16 x 32 40 % @Dotum Swiss Regular Turkish 16 x 32 40 % @Dotum Swiss Regular Western 16 x 32 40 % @DotumChe Modern Regular Baltic 16 x 32 40 % @DotumChe Modern Regular Central European 16 x 32 40 % @DotumChe Modern Regular Cyrillic 16 x 32 40 % @DotumChe Modern Regular Greek 16 x 32 40 % @DotumChe Modern Regular Hangul 16 x 32 40 % @DotumChe Modern Regular Turkish 16 x 32 40 % @DotumChe Modern Regular Western 16 x 32 40 % @FangSong Modern Regular CHINESE_GB2312 16 x 32 40 % @FangSong Modern Regular Western 16 x 32 40 % @Gulim Swiss Regular Baltic 16 x 32 40 % @Gulim Swiss Regular Central European 16 x 32 40 % @Gulim Swiss Regular Cyrillic 16 x 32 40 % @Gulim Swiss Regular Greek 16 x 32 40 % @Gulim Swiss Regular Hangul 16 x 32 40 % @Gulim Swiss Regular Turkish 16 x 32 40 % @Gulim Swiss Regular Western 16 x 32 40 % @GulimChe Modern Regular Baltic 16 x 32 40 % @GulimChe Modern Regular Central European 16 x 32 40 % @GulimChe Modern Regular Cyrillic 16 x 32 40 % @GulimChe Modern Regular Greek 16 x 32 40 % @GulimChe Modern Regular Hangul 16 x 32 40 % @GulimChe Modern Regular Turkish 16 x 32 40 % @GulimChe Modern Regular Western 16 x 32 40 % @Gungsuh Roman Regular Baltic 16 x 32 40 % @Gungsuh Roman Regular Central European 16 x 32 40 % @Gungsuh Roman Regular Cyrillic 16 x 32 40 % @Gungsuh Roman Regular Greek 16 x 32 40 % @Gungsuh Roman Regular Hangul 16 x 32 40 % @Gungsuh Roman Regular Turkish 16 x 32 40 % @Gungsuh Roman Regular Western 16 x 32 40 % @GungsuhChe Modern Regular Baltic 16 x 32 40 % @GungsuhChe Modern Regular Central European 16 x 32 40 % @GungsuhChe Modern Regular Cyrillic 16 x 32 40 % @GungsuhChe Modern Regular Greek 16 x 32 40 % @GungsuhChe Modern Regular Hangul 16 x 32 40 % @GungsuhChe Modern Regular Turkish 16 x 32 40 % @GungsuhChe Modern Regular Western 16 x 32 40 % @jpn_boot Swiss Regular Baltic 26 x 32 40 % @jpn_boot Swiss Regular Central European 26 x 32 40 % @jpn_boot Swiss Regular Cyrillic 26 x 32 40 % @jpn_boot Swiss Regular Greek 26 x 32 40 % @jpn_boot Swiss Regular Japanese 26 x 32 40 % @jpn_boot Swiss Regular Turkish 26 x 32 40 % @jpn_boot Swiss Regular Western 26 x 32 40 % @KaiTi Modern Regular CHINESE_GB2312 16 x 32 40 % @KaiTi Modern Regular Western 16 x 32 40 % @kor_boot Swiss Regular Baltic 26 x 32 40 % @kor_boot Swiss Regular Central European 26 x 32 40 % @kor_boot Swiss Regular Cyrillic 26 x 32 40 % @kor_boot Swiss Regular Greek 26 x 32 40 % @kor_boot Swiss Regular Hangul 26 x 32 40 % @kor_boot Swiss Regular Turkish 26 x 32 40 % @kor_boot Swiss Regular Western 26 x 32 40 % @Malgun Gothic Swiss Regular Hangul 15 x 43 40 % @Malgun Gothic Swiss Regular Western 15 x 43 40 % @Meiryo UI Swiss Regular Baltic 17 x 41 40 % @Meiryo UI Swiss Regular Central European 17 x 41 40 % @Meiryo UI Swiss Regular Cyrillic 17 x 41 40 % @Meiryo UI Swiss Regular Greek 17 x 41 40 % @Meiryo UI Swiss Regular Japanese 17 x 41 40 % @Meiryo UI Swiss Regular Turkish 17 x 41 40 % @Meiryo UI Swiss Regular Western 17 x 41 40 % @Meiryo Swiss Regular Baltic 31 x 48 40 % @Meiryo Swiss Regular Central European 31 x 48 40 % @Meiryo Swiss Regular Cyrillic 31 x 48 40 % @Meiryo Swiss Regular Greek 31 x 48 40 % @Meiryo Swiss Regular Japanese 31 x 48 40 % @Meiryo Swiss Regular Turkish 31 x 48 40 % @Meiryo Swiss Regular Western 31 x 48 40 % @Microsoft JhengHei Swiss Regular CHINESE_BIG5 15 x 43 40 % @Microsoft JhengHei Swiss Regular Greek 15 x 43 40 % @Microsoft JhengHei Swiss Regular Western 15 x 43 40 % @Microsoft YaHei Swiss Regular Central European 15 x 42 40 % @Microsoft YaHei Swiss Regular CHINESE_GB2312 15 x 42 40 % @Microsoft YaHei Swiss Regular Cyrillic 15 x 42 40 % @Microsoft YaHei Swiss Regular Greek 15 x 42 40 % @Microsoft YaHei Swiss Regular Turkish 15 x 42 40 % @Microsoft YaHei Swiss Regular Western 15 x 42 40 % @MingLiU_HKSCS Roman Regular CHINESE_BIG5 16 x 32 40 % @MingLiU_HKSCS Roman Regular Western 16 x 32 40 % @MingLiU_HKSCS-ExtB Roman Regular CHINESE_BIG5 16 x 32 40 % @MingLiU_HKSCS-ExtB Roman Regular Western 16 x 32 40 % @MingLiU Modern Regular CHINESE_BIG5 16 x 32 40 % @MingLiU Modern Regular Western 16 x 32 40 % @MingLiU-ExtB Roman Regular CHINESE_BIG5 16 x 32 40 % @MingLiU-ExtB Roman Regular Western 16 x 32 40 % @MS Gothic Modern Regular Baltic 16 x 32 40 % @MS Gothic Modern Regular Central European 16 x 32 40 % @MS Gothic Modern Regular Cyrillic 16 x 32 40 % @MS Gothic Modern Regular Greek 16 x 32 40 % @MS Gothic Modern Regular Japanese 16 x 32 40 % @MS Gothic Modern Regular Turkish 16 x 32 40 % @MS Gothic Modern Regular Western 16 x 32 40 % @MS Mincho Modern Regular Baltic 16 x 32 40 % @MS Mincho Modern Regular Central European 16 x 32 40 % @MS Mincho Modern Regular Cyrillic 16 x 32 40 % @MS Mincho Modern Regular Greek 16 x 32 40 % @MS Mincho Modern Regular Japanese 16 x 32 40 % @MS Mincho Modern Regular Turkish 16 x 32 40 % @MS Mincho Modern Regular Western 16 x 32 40 % @MS PGothic Swiss Regular Baltic 13 x 32 40 % @MS PGothic Swiss Regular Central European 13 x 32 40 % @MS PGothic Swiss Regular Cyrillic 13 x 32 40 % @MS PGothic Swiss Regular Greek 13 x 32 40 % @MS PGothic Swiss Regular Japanese 13 x 32 40 % @MS PGothic Swiss Regular Turkish 13 x 32 40 % @MS PGothic Swiss Regular Western 13 x 32 40 % @MS PMincho Roman Regular Baltic 13 x 32 40 % @MS PMincho Roman Regular Central European 13 x 32 40 % @MS PMincho Roman Regular Cyrillic 13 x 32 40 % @MS PMincho Roman Regular Greek 13 x 32 40 % @MS PMincho Roman Regular Japanese 13 x 32 40 % @MS PMincho Roman Regular Turkish 13 x 32 40 % @MS PMincho Roman Regular Western 13 x 32 40 % @MS UI Gothic Swiss Regular Baltic 13 x 32 40 % @MS UI Gothic Swiss Regular Central European 13 x 32 40 % @MS UI Gothic Swiss Regular Cyrillic 13 x 32 40 % @MS UI Gothic Swiss Regular Greek 13 x 32 40 % @MS UI Gothic Swiss Regular Japanese 13 x 32 40 % @MS UI Gothic Swiss Regular Turkish 13 x 32 40 % @MS UI Gothic Swiss Regular Western 13 x 32 40 % @NSimSun Modern Regular CHINESE_GB2312 16 x 32 40 % @NSimSun Modern Regular Western 16 x 32 40 % @PMingLiU Roman Regular CHINESE_BIG5 16 x 32 40 % @PMingLiU Roman Regular Western 16 x 32 40 % @PMingLiU-ExtB Roman Regular CHINESE_BIG5 16 x 32 40 % @PMingLiU-ExtB Roman Regular Western 16 x 32 40 % @SimHei Modern Regular CHINESE_GB2312 16 x 32 40 % @SimHei Modern Regular Western 16 x 32 40 % @SimSun Special Regular CHINESE_GB2312 16 x 32 40 % @SimSun Special Regular Western 16 x 32 40 % @SimSun-ExtB Modern Regular CHINESE_GB2312 16 x 32 40 % @SimSun-ExtB Modern Regular Western 16 x 32 40 % Agency FB Swiss Bold Western 11 x 37 70 % Aharoni Special Bold Hebrew 15 x 32 70 % Algerian Decorative Regular Western 17 x 36 40 % Andalus Roman Regular Arabic 15 x 49 40 % Andalus Roman Regular Western 15 x 49 40 % Angsana New Roman Regular Thai 8 x 43 40 % Angsana New Roman Regular Western 8 x 43 40 % AngsanaUPC Roman Regular Thai 8 x 43 40 % AngsanaUPC Roman Regular Western 8 x 43 40 % Aparajita Swiss Regular Western 16 x 38 40 % Arabic Typesetting Script Regular Arabic 9 x 36 40 % Arabic Typesetting Script Regular Baltic 9 x 36 40 % Arabic Typesetting Script Regular Central European 9 x 36 40 % Arabic Typesetting Script Regular Turkish 9 x 36 40 % Arabic Typesetting Script Regular Western 9 x 36 40 % Arial Black Swiss Regular Baltic 18 x 45 90 % Arial Black Swiss Regular Central European 18 x 45 90 % Arial Black Swiss Regular Cyrillic 18 x 45 90 % Arial Black Swiss Regular Greek 18 x 45 90 % Arial Black Swiss Regular Turkish 18 x 45 90 % Arial Black Swiss Regular Western 18 x 45 90 % Arial Narrow Swiss Regular Baltic 12 x 36 40 % Arial Narrow Swiss Regular Central European 12 x 36 40 % Arial Narrow Swiss Regular Cyrillic 12 x 36 40 % Arial Narrow Swiss Regular Greek 12 x 36 40 % Arial Narrow Swiss Regular Turkish 12 x 36 40 % Arial Narrow Swiss Regular Western 12 x 36 40 % Arial Rounded MT Bold Swiss Regular Western 15 x 37 40 % Arial Unicode MS Swiss Regular Arabic 14 x 43 40 % Arial Unicode MS Swiss Regular Baltic 14 x 43 40 % Arial Unicode MS Swiss Regular Central European 14 x 43 40 % Arial Unicode MS Swiss Regular CHINESE_BIG5 14 x 43 40 % Arial Unicode MS Swiss Regular CHINESE_GB2312 14 x 43 40 % Arial Unicode MS Swiss Regular Cyrillic 14 x 43 40 % Arial Unicode MS Swiss Regular Greek 14 x 43 40 % Arial Unicode MS Swiss Regular Hangul(Johab) 14 x 43 40 % Arial Unicode MS Swiss Regular Hangul 14 x 43 40 % Arial Unicode MS Swiss Regular Hebrew 14 x 43 40 % Arial Unicode MS Swiss Regular Japanese 14 x 43 40 % Arial Unicode MS Swiss Regular Thai 14 x 43 40 % Arial Unicode MS Swiss Regular Turkish 14 x 43 40 % Arial Unicode MS Swiss Regular Vietnamese 14 x 43 40 % Arial Unicode MS Swiss Regular Western 14 x 43 40 % Arial Swiss Regular Arabic 14 x 36 40 % Arial Swiss Regular Baltic 14 x 36 40 % Arial Swiss Regular Central European 14 x 36 40 % Arial Swiss Regular Cyrillic 14 x 36 40 % Arial Swiss Regular Greek 14 x 36 40 % Arial Swiss Regular Hebrew 14 x 36 40 % Arial Swiss Regular Turkish 14 x 36 40 % Arial Swiss Regular Vietnamese 14 x 36 40 % Arial Swiss Regular Western 14 x 36 40 % Baskerville Old Face Roman Regular Western 13 x 37 40 % Batang Roman Regular Baltic 16 x 32 40 % Batang Roman Regular Central European 16 x 32 40 % Batang Roman Regular Cyrillic 16 x 32 40 % Batang Roman Regular Greek 16 x 32 40 % Batang Roman Regular Hangul 16 x 32 40 % Batang Roman Regular Turkish 16 x 32 40 % Batang Roman Regular Western 16 x 32 40 % BatangChe Modern Regular Baltic 16 x 32 40 % BatangChe Modern Regular Central European 16 x 32 40 % BatangChe Modern Regular Cyrillic 16 x 32 40 % BatangChe Modern Regular Greek 16 x 32 40 % BatangChe Modern Regular Hangul 16 x 32 40 % BatangChe Modern Regular Turkish 16 x 32 40 % BatangChe Modern Regular Western 16 x 32 40 % Bauhaus 93 Decorative Regular Western 14 x 36 40 % Bell MT Roman Regular Western 13 x 35 40 % Berlin Sans FB Demi Swiss Bold Western 14 x 36 70 % Berlin Sans FB Swiss Bold Western 15 x 36 70 % Bernard MT Condensed Roman Regular Western 12 x 38 40 % Blackadder ITC Decorative Regular Western 10 x 41 40 % Bodoni MT Black Roman Italic Western 17 x 37 90 % Bodoni MT Condensed Roman Bold Western 11 x 38 70 % Bodoni MT Poster Compressed Roman Regular Turkish 8 x 37 30 % Bodoni MT Poster Compressed Roman Regular Western 8 x 37 30 % Bodoni MT Roman Bold Western 13 x 38 70 % Book Antiqua Roman Bold Baltic 15 x 38 70 % Book Antiqua Roman Bold Central European 15 x 38 70 % Book Antiqua Roman Bold Cyrillic 15 x 38 70 % Book Antiqua Roman Bold Greek 15 x 38 70 % Book Antiqua Roman Bold Turkish 15 x 38 70 % Book Antiqua Roman Bold Western 15 x 38 70 % Bookman Old Style Roman Regular Baltic 16 x 36 30 % Bookman Old Style Roman Regular Central European 16 x 36 30 % Bookman Old Style Roman Regular Cyrillic 16 x 36 30 % Bookman Old Style Roman Regular Greek 16 x 36 30 % Bookman Old Style Roman Regular Turkish 16 x 36 30 % Bookman Old Style Roman Regular Western 16 x 36 30 % Bookshelf Symbol 7 Special Regular Symbol 21 x 32 40 % Bradley Hand ITC Script Regular Western 13 x 40 40 % Britannic Bold Swiss Regular Western 14 x 35 40 % Broadway Decorative Regular Western 17 x 36 40 % Browallia New Swiss Regular Thai 9 x 40 40 % Browallia New Swiss Regular Western 9 x 40 40 % BrowalliaUPC Swiss Regular Thai 9 x 40 40 % BrowalliaUPC Swiss Regular Western 9 x 40 40 % Brush Script MT Script Italic Western 10 x 39 40 % Calibri Swiss Regular Baltic 17 x 39 40 % Calibri Swiss Regular Central European 17 x 39 40 % Calibri Swiss Regular Cyrillic 17 x 39 40 % Calibri Swiss Regular Greek 17 x 39 40 % Calibri Swiss Regular Turkish 17 x 39 40 % Calibri Swiss Regular Vietnamese 17 x 39 40 % Calibri Swiss Regular Western 17 x 39 40 % Californian FB Roman Bold Western 14 x 37 70 % Calisto MT Roman Regular Western 13 x 37 40 % Cambria Math Roman Regular Baltic 20 x 179 40 % Cambria Math Roman Regular Central European 20 x 179 40 % Cambria Math Roman Regular Cyrillic 20 x 179 40 % Cambria Math Roman Regular Greek 20 x 179 40 % Cambria Math Roman Regular Turkish 20 x 179 40 % Cambria Math Roman Regular Vietnamese 20 x 179 40 % Cambria Math Roman Regular Western 20 x 179 40 % Cambria Roman Regular Baltic 20 x 38 40 % Cambria Roman Regular Central European 20 x 38 40 % Cambria Roman Regular Cyrillic 20 x 38 40 % Cambria Roman Regular Greek 20 x 38 40 % Cambria Roman Regular Turkish 20 x 38 40 % Cambria Roman Regular Vietnamese 20 x 38 40 % Cambria Roman Regular Western 20 x 38 40 % Candara Swiss Regular Baltic 17 x 39 40 % Candara Swiss Regular Central European 17 x 39 40 % Candara Swiss Regular Cyrillic 17 x 39 40 % Candara Swiss Regular Greek 17 x 39 40 % Candara Swiss Regular Turkish 17 x 39 40 % Candara Swiss Regular Vietnamese 17 x 39 40 % Candara Swiss Regular Western 17 x 39 40 % Castellar Roman Regular Western 21 x 39 40 % Centaur Roman Regular Western 12 x 36 40 % Century Gothic Swiss Regular Baltic 16 x 38 40 % Century Gothic Swiss Regular Central European 16 x 38 40 % Century Gothic Swiss Regular Cyrillic 16 x 38 40 % Century Gothic Swiss Regular Greek 16 x 38 40 % Century Gothic Swiss Regular Turkish 16 x 38 40 % Century Gothic Swiss Regular Western 16 x 38 40 % Century Schoolbook Roman Regular Baltic 15 x 38 40 % Century Schoolbook Roman Regular Central European 15 x 38 40 % Century Schoolbook Roman Regular Cyrillic 15 x 38 40 % Century Schoolbook Roman Regular Greek 15 x 38 40 % Century Schoolbook Roman Regular Turkish 15 x 38 40 % Century Schoolbook Roman Regular Western 15 x 38 40 % Century Roman Regular Baltic 15 x 38 40 % Century Roman Regular Central European 15 x 38 40 % Century Roman Regular Cyrillic 15 x 38 40 % Century Roman Regular Greek 15 x 38 40 % Century Roman Regular Turkish 15 x 38 40 % Century Roman Regular Western 15 x 38 40 % Chiller Decorative Regular Western 9 x 37 40 % chs_boot Swiss Regular CHINESE_BIG5 26 x 32 40 % chs_boot Swiss Regular CHINESE_GB2312 26 x 32 40 % chs_boot Swiss Regular Western 26 x 32 40 % cht_boot Swiss Regular CHINESE_BIG5 26 x 32 40 % cht_boot Swiss Regular Western 26 x 32 40 % Colonna MT Decorative Regular Western 13 x 34 40 % Comic Sans MS Script Regular Baltic 15 x 45 40 % Comic Sans MS Script Regular Central European 15 x 45 40 % Comic Sans MS Script Regular Cyrillic 15 x 45 40 % Comic Sans MS Script Regular Greek 15 x 45 40 % Comic Sans MS Script Regular Turkish 15 x 45 40 % Comic Sans MS Script Regular Western 15 x 45 40 % Consolas Modern Regular Baltic 18 x 37 40 % Consolas Modern Regular Central European 18 x 37 40 % Consolas Modern Regular Cyrillic 18 x 37 40 % Consolas Modern Regular Greek 18 x 37 40 % Consolas Modern Regular Turkish 18 x 37 40 % Consolas Modern Regular Vietnamese 18 x 37 40 % Consolas Modern Regular Western 18 x 37 40 % Constantia Roman Regular Baltic 17 x 39 40 % Constantia Roman Regular Central European 17 x 39 40 % Constantia Roman Regular Cyrillic 17 x 39 40 % Constantia Roman Regular Greek 17 x 39 40 % Constantia Roman Regular Turkish 17 x 39 40 % Constantia Roman Regular Vietnamese 17 x 39 40 % Constantia Roman Regular Western 17 x 39 40 % Cooper Black Roman Regular Western 16 x 37 40 % Copperplate Gothic Bold Swiss Regular Western 19 x 36 40 % Copperplate Gothic Light Swiss Regular Western 18 x 35 40 % Corbel Swiss Regular Baltic 17 x 39 40 % Corbel Swiss Regular Central European 17 x 39 40 % Corbel Swiss Regular Cyrillic 17 x 39 40 % Corbel Swiss Regular Greek 17 x 39 40 % Corbel Swiss Regular Turkish 17 x 39 40 % Corbel Swiss Regular Vietnamese 17 x 39 40 % Corbel Swiss Regular Western 17 x 39 40 % Cordia New Swiss Regular Thai 9 x 44 40 % Cordia New Swiss Regular Western 9 x 44 40 % CordiaUPC Swiss Regular Thai 9 x 44 40 % CordiaUPC Swiss Regular Western 9 x 44 40 % Courier New Modern Regular Arabic 19 x 36 40 % Courier New Modern Regular Baltic 19 x 36 40 % Courier New Modern Regular Central European 19 x 36 40 % Courier New Modern Regular Cyrillic 19 x 36 40 % Courier New Modern Regular Greek 19 x 36 40 % Courier New Modern Regular Hebrew 19 x 36 40 % Courier New Modern Regular Turkish 19 x 36 40 % Courier New Modern Regular Vietnamese 19 x 36 40 % Courier New Modern Regular Western 19 x 36 40 % Courier Modern Western 8 x 13 40 % Curlz MT Decorative Regular Western 12 x 42 40 % DaunPenh Special Regular Western 12 x 43 40 % David Swiss Regular Hebrew 13 x 31 40 % DFKai-SB Script Regular CHINESE_BIG5 16 x 32 40 % DFKai-SB Script Regular Western 16 x 32 40 % DilleniaUPC Roman Regular Thai 9 x 42 40 % DilleniaUPC Roman Regular Western 9 x 42 40 % DokChampa Swiss Regular Thai 19 x 62 40 % DokChampa Swiss Regular Western 19 x 62 40 % Dotum Swiss Regular Baltic 16 x 32 40 % Dotum Swiss Regular Central European 16 x 32 40 % Dotum Swiss Regular Cyrillic 16 x 32 40 % Dotum Swiss Regular Greek 16 x 32 40 % Dotum Swiss Regular Hangul 16 x 32 40 % Dotum Swiss Regular Turkish 16 x 32 40 % Dotum Swiss Regular Western 16 x 32 40 % DotumChe Modern Regular Baltic 16 x 32 40 % DotumChe Modern Regular Central European 16 x 32 40 % DotumChe Modern Regular Cyrillic 16 x 32 40 % DotumChe Modern Regular Greek 16 x 32 40 % DotumChe Modern Regular Hangul 16 x 32 40 % DotumChe Modern Regular Turkish 16 x 32 40 % DotumChe Modern Regular Western 16 x 32 40 % Ebrima Special Regular Baltic 19 x 43 40 % Ebrima Special Regular Central European 19 x 43 40 % Ebrima Special Regular Turkish 19 x 43 40 % Ebrima Special Regular Western 19 x 43 40 % Edwardian Script ITC Script Regular Western 8 x 38 40 % Elephant Roman Regular Western 16 x 41 40 % Engravers MT Roman Regular Western 25 x 37 50 % Eras Bold ITC Swiss Regular Western 16 x 37 40 % Eras Demi ITC Swiss Regular Western 15 x 36 40 % Eras Light ITC Swiss Regular Western 13 x 36 40 % Eras Medium ITC Swiss Regular Western 14 x 36 40 % Estrangelo Edessa Script Regular Western 16 x 36 40 % EucrosiaUPC Roman Regular Thai 9 x 39 40 % EucrosiaUPC Roman Regular Western 9 x 39 40 % Euphemia Swiss Regular Western 22 x 42 40 % FangSong Modern Regular CHINESE_GB2312 16 x 32 40 % FangSong Modern Regular Western 16 x 32 40 % Felix Titling Decorative Regular Western 19 x 37 40 % Fixedsys Modern Western 8 x 15 40 % Footlight MT Light Roman Regular Western 13 x 34 30 % Forte Script Regular Western 14 x 35 40 % Franklin Gothic Book Swiss Regular Baltic 13 x 36 40 % Franklin Gothic Book Swiss Regular Central European 13 x 36 40 % Franklin Gothic Book Swiss Regular Cyrillic 13 x 36 40 % Franklin Gothic Book Swiss Regular Greek 13 x 36 40 % Franklin Gothic Book Swiss Regular Turkish 13 x 36 40 % Franklin Gothic Book Swiss Regular Western 13 x 36 40 % Franklin Gothic Demi Cond Swiss Regular Baltic 12 x 36 40 % Franklin Gothic Demi Cond Swiss Regular Central European 12 x 36 40 % Franklin Gothic Demi Cond Swiss Regular Cyrillic 12 x 36 40 % Franklin Gothic Demi Cond Swiss Regular Greek 12 x 36 40 % Franklin Gothic Demi Cond Swiss Regular Turkish 12 x 36 40 % Franklin Gothic Demi Cond Swiss Regular Western 12 x 36 40 % Franklin Gothic Demi Swiss Regular Baltic 14 x 36 40 % Franklin Gothic Demi Swiss Regular Central European 14 x 36 40 % Franklin Gothic Demi Swiss Regular Cyrillic 14 x 36 40 % Franklin Gothic Demi Swiss Regular Greek 14 x 36 40 % Franklin Gothic Demi Swiss Regular Turkish 14 x 36 40 % Franklin Gothic Demi Swiss Regular Western 14 x 36 40 % Franklin Gothic Heavy Swiss Regular Baltic 15 x 36 40 % Franklin Gothic Heavy Swiss Regular Central European 15 x 36 40 % Franklin Gothic Heavy Swiss Regular Cyrillic 15 x 36 40 % Franklin Gothic Heavy Swiss Regular Greek 15 x 36 40 % Franklin Gothic Heavy Swiss Regular Turkish 15 x 36 40 % Franklin Gothic Heavy Swiss Regular Western 15 x 36 40 % Franklin Gothic Medium Cond Swiss Regular Baltic 12 x 36 40 % Franklin Gothic Medium Cond Swiss Regular Central European 12 x 36 40 % Franklin Gothic Medium Cond Swiss Regular Cyrillic 12 x 36 40 % Franklin Gothic Medium Cond Swiss Regular Greek 12 x 36 40 % Franklin Gothic Medium Cond Swiss Regular Turkish 12 x 36 40 % Franklin Gothic Medium Cond Swiss Regular Western 12 x 36 40 % Franklin Gothic Medium Swiss Regular Baltic 14 x 36 40 % Franklin Gothic Medium Swiss Regular Central European 14 x 36 40 % Franklin Gothic Medium Swiss Regular Cyrillic 14 x 36 40 % Franklin Gothic Medium Swiss Regular Greek 14 x 36 40 % Franklin Gothic Medium Swiss Regular Turkish 14 x 36 40 % Franklin Gothic Medium Swiss Regular Western 14 x 36 40 % FrankRuehl Swiss Regular Hebrew 13 x 30 40 % FreesiaUPC Swiss Regular Thai 9 x 38 40 % FreesiaUPC Swiss Regular Western 9 x 38 40 % Freestyle Script Script Regular Western 8 x 38 40 % French Script MT Script Regular Western 9 x 36 40 % Gabriola Decorative Regular Baltic 16 x 59 40 % Gabriola Decorative Regular Central European 16 x 59 40 % Gabriola Decorative Regular Cyrillic 16 x 59 40 % Gabriola Decorative Regular Greek 16 x 59 40 % Gabriola Decorative Regular Turkish 16 x 59 40 % Gabriola Decorative Regular Western 16 x 59 40 % Garamond Roman Regular Baltic 12 x 36 40 % Garamond Roman Regular Central European 12 x 36 40 % Garamond Roman Regular Cyrillic 12 x 36 40 % Garamond Roman Regular Greek 12 x 36 40 % Garamond Roman Regular Turkish 12 x 36 40 % Garamond Roman Regular Western 12 x 36 40 % Gautami Swiss Regular Western 18 x 56 40 % Georgia Roman Regular Baltic 14 x 36 40 % Georgia Roman Regular Central European 14 x 36 40 % Georgia Roman Regular Cyrillic 14 x 36 40 % Georgia Roman Regular Greek 14 x 36 40 % Georgia Roman Regular Turkish 14 x 36 40 % Georgia Roman Regular Western 14 x 36 40 % Gigi Decorative Regular Western 13 x 44 40 % Gill Sans MT Condensed Swiss Regular Central European 10 x 39 40 % Gill Sans MT Condensed Swiss Regular Western 10 x 39 40 % Gill Sans MT Ext Condensed Bold Swiss Regular Central European 7 x 38 40 % Gill Sans MT Ext Condensed Bold Swiss Regular Western 7 x 38 40 % Gill Sans MT Swiss Bold Italic Central European 14 x 37 70 % Gill Sans MT Swiss Bold Italic Western 14 x 37 70 % Gill Sans Ultra Bold Condensed Swiss Regular Central European 14 x 40 40 % Gill Sans Ultra Bold Condensed Swiss Regular Western 14 x 40 40 % Gill Sans Ultra Bold Swiss Regular Central European 20 x 40 40 % Gill Sans Ultra Bold Swiss Regular Western 20 x 40 40 % Gisha Swiss Regular Hebrew 16 x 38 40 % Gisha Swiss Regular Western 16 x 38 40 % Gloucester MT Extra Condensed Roman Regular Western 9 x 37 40 % Goudy Old Style Roman Regular Western 13 x 36 40 % Goudy Stout Roman Regular Western 36 x 44 40 % Gulim Swiss Regular Baltic 16 x 32 40 % Gulim Swiss Regular Central European 16 x 32 40 % Gulim Swiss Regular Cyrillic 16 x 32 40 % Gulim Swiss Regular Greek 16 x 32 40 % Gulim Swiss Regular Hangul 16 x 32 40 % Gulim Swiss Regular Turkish 16 x 32 40 % Gulim Swiss Regular Western 16 x 32 40 % GulimChe Modern Regular Baltic 16 x 32 40 % GulimChe Modern Regular Central European 16 x 32 40 % GulimChe Modern Regular Cyrillic 16 x 32 40 % GulimChe Modern Regular Greek 16 x 32 40 % GulimChe Modern Regular Hangul 16 x 32 40 % GulimChe Modern Regular Turkish 16 x 32 40 % GulimChe Modern Regular Western 16 x 32 40 % Gungsuh Roman Regular Baltic 16 x 32 40 % Gungsuh Roman Regular Central European 16 x 32 40 % Gungsuh Roman Regular Cyrillic 16 x 32 40 % Gungsuh Roman Regular Greek 16 x 32 40 % Gungsuh Roman Regular Hangul 16 x 32 40 % Gungsuh Roman Regular Turkish 16 x 32 40 % Gungsuh Roman Regular Western 16 x 32 40 % GungsuhChe Modern Regular Baltic 16 x 32 40 % GungsuhChe Modern Regular Central European 16 x 32 40 % GungsuhChe Modern Regular Cyrillic 16 x 32 40 % GungsuhChe Modern Regular Greek 16 x 32 40 % GungsuhChe Modern Regular Hangul 16 x 32 40 % GungsuhChe Modern Regular Turkish 16 x 32 40 % GungsuhChe Modern Regular Western 16 x 32 40 % Haettenschweiler Swiss Regular Baltic 10 x 33 40 % Haettenschweiler Swiss Regular Central European 10 x 33 40 % Haettenschweiler Swiss Regular Cyrillic 10 x 33 40 % Haettenschweiler Swiss Regular Greek 10 x 33 40 % Haettenschweiler Swiss Regular Turkish 10 x 33 40 % Haettenschweiler Swiss Regular Western 10 x 33 40 % Harlow Solid Italic Decorative Italic Western 12 x 40 40 % Harrington Decorative Regular Western 14 x 38 40 % High Tower Text Roman Regular Western 13 x 37 40 % Impact Swiss Regular Baltic 13 x 39 40 % Impact Swiss Regular Central European 13 x 39 40 % Impact Swiss Regular Cyrillic 13 x 39 40 % Impact Swiss Regular Greek 13 x 39 40 % Impact Swiss Regular Turkish 13 x 39 40 % Impact Swiss Regular Western 13 x 39 40 % Imprint MT Shadow Decorative Regular Western 13 x 38 40 % Informal Roman Script Regular Western 12 x 32 40 % IrisUPC Swiss Regular Thai 9 x 40 40 % IrisUPC Swiss Regular Western 9 x 40 40 % Iskoola Pota Swiss Regular Western 22 x 36 40 % JasmineUPC Roman Regular Thai 9 x 34 40 % JasmineUPC Roman Regular Western 9 x 34 40 % Jokerman Decorative Regular Western 16 x 48 40 % jpn_boot Swiss Regular Baltic 26 x 32 40 % jpn_boot Swiss Regular Central European 26 x 32 40 % jpn_boot Swiss Regular Cyrillic 26 x 32 40 % jpn_boot Swiss Regular Greek 26 x 32 40 % jpn_boot Swiss Regular Japanese 26 x 32 40 % jpn_boot Swiss Regular Turkish 26 x 32 40 % jpn_boot Swiss Regular Western 26 x 32 40 % Juice ITC Decorative Regular Western 9 x 36 40 % KaiTi Modern Regular CHINESE_GB2312 16 x 32 40 % KaiTi Modern Regular Western 16 x 32 40 % Kalinga Swiss Regular Western 19 x 48 40 % Kartika Roman Regular Western 27 x 46 40 % Khmer UI Swiss Regular Western 21 x 36 40 % KodchiangUPC Roman Regular Thai 9 x 31 40 % KodchiangUPC Roman Regular Western 9 x 31 40 % Kokila Swiss Regular Western 13 x 37 40 % kor_boot Swiss Regular Baltic 26 x 32 40 % kor_boot Swiss Regular Central European 26 x 32 40 % kor_boot Swiss Regular Cyrillic 26 x 32 40 % kor_boot Swiss Regular Greek 26 x 32 40 % kor_boot Swiss Regular Hangul 26 x 32 40 % kor_boot Swiss Regular Turkish 26 x 32 40 % kor_boot Swiss Regular Western 26 x 32 40 % Kristen ITC Script Regular Western 16 x 44 40 % Kunstler Script Script Regular Western 8 x 35 40 % Lao UI Swiss Regular Western 18 x 43 40 % Latha Swiss Regular Western 23 x 44 40 % Leelawadee Swiss Regular Thai 17 x 38 40 % Leelawadee Swiss Regular Western 17 x 38 40 % Levenim MT Special Regular Hebrew 16 x 42 40 % LilyUPC Swiss Regular Thai 9 x 30 40 % LilyUPC Swiss Regular Western 9 x 30 40 % Lucida Bright Roman Regular Western 16 x 36 40 % Lucida Calligraphy Script Italic Western 17 x 40 40 % Lucida Console Modern Regular Central European 19 x 32 40 % Lucida Console Modern Regular Cyrillic 19 x 32 40 % Lucida Console Modern Regular Greek 19 x 32 40 % Lucida Console Modern Regular Turkish 19 x 32 40 % Lucida Console Modern Regular Western 19 x 32 40 % Lucida Fax Roman Regular Western 16 x 37 40 % Lucida Handwriting Script Italic Western 18 x 41 40 % Lucida Sans Typewriter Modern Regular Western 19 x 36 40 % Lucida Sans Unicode Swiss Regular Baltic 16 x 49 40 % Lucida Sans Unicode Swiss Regular Central European 16 x 49 40 % Lucida Sans Unicode Swiss Regular Cyrillic 16 x 49 40 % Lucida Sans Unicode Swiss Regular Greek 16 x 49 40 % Lucida Sans Unicode Swiss Regular Hebrew 16 x 49 40 % Lucida Sans Unicode Swiss Regular Turkish 16 x 49 40 % Lucida Sans Unicode Swiss Regular Western 16 x 49 40 % Lucida Sans Swiss Regular Western 16 x 36 40 % Magneto Decorative Bold Western 18 x 39 70 % Maiandra GD Swiss Regular Western 14 x 38 40 % Malgun Gothic Swiss Regular Hangul 15 x 43 40 % Malgun Gothic Swiss Regular Western 15 x 43 40 % Mangal Roman Regular Western 19 x 54 40 % Marlett Special Regular Symbol 31 x 32 50 % Matura MT Script Capitals Script Regular Western 14 x 43 40 % Meiryo UI Swiss Regular Baltic 17 x 41 40 % Meiryo UI Swiss Regular Central European 17 x 41 40 % Meiryo UI Swiss Regular Cyrillic 17 x 41 40 % Meiryo UI Swiss Regular Greek 17 x 41 40 % Meiryo UI Swiss Regular Japanese 17 x 41 40 % Meiryo UI Swiss Regular Turkish 17 x 41 40 % Meiryo UI Swiss Regular Western 17 x 41 40 % Meiryo Swiss Regular Baltic 31 x 48 40 % Meiryo Swiss Regular Central European 31 x 48 40 % Meiryo Swiss Regular Cyrillic 31 x 48 40 % Meiryo Swiss Regular Greek 31 x 48 40 % Meiryo Swiss Regular Japanese 31 x 48 40 % Meiryo Swiss Regular Turkish 31 x 48 40 % Meiryo Swiss Regular Western 31 x 48 40 % Microsoft Himalaya Special Regular Western 13 x 32 40 % Microsoft JhengHei Swiss Regular CHINESE_BIG5 15 x 43 40 % Microsoft JhengHei Swiss Regular Greek 15 x 43 40 % Microsoft JhengHei Swiss Regular Western 15 x 43 40 % Microsoft New Tai Lue Swiss Regular Western 19 x 42 40 % Microsoft PhagsPa Swiss Regular Western 24 x 41 40 % Microsoft Sans Serif Swiss Regular Arabic 14 x 36 40 % Microsoft Sans Serif Swiss Regular Baltic 14 x 36 40 % Microsoft Sans Serif Swiss Regular Central European 14 x 36 40 % Microsoft Sans Serif Swiss Regular Cyrillic 14 x 36 40 % Microsoft Sans Serif Swiss Regular Greek 14 x 36 40 % Microsoft Sans Serif Swiss Regular Hebrew 14 x 36 40 % Microsoft Sans Serif Swiss Regular Thai 14 x 36 40 % Microsoft Sans Serif Swiss Regular Turkish 14 x 36 40 % Microsoft Sans Serif Swiss Regular Vietnamese 14 x 36 40 % Microsoft Sans Serif Swiss Regular Western 14 x 36 40 % Microsoft Tai Le Swiss Regular Western 19 x 41 40 % Microsoft Uighur Special Regular Arabic 13 x 32 40 % Microsoft Uighur Special Regular Western 13 x 32 40 % Microsoft YaHei Swiss Regular Central European 15 x 42 40 % Microsoft YaHei Swiss Regular CHINESE_GB2312 15 x 42 40 % Microsoft YaHei Swiss Regular Cyrillic 15 x 42 40 % Microsoft YaHei Swiss Regular Greek 15 x 42 40 % Microsoft YaHei Swiss Regular Turkish 15 x 42 40 % Microsoft YaHei Swiss Regular Western 15 x 42 40 % Microsoft Yi Baiti Script Regular Western 21 x 32 40 % MingLiU_HKSCS Roman Regular CHINESE_BIG5 16 x 32 40 % MingLiU_HKSCS Roman Regular Western 16 x 32 40 % MingLiU_HKSCS-ExtB Roman Regular CHINESE_BIG5 16 x 32 40 % MingLiU_HKSCS-ExtB Roman Regular Western 16 x 32 40 % MingLiU Modern Regular CHINESE_BIG5 16 x 32 40 % MingLiU Modern Regular Western 16 x 32 40 % MingLiU-ExtB Roman Regular CHINESE_BIG5 16 x 32 40 % MingLiU-ExtB Roman Regular Western 16 x 32 40 % Miriam Fixed Modern Regular Hebrew 19 x 32 40 % Miriam Swiss Regular Hebrew 13 x 32 40 % Mistral Script Regular Baltic 10 x 39 40 % Mistral Script Regular Central European 10 x 39 40 % Mistral Script Regular Cyrillic 10 x 39 40 % Mistral Script Regular Greek 10 x 39 40 % Mistral Script Regular Turkish 10 x 39 40 % Mistral Script Regular Western 10 x 39 40 % Modern No. 20 Roman Regular Western 13 x 33 40 % Modern Modern OEM/DOS 19 x 37 40 % Mongolian Baiti Script Regular Western 14 x 34 40 % Monotype Corsiva Script Regular Baltic 11 x 35 40 % Monotype Corsiva Script Regular Central European 11 x 35 40 % Monotype Corsiva Script Regular Cyrillic 11 x 35 40 % Monotype Corsiva Script Regular Greek 11 x 35 40 % Monotype Corsiva Script Regular Turkish 11 x 35 40 % Monotype Corsiva Script Regular Western 11 x 35 40 % MoolBoran Swiss Regular Western 13 x 43 40 % MS Gothic Modern Regular Baltic 16 x 32 40 % MS Gothic Modern Regular Central European 16 x 32 40 % MS Gothic Modern Regular Cyrillic 16 x 32 40 % MS Gothic Modern Regular Greek 16 x 32 40 % MS Gothic Modern Regular Japanese 16 x 32 40 % MS Gothic Modern Regular Turkish 16 x 32 40 % MS Gothic Modern Regular Western 16 x 32 40 % MS Mincho Modern Regular Baltic 16 x 32 40 % MS Mincho Modern Regular Central European 16 x 32 40 % MS Mincho Modern Regular Cyrillic 16 x 32 40 % MS Mincho Modern Regular Greek 16 x 32 40 % MS Mincho Modern Regular Japanese 16 x 32 40 % MS Mincho Modern Regular Turkish 16 x 32 40 % MS Mincho Modern Regular Western 16 x 32 40 % MS Outlook Special Regular Symbol 31 x 33 40 % MS PGothic Swiss Regular Baltic 13 x 32 40 % MS PGothic Swiss Regular Central European 13 x 32 40 % MS PGothic Swiss Regular Cyrillic 13 x 32 40 % MS PGothic Swiss Regular Greek 13 x 32 40 % MS PGothic Swiss Regular Japanese 13 x 32 40 % MS PGothic Swiss Regular Turkish 13 x 32 40 % MS PGothic Swiss Regular Western 13 x 32 40 % MS PMincho Roman Regular Baltic 13 x 32 40 % MS PMincho Roman Regular Central European 13 x 32 40 % MS PMincho Roman Regular Cyrillic 13 x 32 40 % MS PMincho Roman Regular Greek 13 x 32 40 % MS PMincho Roman Regular Japanese 13 x 32 40 % MS PMincho Roman Regular Turkish 13 x 32 40 % MS PMincho Roman Regular Western 13 x 32 40 % MS Reference Sans Serif Swiss Regular Baltic 16 x 39 40 % MS Reference Sans Serif Swiss Regular Central European 16 x 39 40 % MS Reference Sans Serif Swiss Regular Cyrillic 16 x 39 40 % MS Reference Sans Serif Swiss Regular Greek 16 x 39 40 % MS Reference Sans Serif Swiss Regular Turkish 16 x 39 40 % MS Reference Sans Serif Swiss Regular Vietnamese 16 x 39 40 % MS Reference Sans Serif Swiss Regular Western 16 x 39 40 % MS Reference Specialty Special Regular Symbol 23 x 39 40 % MS Sans Serif Swiss Western 5 x 13 40 % MS Serif Roman Western 5 x 13 40 % MS UI Gothic Swiss Regular Baltic 13 x 32 40 % MS UI Gothic Swiss Regular Central European 13 x 32 40 % MS UI Gothic Swiss Regular Cyrillic 13 x 32 40 % MS UI Gothic Swiss Regular Greek 13 x 32 40 % MS UI Gothic Swiss Regular Japanese 13 x 32 40 % MS UI Gothic Swiss Regular Turkish 13 x 32 40 % MS UI Gothic Swiss Regular Western 13 x 32 40 % MT Extra Roman Regular Symbol 20 x 32 40 % MV Boli Special Regular Western 18 x 52 40 % Narkisim Swiss Regular Hebrew 12 x 32 40 % Niagara Engraved Decorative Regular Western 8 x 34 40 % Niagara Solid Decorative Regular Western 8 x 34 40 % NSimSun Modern Regular CHINESE_GB2312 16 x 32 40 % NSimSun Modern Regular Western 16 x 32 40 % Nyala Special Regular Baltic 18 x 33 40 % Nyala Special Regular Central European 18 x 33 40 % Nyala Special Regular Turkish 18 x 33 40 % Nyala Special Regular Western 18 x 33 40 % OCR A Extended Modern Regular Western 19 x 33 40 % Old English Text MT Script Regular Western 12 x 39 40 % Onyx Decorative Regular Western 8 x 37 40 % Palace Script MT Script Regular Western 7 x 30 40 % Palatino Linotype Roman Regular Baltic 14 x 43 40 % Palatino Linotype Roman Regular Central European 14 x 43 40 % Palatino Linotype Roman Regular Cyrillic 14 x 43 40 % Palatino Linotype Roman Regular Greek 14 x 43 40 % Palatino Linotype Roman Regular Turkish 14 x 43 40 % Palatino Linotype Roman Regular Vietnamese 14 x 43 40 % Palatino Linotype Roman Regular Western 14 x 43 40 % Papyrus Script Regular Western 13 x 50 40 % Parchment Script Regular Western 6 x 34 40 % Perpetua Titling MT Roman Bold Western 21 x 39 70 % Perpetua Roman Bold Italic Western 12 x 37 70 % Plantagenet Cherokee Roman Regular Western 14 x 41 40 % Playbill Decorative Regular Western 8 x 32 40 % PMingLiU Roman Regular CHINESE_BIG5 16 x 32 40 % PMingLiU Roman Regular Western 16 x 32 40 % PMingLiU-ExtB Roman Regular CHINESE_BIG5 16 x 32 40 % PMingLiU-ExtB Roman Regular Western 16 x 32 40 % Poor Richard Roman Regular Western 12 x 36 40 % Pristina Script Regular Western 10 x 42 40 % Raavi Swiss Regular Western 13 x 53 40 % Rage Italic Script Regular Western 11 x 40 40 % Ravie Decorative Regular Western 22 x 43 40 % Rockwell Condensed Roman Bold Western 13 x 38 70 % Rockwell Extra Bold Roman Regular Western 19 x 38 80 % Rockwell Roman Regular Western 15 x 38 40 % Rod Modern Regular Hebrew 19 x 31 40 % Roman Roman OEM/DOS 22 x 37 40 % Sakkal Majalla Special Regular Arabic 16 x 45 40 % Sakkal Majalla Special Regular Baltic 16 x 45 40 % Sakkal Majalla Special Regular Central European 16 x 45 40 % Sakkal Majalla Special Regular Turkish 16 x 45 40 % Sakkal Majalla Special Regular Western 16 x 45 40 % Script MT Bold Script Regular Western 13 x 39 70 % Script Script OEM/DOS 16 x 36 40 % Segoe Print Special Regular Baltic 21 x 56 40 % Segoe Print Special Regular Central European 21 x 56 40 % Segoe Print Special Regular Cyrillic 21 x 56 40 % Segoe Print Special Regular Greek 21 x 56 40 % Segoe Print Special Regular Turkish 21 x 56 40 % Segoe Print Special Regular Western 21 x 56 40 % Segoe Script Swiss Regular Baltic 22 x 51 40 % Segoe Script Swiss Regular Central European 22 x 51 40 % Segoe Script Swiss Regular Cyrillic 22 x 51 40 % Segoe Script Swiss Regular Greek 22 x 51 40 % Segoe Script Swiss Regular Turkish 22 x 51 40 % Segoe Script Swiss Regular Western 22 x 51 40 % Segoe UI Light Swiss Regular Baltic 17 x 43 30 % Segoe UI Light Swiss Regular Central European 17 x 43 30 % Segoe UI Light Swiss Regular Cyrillic 17 x 43 30 % Segoe UI Light Swiss Regular Greek 17 x 43 30 % Segoe UI Light Swiss Regular Turkish 17 x 43 30 % Segoe UI Light Swiss Regular Vietnamese 17 x 43 30 % Segoe UI Light Swiss Regular Western 17 x 43 30 % Segoe UI Semibold Swiss Regular Baltic 18 x 43 60 % Segoe UI Semibold Swiss Regular Central European 18 x 43 60 % Segoe UI Semibold Swiss Regular Cyrillic 18 x 43 60 % Segoe UI Semibold Swiss Regular Greek 18 x 43 60 % Segoe UI Semibold Swiss Regular Turkish 18 x 43 60 % Segoe UI Semibold Swiss Regular Vietnamese 18 x 43 60 % Segoe UI Semibold Swiss Regular Western 18 x 43 60 % Segoe UI Symbol Swiss Regular Western 23 x 43 40 % Segoe UI Swiss Regular Arabic 17 x 43 40 % Segoe UI Swiss Regular Baltic 17 x 43 40 % Segoe UI Swiss Regular Central European 17 x 43 40 % Segoe UI Swiss Regular Cyrillic 17 x 43 40 % Segoe UI Swiss Regular Greek 17 x 43 40 % Segoe UI Swiss Regular Turkish 17 x 43 40 % Segoe UI Swiss Regular Vietnamese 17 x 43 40 % Segoe UI Swiss Regular Western 17 x 43 40 % Shonar Bangla Swiss Regular Western 16 x 41 40 % Showcard Gothic Decorative Regular Western 18 x 40 40 % Shruti Swiss Regular Western 14 x 54 40 % SimHei Modern Regular CHINESE_GB2312 16 x 32 40 % SimHei Modern Regular Western 16 x 32 40 % Simplified Arabic Fixed Modern Regular Arabic 19 x 35 40 % Simplified Arabic Fixed Modern Regular Western 19 x 35 40 % Simplified Arabic Roman Regular Arabic 13 x 53 40 % Simplified Arabic Roman Regular Western 13 x 53 40 % SimSun Special Regular CHINESE_GB2312 16 x 32 40 % SimSun Special Regular Western 16 x 32 40 % SimSun-ExtB Modern Regular CHINESE_GB2312 16 x 32 40 % SimSun-ExtB Modern Regular Western 16 x 32 40 % Small Fonts Swiss Western 1 x 3 40 % Snap ITC Decorative Regular Western 19 x 41 40 % Stencil Decorative Regular Western 18 x 38 40 % Sylfaen Roman Regular Baltic 13 x 42 40 % Sylfaen Roman Regular Central European 13 x 42 40 % Sylfaen Roman Regular Cyrillic 13 x 42 40 % Sylfaen Roman Regular Greek 13 x 42 40 % Sylfaen Roman Regular Turkish 13 x 42 40 % Sylfaen Roman Regular Western 13 x 42 40 % Symbol Roman Regular Symbol 19 x 39 40 % System Swiss Western 7 x 16 70 % Tahoma Swiss Regular Arabic 14 x 39 40 % Tahoma Swiss Regular Baltic 14 x 39 40 % Tahoma Swiss Regular Central European 14 x 39 40 % Tahoma Swiss Regular Cyrillic 14 x 39 40 % Tahoma Swiss Regular Greek 14 x 39 40 % Tahoma Swiss Regular Hebrew 14 x 39 40 % Tahoma Swiss Regular Thai 14 x 39 40 % Tahoma Swiss Regular Turkish 14 x 39 40 % Tahoma Swiss Regular Vietnamese 14 x 39 40 % Tahoma Swiss Regular Western 14 x 39 40 % Tempus Sans ITC Decorative Regular Western 13 x 42 40 % Terminal Modern OEM/DOS 8 x 12 40 % Times New Roman Roman Regular Arabic 13 x 35 40 % Times New Roman Roman Regular Baltic 13 x 35 40 % Times New Roman Roman Regular Central European 13 x 35 40 % Times New Roman Roman Regular Cyrillic 13 x 35 40 % Times New Roman Roman Regular Greek 13 x 35 40 % Times New Roman Roman Regular Hebrew 13 x 35 40 % Times New Roman Roman Regular Turkish 13 x 35 40 % Times New Roman Roman Regular Vietnamese 13 x 35 40 % Times New Roman Roman Regular Western 13 x 35 40 % Traditional Arabic Roman Regular Arabic 15 x 48 40 % Traditional Arabic Roman Regular Western 15 x 48 40 % Trebuchet MS Swiss Regular Baltic 15 x 37 40 % Trebuchet MS Swiss Regular Central European 15 x 37 40 % Trebuchet MS Swiss Regular Cyrillic 15 x 37 40 % Trebuchet MS Swiss Regular Greek 15 x 37 40 % Trebuchet MS Swiss Regular Turkish 15 x 37 40 % Trebuchet MS Swiss Regular Western 15 x 37 40 % Tunga Swiss Regular Western 18 x 53 40 % Tw Cen MT Condensed Extra Bold Swiss Regular Central European 12 x 35 40 % Tw Cen MT Condensed Extra Bold Swiss Regular Western 12 x 35 40 % Tw Cen MT Condensed Swiss Regular Central European 10 x 34 40 % Tw Cen MT Condensed Swiss Regular Western 10 x 34 40 % Tw Cen MT Swiss Bold Italic Central European 12 x 35 70 % Tw Cen MT Swiss Bold Italic Western 12 x 35 70 % Utsaah Swiss Regular Western 13 x 36 40 % Vani Swiss Regular Western 23 x 54 40 % Verdana Swiss Regular Baltic 16 x 39 40 % Verdana Swiss Regular Central European 16 x 39 40 % Verdana Swiss Regular Cyrillic 16 x 39 40 % Verdana Swiss Regular Greek 16 x 39 40 % Verdana Swiss Regular Turkish 16 x 39 40 % Verdana Swiss Regular Vietnamese 16 x 39 40 % Verdana Swiss Regular Western 16 x 39 40 % Vijaya Swiss Regular Western 19 x 32 40 % Viner Hand ITC Script Regular Western 15 x 52 40 % Vivaldi Script Italic Western 9 x 38 40 % Vladimir Script Script Regular Western 10 x 39 40 % Vrinda Swiss Regular Western 20 x 44 40 % Webdings Roman Regular Symbol 31 x 32 40 % wgl4_boot Swiss Regular Central European 13 x 32 40 % wgl4_boot Swiss Regular Cyrillic 13 x 32 40 % wgl4_boot Swiss Regular Greek 13 x 32 40 % wgl4_boot Swiss Regular Turkish 13 x 32 40 % wgl4_boot Swiss Regular Western 13 x 32 40 % Wide Latin Roman Regular Western 26 x 39 40 % Wingdings 2 Roman Regular Symbol 27 x 34 40 % Wingdings 3 Roman Regular Symbol 25 x 36 40 % Wingdings Special Regular Symbol 28 x 36 40 % --------[ Windows Audio ]----------------------------------------------------------------------------------------------- midi-out.0 0001 001B Microsoft GS Wavetable Synth mixer.0 0001 0068 Speakers (Realtek High Definiti mixer.1 0001 0068 Microphone (Realtek High Defini wave-in.0 0001 0065 Microphone (Realtek High Defini wave-out.0 0001 0064 Speakers (Realtek High Definiti --------[ PCI / PnP Audio ]--------------------------------------------------------------------------------------------- Intel Cougar Point HDMI @ Intel Cougar Point PCH - High Definition Audio Controller [B-2] PCI Realtek ALC269 @ Intel Cougar Point PCH - High Definition Audio Controller [B-2] PCI --------[ HD Audio ]---------------------------------------------------------------------------------------------------- [ Intel Cougar Point PCH - High Definition Audio Controller [B-2] ] Device Properties: Device Description Intel Cougar Point PCH - High Definition Audio Controller [B-2] Device Description (Windows) High Definition Audio Controller Bus Type PCI Bus / Device / Function 0 / 27 / 0 Device ID 8086-1C20 Subsystem ID 1025-0506 Revision 04 Hardware ID PCI\VEN_8086&DEV_1C20&SUBSYS_05061025&REV_04 Device Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ Realtek ALC269 ] Device Properties: Device Description Realtek ALC269 Device Description (Windows) Realtek High Definition Audio Device Type Audio Bus Type HDAUDIO Device ID 10EC-0269 Subsystem ID 1025-0506 Revision 1001 Hardware ID HDAUDIO\FUNC_01&VEN_10EC&DEV_0269&SUBSYS_10250506&REV_1001 Device Manufacturer: Company Name Realtek Semiconductor Corp. Product Information http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=8&PFid=14&Level=3&Conn=2 Driver Download http://www.realtek.com.tw/downloads Driver Update http://www.aida64.com/driver-updates [ Intel Cougar Point HDMI ] Device Properties: Device Description Intel Cougar Point HDMI Device Description (Windows) Intel(R) Display Audio Device Type Audio Bus Type HDAUDIO Device ID 8086-2805 Subsystem ID 8086-0101 Revision 1000 Hardware ID HDAUDIO\FUNC_01&VEN_8086&DEV_2805&SUBSYS_80860101&REV_1000 Device Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets Driver Update http://www.aida64.com/driver-updates --------[ Audio Codecs ]------------------------------------------------------------------------------------------------ [ Fraunhofer IIS MPEG Layer-3 Codec (professional) ] ACM Driver Properties: Driver Description Fraunhofer IIS MPEG Layer-3 Codec (professional) Copyright Notice Copyright (C) 1996-2004 Fraunhofer IIS Driver Features all bitrates, mono and stereo codec (professional) Driver Version 3.04 [ Messenger Audio Codec ] ACM Driver Properties: Driver Description Messenger Audio Codec Copyright Notice Copyright (C) 1997 - 2006 Microsoft Corporation License Information ___ Driver Features Messenger Audio Codec Driver Version 4.00 [ Microsoft ADPCM CODEC ] ACM Driver Properties: Driver Description Microsoft ADPCM CODEC Copyright Notice Copyright (C) 1992-1996 Microsoft Corporation Driver Features Compresses and decompresses Microsoft ADPCM audio data. Driver Version 4.00 [ Microsoft CCITT G.711 A-Law and u-Law CODEC ] ACM Driver Properties: Driver Description Microsoft CCITT G.711 A-Law and u-Law CODEC Copyright Notice Copyright (c) 1993-1996 Microsoft Corporation Driver Features Compresses and decompresses CCITT G.711 A-Law and u-Law audio data. Driver Version 4.00 [ Microsoft GSM 6.10 Audio CODEC ] ACM Driver Properties: Driver Description Microsoft GSM 6.10 Audio CODEC Copyright Notice Copyright (C) 1993-1996 Microsoft Corporation Driver Features Compresses and decompresses audio data conforming to the ETSI-GSM (European Telecommunications Standards Institute-Groupe Special Mobile) recommendation 6.10. Driver Version 4.00 [ Microsoft IMA ADPCM CODEC ] ACM Driver Properties: Driver Description Microsoft IMA ADPCM CODEC Copyright Notice Copyright (C) 1992-1996 Microsoft Corporation Driver Features Compresses and decompresses IMA ADPCM audio data. Driver Version 4.00 [ Microsoft PCM Converter ] ACM Driver Properties: Driver Description Microsoft PCM Converter Copyright Notice Copyright (C) 1992-1996 Microsoft Corporation Driver Features Converts frequency and bits per sample of PCM audio data. Driver Version 5.00 --------[ Video Codecs ]------------------------------------------------------------------------------------------------ iccvid.dll 1.10.0.11 Cinepak® Codec iyuv_32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Intel Indeo(R) Video YUV Codec msrle32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft RLE Compressor msvidc32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Video 1 Compressor msyuv.dll 6.1.7601.17514 (win7sp1_rtm.101119-1850) Microsoft UYVY Video Decompressor tsbyuv.dll 6.1.7601.17514 (win7sp1_rtm.101119-1850) Toshiba Video Codec --------[ MCI ]--------------------------------------------------------------------------------------------------------- [ AVIVideo ] MCI Device Properties: Device AVIVideo Name Video for Windows Description Video For Windows MCI driver Type Digital Video Device Driver mciavi32.dll Status Enabled MCI Device Features: Compound Device Yes File Based Device Yes Can Eject No Can Play Yes Can Play In Reverse Yes Can Record No Can Save Data No Can Freeze Data No Can Lock Data No Can Stretch Frame Yes Can Stretch Input No Can Test Yes Audio Capable Yes Video Capable Yes Still Image Capable No [ CDAudio ] MCI Device Properties: Device CDAudio Name CD Audio Description MCI driver for cdaudio devices Type CD Audio Device Driver mcicda.dll Status Enabled MCI Device Features: Compound Device No File Based Device No Can Eject Yes Can Play Yes Can Record No Can Save Data No Audio Capable Yes Video Capable No [ MPEGVideo ] MCI Device Properties: Device MPEGVideo Name DirectShow Description DirectShow MCI Driver Type Digital Video Device Driver mciqtz32.dll Status Enabled MCI Device Features: Compound Device Yes File Based Device Yes Can Eject No Can Play Yes Can Play In Reverse No Can Record No Can Save Data No Can Freeze Data No Can Lock Data No Can Stretch Frame Yes Can Stretch Input No Can Test Yes Audio Capable Yes Video Capable Yes Still Image Capable No [ Sequencer ] MCI Device Properties: Device Sequencer Name MIDI Sequencer Description MCI driver for MIDI sequencer Type Sequencer Device Driver mciseq.dll Status Enabled MCI Device Features: Compound Device Yes File Based Device Yes Can Eject No Can Play Yes Can Record No Can Save Data No Audio Capable Yes Video Capable No [ WaveAudio ] MCI Device Properties: Device WaveAudio Name Sound Description MCI driver for waveform audio Type Waveform Audio Device Driver mciwave.dll Status Enabled MCI Device Features: Compound Device Yes File Based Device Yes Can Eject No Can Play Yes Can Record Yes Can Save Data Yes Audio Capable Yes Video Capable No --------[ SAPI ]-------------------------------------------------------------------------------------------------------- SAPI Properties: SAPI4 Version - SAPI5 Version 5.3.13120.0 Voice (SAPI5): Name Microsoft Anna - English (United States) Description Microsoft Anna - English (United States) Voice Name M1033DSK Voice Path C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk Age Adult Gender Female Language English (United States) Vendor Microsoft Version 2.0 DLL File C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll (x86) CLSID {F51C7B23-6566-424C-94CF-2C4F83EE96FF} Frontend {55DFB4F7-4175-4B3B-B247-D9B399ADB119} Speech Recognizer (SAPI5): Name Microsoft Speech Recognizer 8.0 for Windows (English - UK) Description Microsoft Speech Recognizer 8.0 for Windows (English - UK) FE Config Data File C:\Windows\Speech\Engines\SR\en-GB\c2057dsk.fe Language English (United Kingdom) Speaking Style Discrete;Continuous Supported Locales English (United Kingdom); English (Australia); English (New Zealand); English (Ireland); English (South Africa); English (Jamaica); English (Caribbean); English (Belize); English (Trinidad and Tobago); English (Zimbabwe); English (India); English (Malaysia); English (Singapore); English Vendor Microsoft Version 8.0 DLL File C:\Windows\System32\Speech\Engines\SR\spsreng.dll (x64) CLSID {DAC9F469-0C67-4643-9258-87EC128C5941} RecoExtension {4F4DB904-CA35-4A3A-90AF-C9D8BE7532AC} Speech Recognizer (SAPI5): Name Microsoft Speech Recognizer 8.0 for Windows (English - US) Description Microsoft Speech Recognizer 8.0 for Windows (English - US) FE Config Data File C:\Windows\Speech\Engines\SR\en-US\c1033dsk.fe Language English (United States); English Speaking Style Discrete;Continuous Supported Locales English (United States); English (Canada); English (Republic of the Philippines); English Vendor Microsoft Version 8.0 DLL File C:\Windows\System32\Speech\Engines\SR\spsreng.dll (x64) CLSID {DAC9F469-0C67-4643-9258-87EC128C5941} RecoExtension {4F4DB904-CA35-4A3A-90AF-C9D8BE7532AC} --------[ Windows Storage ]--------------------------------------------------------------------------------------------- [ Hitachi HTS545050A7E380 ATA Device ] Device Properties: Driver Description Hitachi HTS545050A7E380 ATA Device Driver Date 21/6/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File disk.inf Disk Device Physical Info: Manufacturer Hitachi Hard Disk Family Travelstar Z5K500 Form Factor 2.5" Formatted Capacity 500 GB Disks 1 Recording Surfaces 2 Physical Dimensions 100 x 70 x 7 mm Max. Weight 95 g Average Rotational Latency 5.5 ms Rotational Speed 5400 RPM Max. Internal Data Rate 1087 Mbit/s Average Seek 13 ms Track-To-Track Seek 1 ms Full Seek 25 ms Interface SATA-II Buffer-to-Host Data Rate 300 MB/s Buffer Size 8 MB Device Manufacturer: Company Name Hitachi Global Storage Technologies Product Information http://www.hgst.com [ MATSHITA DVD-RAM UJ8A0AS ATA Device ] Device Properties: Driver Description MATSHITA DVD-RAM UJ8A0AS ATA Device Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File cdrom.inf Device Manufacturer: Company Name Matsushita Electric Industrial Co., Ltd. Product Information http://www.panasonic.com/industrial/optical-drives Firmware Download http://www.panasonic.com/industrial/optical-drives [ ATA Channel 0 ] Device Properties: Driver Description ATA Channel 0 Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File mshdc.inf [ ATA Channel 0 ] Device Properties: Driver Description ATA Channel 0 Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File mshdc.inf [ ATA Channel 1 ] Device Properties: Driver Description ATA Channel 1 Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File mshdc.inf [ ATA Channel 1 ] Device Properties: Driver Description ATA Channel 1 Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File mshdc.inf [ Intel(R) 6 Series/C200 Series Chipset Family 2 port Serial ATA Storage Controller - 1C09 ] Device Properties: Driver Description Intel(R) 6 Series/C200 Series Chipset Family 2 port Serial ATA Storage Controller - 1C09 Driver Date 28/9/2010 Driver Version 9.2.0.1014 Driver Provider Intel INF File oem9.inf Device Resources: IRQ 19 Port 3060-306F Port 3070-307F Port 30A0-30A7 Port 30A8-30AF Port 30C0-30C3 Port 30C4-30C7 [ Intel(R) 6 Series/C200 Series Chipset Family 4 port Serial ATA Storage Controller - 1C01 ] Device Properties: Driver Description Intel(R) 6 Series/C200 Series Chipset Family 4 port Serial ATA Storage Controller - 1C01 Driver Date 28/9/2010 Driver Version 9.2.0.1014 Driver Provider Intel INF File oem9.inf Device Resources: IRQ 19 Port 3080-308F Port 3090-309F Port 30B0-30B7 Port 30B8-30BF Port 30C8-30CB Port 30CC-30CF [ Broadcom Memory Stick ] Device Properties: Driver Description Broadcom Memory Stick Driver Date 10/12/2010 Driver Version 1.0.0.221 Driver Provider Broadcom Corporation INF File oem29.inf Device Resources: IRQ 16 Memory F3830000-F383FFFF --------[ Logical Drives ]---------------------------------------------------------------------------------------------- C: (ACER) Local Disk NTFS 228177 MB 32828 MB 195349 MB 86 % 3005-403E D: (DATA) Local Disk NTFS 228179 MB 55016 MB 173163 MB 76 % C0B0-2D93 E: (NGH15.0-SRD) Optical Drive CDFS 323 MB 323 MB 0 MB 0 % 5A3E-55D2 --------[ Physical Drives ]--------------------------------------------------------------------------------------------- [ Drive #1 - Hitachi HTS545050A7E380 (465 GB) ] #1 Unknown (Code: $27) 1 MB 20480 MB #2 (Active) NTFS 20481 MB 100 MB #3 NTFS C: (ACER) 20581 MB 228178 MB #4 NTFS D: (DATA) 248759 MB 228180 MB --------[ Optical Drives ]---------------------------------------------------------------------------------------------- [ E:\ MATSHITA DVD-RAM UJ8A0AS ATA Device ] Optical Drive Properties: Device Description MATSHITA DVD-RAM UJ8A0AS ATA Device Serial Number YN16 008104 Firmware Revision 1.00 Buffer Size 1 MB Region Code None Remaining User Changes 5 Remaining Vendor Changes 4 Supported Disk Types: BD-ROM Not Supported BD-R Not Supported BD-RE Not Supported HD DVD-ROM Not Supported HD DVD-R Dual Layer Not Supported HD DVD-RW Dual Layer Not Supported HD DVD-R Not Supported HD DVD-RW Not Supported HD DVD-RAM Not Supported DVD-ROM Read DVD+R9 Dual Layer Read + Write DVD+RW9 Dual Layer Not Supported DVD+R Read + Write DVD+RW Read + Write DVD-R9 Dual Layer Read + Write DVD-RW9 Dual Layer Not Supported DVD-R Read + Write DVD-RW Read + Write DVD-RAM Read + Write CD-ROM Read CD-R Read + Write CD-RW Read + Write Optical Drive Features: AACS Not Supported BD CPS Not Supported Buffer Underrun Protection Supported C2 Error Pointers Supported CD+G Not Supported CD-Text Supported DVD-Download Disc Recording Not Supported Hybrid Disc Not Supported JustLink Supported CPRM Supported CSS Supported LabelFlash Not Supported Layer-Jump Recording Supported LightScribe Not Supported Mount Rainier Not Supported OSSC Not Supported Qflix Recording Not Supported SecurDisc Not Supported SMART Supported VCPS Not Supported --------[ ATA ]--------------------------------------------------------------------------------------------------------- [ Hitachi HTS545050A7E380 (TEK51A39HZDRDP) ] ATA Device Properties: Model ID Hitachi HTS545050A7E380 Serial Number TEK51A39HZDRDP Revision GG2OA920 World Wide Name 5-000CCA-71EDBEA65 Device Type SATA-II Parameters 969021 cylinders, 16 heads, 63 sectors per track, 512 bytes per sector LBA Sectors 976773168 Buffer 8 MB (Dual Ported, Read Ahead) Multiple Sectors 16 ECC Bytes 4 Max. PIO Transfer Mode PIO 4 Max. MWDMA Transfer Mode MWDMA 2 Active MWDMA Transfer Mode MWDMA 2 Max. UDMA Transfer Mode UDMA 6 Unformatted Capacity 476940 MB ATA Standard ATA8-ACS ATA Device Features: 48-bit LBA Supported Advanced Power Management Supported, Enabled Automatic Acoustic Management Not Supported Device Configuration Overlay Supported DMA Setup Auto-Activate Supported, Disabled General Purpose Logging Supported Host Protected Area Supported, Enabled In-Order Data Delivery Supported, Disabled Native Command Queuing Supported Phy Event Counters Supported Power Management Supported, Enabled Power-Up In Standby Supported, Disabled Read Look-Ahead Supported, Enabled Release Interrupt Not Supported Security Mode Supported, Disabled SMART Supported, Enabled SMART Error Logging Supported SMART Self-Test Supported Software Settings Preservation Supported, Enabled Streaming Not Supported Tagged Command Queuing Not Supported Write Cache Supported, Enabled SSD Features: Data Set Management Not Supported Deterministic Read After TRIM Not Supported TRIM Command Not Supported ATA Device Physical Info: Manufacturer Hitachi Hard Disk Family Travelstar Z5K500 Form Factor 2.5" Formatted Capacity 500 GB Disks 1 Recording Surfaces 2 Physical Dimensions 100 x 70 x 7 mm Max. Weight 95 g Average Rotational Latency 5.5 ms Rotational Speed 5400 RPM Max. Internal Data Rate 1087 Mbit/s Average Seek 13 ms Track-To-Track Seek 1 ms Full Seek 25 ms Interface SATA-II Buffer-to-Host Data Rate 300 MB/s Buffer Size 8 MB ATA Device Manufacturer: Company Name Hitachi Global Storage Technologies Product Information http://www.hgst.com Driver Update http://www.aida64.com/driver-updates --------[ SMART ]------------------------------------------------------------------------------------------------------- [ Hitachi HTS545050A7E380 (TEK51A39HZDRDP) ] 01 Raw Read Error Rate 62 100 100 0 OK: Value is normal 02 Throughput Performance 40 100 100 0 OK: Value is normal 03 Spinup Time 33 245 245 1 OK: Value is normal 04 Start/Stop Count 0 100 100 98 OK: Always passes 05 Reallocated Sector Count 5 100 100 0 OK: Value is normal 07 Seek Error Rate 67 100 100 0 OK: Value is normal 08 Seek Time Performance 40 100 100 0 OK: Value is normal 09 Power-On Time Count 0 100 100 14 OK: Always passes 0A Spinup Retry Count 60 100 100 0 OK: Value is normal 0C Power Cycle Count 0 100 100 13 OK: Always passes BF Mechanical Shock 0 100 100 0 OK: Always passes C0 Power-Off Retract Count 0 100 100 3 OK: Always passes C1 Load/Unload Cycle Count 0 100 100 199 OK: Always passes C2 Temperature 0 166 166 46, 21, 36 OK: Always passes C4 Reallocation Event Count 0 100 100 0 OK: Always passes C5 Current Pending Sector Count 0 100 100 0 OK: Always passes C6 Offline Uncorrectable Sector Count 0 100 100 0 OK: Always passes C7 Ultra ATA CRC Error Rate 0 200 200 0 OK: Always passes DF Load/Unload Retry Count 0 100 100 0 OK: Always passes --------[ Windows Network ]--------------------------------------------------------------------------------------------- [ Atheros AR5B97 Wireless Network Adapter ] Network Adapter Properties: Network Adapter Atheros AR5B97 Wireless Network Adapter Interface Type 802.11 Wireless Ethernet Hardware Address E4-D5-3D-23-81-71 Connection Name Wireless Network Connection MTU 1500 bytes Bytes Received 0 Bytes Sent 0 Network Adapter Addresses: DNS 8.8.8.8 DNS 8.8.4.4 Network Adapter Manufacturer: Company Name Atheros Communications, Inc. Product Information http://www.atheros.com/networking Driver Download http://www.atheros.com Driver Update http://www.aida64.com/driver-updates [ Broadcom NetLink (TM) Gigabit Ethernet ] Network Adapter Properties: Network Adapter Broadcom NetLink (TM) Gigabit Ethernet Interface Type Gigabit Ethernet Hardware Address 20-6A-8A-64-B2-40 Connection Name Local Area Connection Connection Speed 1000 Mbps MTU 1500 bytes DHCP Lease Obtained 30/11/2012 3:21:07 PM DHCP Lease Expires 1/12/2012 3:21:07 PM Bytes Received 641817 (626.8 KB) Bytes Sent 394644 (385.4 KB) Network Adapter Addresses: IP / Subnet Mask 192.168.1.81 / 255.255.255.0 Gateway 192.168.1.254 DHCP 192.168.1.254 DNS 8.8.8.8 DNS 8.8.4.4 Network Adapter Manufacturer: Company Name Broadcom Corporation Product Information http://www.broadcom.com/products Driver Download http://www.broadcom.com/support/ethernet_nic Driver Update http://www.aida64.com/driver-updates --------[ PCI / PnP Network ]------------------------------------------------------------------------------------------- Atheros AR9287 Wireless Network Adapter PCI Broadcom NetLink BCM57785 PCI-E Gigabit Ethernet Controller PCI --------[ IAM ]--------------------------------------------------------------------------------------------------------- [ Microsoft Communities ] Account Properties: Account Name Microsoft Communities Account ID account{0037F694-7D3C-4C51-A450-5BAB1166F2DD}.oeaccount Account Type News (Default) Application Name Microsoft Windows Mail Connection Name Not Specified (IE Default) NNTP Server msnews.microsoft.com Account Features: NNTP Prompt For Password No NNTP Secure Authentication No NNTP Secure Connection No NNTP Use Group Descriptions No NNTP Post Using Plain Text Format No NNTP Post Using HTML Format No [ Active Directory ] Account Properties: Account Name Active Directory Account ID account{92EE2977-AFBF-4AA6-8F16-57A72335B49E}.oeaccount Account Type LDAP Application Name Microsoft Windows Mail Connection Name Not Specified (IE Default) LDAP Server NULL:3268 LDAP User Name NULL LDAP Search Base NULL LDAP Search Timeout 1 min Account Features: LDAP Authentication Required Yes LDAP Secure Authentication Yes LDAP Secure Connection No LDAP Simple Search Filter No [ VeriSign Internet Directory Service ] Account Properties: Account Name VeriSign Internet Directory Service Account ID account{4911CF2F-D6BB-421D-82BD-82315FFEC566}.oeaccount Account Type LDAP (Default) Application Name Microsoft Windows Mail Connection Name Not Specified (IE Default) LDAP Server directory.verisign.com LDAP URL http://www.verisign.com LDAP Search Base NULL LDAP Search Timeout 1 min Account Features: LDAP Authentication Required No LDAP Secure Authentication No LDAP Secure Connection No LDAP Simple Search Filter Yes --------[ Internet ]---------------------------------------------------------------------------------------------------- Internet Settings: Start Page http://www.google.com.tw/ Search Page http://go.microsoft.com/fwlink/?LinkId=54896 Local Page C:\Windows\system32\blank.htm Download Folder Current Proxy: Proxy Status Disabled LAN Proxy: Proxy Status Disabled --------[ Routes ]------------------------------------------------------------------------------------------------------ Active 0.0.0.0 0.0.0.0 192.168.1.254 10 192.168.1.81 (Broadcom NetLink (TM) Gigabit Ethernet) Active 127.0.0.0 255.0.0.0 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1) Active 127.0.0.1 255.255.255.255 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1) Active 127.255.255.255 255.255.255.255 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1) Active 192.168.1.0 255.255.255.0 192.168.1.81 266 192.168.1.81 (Broadcom NetLink (TM) Gigabit Ethernet) Active 192.168.1.81 255.255.255.255 192.168.1.81 266 192.168.1.81 (Broadcom NetLink (TM) Gigabit Ethernet) Active 192.168.1.255 255.255.255.255 192.168.1.81 266 192.168.1.81 (Broadcom NetLink (TM) Gigabit Ethernet) Active 224.0.0.0 240.0.0.0 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1) Active 224.0.0.0 240.0.0.0 192.168.1.81 266 192.168.1.81 (Broadcom NetLink (TM) Gigabit Ethernet) Active 255.255.255.255 255.255.255.255 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1) Active 255.255.255.255 255.255.255.255 192.168.1.81 266 192.168.1.81 (Broadcom NetLink (TM) Gigabit Ethernet) --------[ IE Cookie ]--------------------------------------------------------------------------------------------------- 2012-11-29 20:51:40 user@ero-advertising.com/ 2012-11-29 20:51:41 user@realnetworkssharedse.tt.omtrdc.net/m2/realnetworkssharedse 2012-11-29 20:51:42 user@ad.yieldmanager.com/ 2012-11-29 20:51:42 user@yahoo.com/ 2012-11-29 20:51:44 user@adnxs.com/ 2012-11-29 20:51:44 user@p-real.com/ 2012-11-29 21:31:09 user@moovielive.com/ 2012-11-29 21:32:56 user@gocyberlink.com/ 2012-11-29 21:35:33 user@winamp.com/ 2012-11-29 21:35:34 user@aol.com/ 2012-11-30 10:53:02 user@nero.com/ 2012-11-30 12:25:05 user@real.com/ --------[ Browser History ]--------------------------------------------------------------------------------------------- 2012-11-30 11:57:07 user@file:///C:/Users/user/AppData/Roaming/Microsoft/Templates/Normal.dotm --------[ DirectX Files ]----------------------------------------------------------------------------------------------- amstream.dll 6.06.7601.17514 Final Retail English 70656 21/11/2010 11:24:00 AM bdaplgin.ax 6.01.7600.16385 Final Retail English 74240 14/7/2009 9:14:10 AM d3d8.dll 6.01.7600.16385 Final Retail English 1036800 14/7/2009 9:15:08 AM d3d8thk.dll 6.01.7600.16385 Final Retail English 11264 14/7/2009 9:15:08 AM d3d9.dll 6.01.7601.17514 Final Retail English 1828352 21/11/2010 11:24:23 AM d3dim.dll 6.01.7600.16385 Final Retail English 386048 14/7/2009 9:15:08 AM d3dim700.dll 6.01.7600.16385 Final Retail English 817664 14/7/2009 9:15:08 AM d3dramp.dll 6.01.7600.16385 Final Retail English 593920 14/7/2009 9:15:08 AM d3dxof.dll 6.01.7600.16385 Final Retail English 53760 14/7/2009 9:15:08 AM ddraw.dll 6.01.7600.16385 Final Retail English 531968 14/7/2009 9:15:10 AM ddrawex.dll 6.01.7600.16385 Final Retail English 30208 14/7/2009 9:15:10 AM devenum.dll 6.06.7600.16385 Final Retail English 66560 14/7/2009 9:15:10 AM dinput.dll 6.01.7600.16385 Final Retail English 136704 14/7/2009 9:15:11 AM dinput8.dll 6.01.7600.16385 Final Retail English 145408 14/7/2009 9:15:11 AM dmband.dll 6.01.7600.16385 Final Retail English 30720 14/7/2009 9:15:12 AM dmcompos.dll 6.01.7600.16385 Final Retail English 63488 14/7/2009 9:15:12 AM dmime.dll 6.01.7600.16385 Final Retail English 179712 14/7/2009 9:15:12 AM dmloader.dll 6.01.7600.16385 Final Retail English 38400 14/7/2009 9:15:12 AM dmscript.dll 6.01.7600.16385 Final Retail English 86016 14/7/2009 9:15:12 AM dmstyle.dll 6.01.7600.16385 Final Retail English 105984 14/7/2009 9:15:12 AM dmsynth.dll 6.01.7600.16385 Final Retail English 105472 14/7/2009 9:15:12 AM dmusic.dll 6.01.7600.16385 Final Retail English 101376 14/7/2009 9:15:12 AM dplaysvr.exe 6.01.7600.16385 Final Retail English 29184 14/7/2009 9:14:18 AM dplayx.dll 6.01.7600.16385 Final Retail English 213504 14/7/2009 9:15:12 AM dpmodemx.dll 6.01.7600.16385 Final Retail English 23040 14/7/2009 9:15:12 AM dpnaddr.dll 6.01.7601.17514 Final Retail English 2560 21/11/2010 11:23:53 AM dpnet.dll 6.01.7600.16385 Final Retail English 376832 14/7/2009 9:15:12 AM dpnhpast.dll 6.01.7600.16385 Final Retail English 7168 14/7/2009 9:15:12 AM dpnhupnp.dll 6.01.7600.16385 Final Retail English 7168 14/7/2009 9:15:12 AM dpnlobby.dll 6.01.7600.16385 Final Retail English 2560 14/7/2009 9:04:52 AM dpnsvr.exe 6.01.7600.16385 Final Retail English 33280 14/7/2009 9:14:18 AM dpwsockx.dll 6.01.7600.16385 Final Retail English 44032 14/7/2009 9:15:12 AM dsdmo.dll 6.01.7600.16385 Final Retail English 173568 14/7/2009 9:15:13 AM dsound.dll 6.01.7600.16385 Final Retail English 453632 14/7/2009 9:15:13 AM dswave.dll 6.01.7600.16385 Final Retail English 20992 14/7/2009 9:15:13 AM dxdiagn.dll 6.01.7601.17514 Final Retail English 210432 21/11/2010 11:24:22 AM dxmasf.dll 12.00.7601.17514 Final Retail English 4096 21/11/2010 11:25:10 AM encapi.dll 6.01.7600.16385 Final Retail English 20992 14/7/2009 9:15:14 AM gcdef.dll 6.01.7600.16385 Final Retail English 120832 14/7/2009 9:15:22 AM iac25_32.ax 2.00.0005.0053 Final Retail English 197632 14/7/2009 9:14:10 AM ir41_32.ax 4.51.0016.0003 Final Retail English 839680 14/7/2009 9:14:10 AM ir41_qc.dll 4.30.0062.0002 Final Retail English 120320 14/7/2009 9:15:34 AM ir41_qcx.dll 4.30.0062.0002 Final Retail English 120320 14/7/2009 9:15:34 AM ir50_32.dll 5.2562.0015.0055 Final Retail English 746496 14/7/2009 9:15:34 AM ir50_qc.dll 5.00.0063.0048 Final Retail English 200192 14/7/2009 9:15:34 AM ir50_qcx.dll 5.00.0063.0048 Final Retail English 200192 14/7/2009 9:15:34 AM ivfsrc.ax 5.10.0002.0051 Final Retail English 146944 14/7/2009 9:14:10 AM joy.cpl 6.01.7600.16385 Final Retail English 138240 14/7/2009 9:14:09 AM ksproxy.ax 6.01.7601.17514 Final Retail English 193536 21/11/2010 11:24:32 AM kstvtune.ax 6.01.7601.17514 Final Retail English 84480 21/11/2010 11:25:10 AM ksuser.dll 6.01.7600.16385 Final Retail English 4608 14/7/2009 9:15:35 AM kswdmcap.ax 6.01.7601.17514 Final Retail English 107008 21/11/2010 11:24:15 AM ksxbar.ax 6.01.7601.17514 Final Retail English 48640 21/11/2010 11:25:10 AM mciqtz32.dll 6.06.7601.17514 Final Retail English 36352 21/11/2010 11:24:00 AM mfc40.dll 4.01.0000.6151 Beta Retail English 954752 21/11/2010 11:24:00 AM mfc42.dll 6.06.8064.0000 Beta Retail English 1137664 11/3/2011 1:33:59 PM mpeg2data.ax 6.06.7601.17514 Final Retail English 72704 21/11/2010 11:25:10 AM mpg2splt.ax 6.06.7601.17528 Final Retail English 199680 23/12/2010 1:50:23 PM msdmo.dll 6.06.7601.17514 Final Retail English 30720 21/11/2010 11:24:02 AM msdvbnp.ax 6.06.7601.17514 Final Retail English 59904 21/11/2010 11:25:10 AM msvidctl.dll 6.05.7601.17514 Final Retail English 2291712 21/11/2010 11:25:10 AM msyuv.dll 6.01.7601.17514 Final Retail English 22528 21/11/2010 11:23:50 AM pid.dll 6.01.7600.16385 Final Retail English 36352 14/7/2009 9:16:12 AM psisdecd.dll 6.06.7600.16385 Final Retail English 465408 14/7/2009 9:16:12 AM psisrndr.ax 6.06.7601.17514 Final Retail English 75776 21/11/2010 11:25:10 AM qasf.dll 12.00.7601.17514 Final Retail English 206848 21/11/2010 11:24:01 AM qcap.dll 6.06.7601.17514 Final Retail English 190976 21/11/2010 11:24:08 AM qdv.dll 6.06.7601.17514 Final Retail English 283136 21/11/2010 11:24:09 AM qdvd.dll 6.06.7601.17514 Final Retail English 514560 21/11/2010 11:23:55 AM qedit.dll 6.06.7601.17514 Final Retail English 509440 21/11/2010 11:25:10 AM qedwipes.dll 6.06.7600.16385 Final Retail English 733184 14/7/2009 9:09:35 AM quartz.dll 6.06.7601.17514 Final Retail English 1328128 21/11/2010 11:23:56 AM vbisurf.ax 6.01.7601.17514 Final Retail English 33792 21/11/2010 11:25:10 AM vfwwdm32.dll 6.01.7601.17514 Final Retail English 56832 21/11/2010 11:24:09 AM wsock32.dll 6.01.7600.16385 Final Retail English 15360 14/7/2009 9:16:20 AM --------[ DirectX Video ]----------------------------------------------------------------------------------------------- [ Primary Display Driver ] DirectDraw Device Properties: DirectDraw Driver Name display DirectDraw Driver Description Primary Display Driver Hardware Driver igdumdx32.dll (8.15.10.2345) Hardware Description Intel(R) HD Graphics Family Direct3D Device Properties: Rendering Bit Depths 16, 32 Z-Buffer Bit Depths 16, 24, 32 Multisample Anti-Aliasing Modes MSAA 2x, MSAA 4x Min Texture Size 1 x 1 Max Texture Size 4096 x 4096 Unified Shader Version 4.1 DirectX Hardware Support DirectX v10.1 Direct3D Device Features: Additive Texture Blending Supported AGP Texturing Not Supported Anisotropic Filtering Supported Automatic Mipmap Generation Supported Bilinear Filtering Supported Compute Shader Supported Cubic Environment Mapping Supported Cubic Filtering Not Supported Decal-Alpha Texture Blending Supported Decal Texture Blending Supported DirectX Texture Compression Not Supported DirectX Volumetric Texture Compression Not Supported Dithering Supported Dot3 Texture Blending Supported Double-Precision Floating-Point Not Supported Driver Concurrent Creates Supported Driver Command Lists Not Supported Dynamic Textures Supported Edge Anti-Aliasing Not Supported Environmental Bump Mapping Supported Environmental Bump Mapping + Luminance Supported Factor Alpha Blending Supported Geometric Hidden-Surface Removal Not Supported Geometry Shader Supported Guard Band Supported Hardware Scene Rasterization Supported Hardware Transform & Lighting Not Supported Legacy Depth Bias Supported Mipmap LOD Bias Adjustments Supported Mipmapped Cube Textures Supported Mipmapped Volume Textures Supported Modulate-Alpha Texture Blending Supported Modulate Texture Blending Supported Non-Square Textures Supported N-Patches Not Supported Perspective Texture Correction Supported Point Sampling Supported Projective Textures Not Supported Quintic Bezier Curves & B-Splines Not Supported Range-Based Fog Not Supported Rectangular & Triangular Patches Not Supported Rendering In Windowed Mode Supported Scissor Test Supported Slope-Scale Based Depth Bias Supported Specular Flat Shading Supported Specular Gouraud Shading Supported Specular Phong Shading Not Supported Spherical Mapping Supported Stencil Buffers Supported Sub-Pixel Accuracy Supported Subtractive Texture Blending Supported Table Fog Supported Texture Alpha Blending Supported Texture Clamping Supported Texture Mirroring Supported Texture Transparency Supported Texture Wrapping Supported Triangle Culling Not Supported Trilinear Filtering Supported Two-Sided Stencil Test Supported Vertex Alpha Blending Supported Vertex Fog Supported Vertex Tweening Supported Volume Textures Supported W-Based Fog Supported W-Buffering Not Supported Z-Based Fog Supported Z-Bias Supported Z-Test Not Supported Supported FourCC Codes: AI44 Supported AYUV Supported I420 Supported IA44 Supported IMC1 Supported IMC2 Supported IMC3 Supported IMC4 Supported IYUV Supported NV11 Supported NV12 Supported P208 Supported UYVY Supported VYUY Supported YUY2 Supported YV12 Supported YVU9 Supported YVYU Supported Video Adapter Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/graphics Driver Update http://www.aida64.com/driver-updates --------[ DirectX Sound ]----------------------------------------------------------------------------------------------- [ Primary Sound Driver ] DirectSound Device Properties: Device Description Primary Sound Driver Driver Module Primary Buffers 1 Min / Max Secondary Buffers Sample Rate 100 / 200000 Hz Primary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Secondary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Total / Free Sound Buffers 1 / 0 Total / Free Static Sound Buffers 1 / 0 Total / Free Streaming Sound Buffers 1 / 0 Total / Free 3D Sound Buffers 0 / 0 Total / Free 3D Static Sound Buffers 0 / 0 Total / Free 3D Streaming Sound Buffers 0 / 0 DirectSound Device Features: Certified Driver No Emulated Device No Precise Sample Rate Supported DirectSound3D Not Supported Creative EAX 1.0 Not Supported Creative EAX 2.0 Not Supported Creative EAX 3.0 Not Supported Creative EAX 4.0 Not Supported Creative EAX 5.0 Not Supported I3DL2 Not Supported Sensaura ZoomFX Not Supported [ Speakers (Realtek High Definition Audio) ] DirectSound Device Properties: Device Description Speakers (Realtek High Definition Audio) Driver Module {0.0.0.00000000}.{9fb3c28a-ee43-480f-bbf0-d110ff63cd40} Primary Buffers 1 Min / Max Secondary Buffers Sample Rate 100 / 200000 Hz Primary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Secondary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Total / Free Sound Buffers 1 / 0 Total / Free Static Sound Buffers 1 / 0 Total / Free Streaming Sound Buffers 1 / 0 Total / Free 3D Sound Buffers 0 / 0 Total / Free 3D Static Sound Buffers 0 / 0 Total / Free 3D Streaming Sound Buffers 0 / 0 DirectSound Device Features: Certified Driver No Emulated Device No Precise Sample Rate Supported DirectSound3D Not Supported Creative EAX 1.0 Not Supported Creative EAX 2.0 Not Supported Creative EAX 3.0 Not Supported Creative EAX 4.0 Not Supported Creative EAX 5.0 Not Supported I3DL2 Not Supported Sensaura ZoomFX Not Supported --------[ DirectX Input ]----------------------------------------------------------------------------------------------- [ Mouse ] DirectInput Device Properties: Device Description Mouse Device Type Unknown Device Subtype Unknown Axes 3 Buttons/Keys 5 DirectInput Device Features: Emulated Device Yes Alias Device No Polled Device No Polled Data Format No Attack Force Feedback Not Supported Deadband Force Feedback Not Supported Fade Force Feedback Not Supported Force Feedback Not Supported Saturation Force Feedback Not Supported +/- Force Feedback Coefficients Not Supported +/- Force Feedback Saturation Not Supported [ Keyboard ] DirectInput Device Properties: Device Description Keyboard Device Type Unknown Device Subtype Unknown Buttons/Keys 128 DirectInput Device Features: Emulated Device Yes Alias Device No Polled Device No Polled Data Format No Attack Force Feedback Not Supported Deadband Force Feedback Not Supported Fade Force Feedback Not Supported Force Feedback Not Supported Saturation Force Feedback Not Supported +/- Force Feedback Coefficients Not Supported +/- Force Feedback Saturation Not Supported --------[ Windows Devices ]--------------------------------------------------------------------------------------------- [ Devices ] Batteries: Microsoft AC Adapter 6.1.7600.16385 Microsoft ACPI-Compliant Control Method Battery 6.1.7600.16385 Microsoft Composite Battery 6.1.7600.16385 Computer: ACPI x64-based PC 6.1.7600.16385 Disk drives: Hitachi HTS545050A7E380 ATA Device 6.1.7600.16385 Display adapters: Intel(R) HD Graphics Family 8.15.10.2345 NVIDIA GeForce 610M 8.17.12.8590 DVD/CD-ROM drives: MATSHITA DVD-RAM UJ8A0AS ATA Device 6.1.7601.17514 IDE ATA/ATAPI controllers: ATA Channel 0 6.1.7601.17514 ATA Channel 0 6.1.7601.17514 ATA Channel 1 6.1.7601.17514 ATA Channel 1 6.1.7601.17514 Intel(R) 6 Series/C200 Series Chipset Family 2 port Serial ATA Storage Controller - 1C099.2.0.1014 Intel(R) 6 Series/C200 Series Chipset Family 4 port Serial ATA Storage Controller - 1C019.2.0.1014 Imaging devices: 1.3M HD WebCam 6.1.7601.17514 Keyboards: Standard PS/2 Keyboard 6.1.7601.17514 Mice and other pointing devices: Synaptics PS/2 Port TouchPad 15.1.18.0 Monitors: Generic PnP Monitor 6.1.7600.16385 Network adapters: Atheros AR5B97 Wireless Network Adapter 9.1.0.209 Broadcom NetLink (TM) Gigabit Ethernet 14.4.0.4 Microsoft ISATAP Adapter #2 6.1.7600.16385 Microsoft ISATAP Adapter #3 6.1.7600.16385 Microsoft ISATAP Adapter 6.1.7600.16385 Teredo Tunneling Pseudo-Interface 6.1.7600.16385 WAN Miniport (IKEv2) 6.1.7601.17514 WAN Miniport (IP) 6.1.7601.17514 WAN Miniport (IPv6) 6.1.7601.17514 WAN Miniport (L2TP) 6.1.7601.17514 WAN Miniport (Network Monitor) 6.1.7601.17514 WAN Miniport (PPPOE) 6.1.7601.17514 WAN Miniport (PPTP) 6.1.7601.17514 WAN Miniport (SSTP) 6.1.7601.17514 Non-Plug and Play Drivers: Ancillary Function Driver for Winsock Beep Bitlocker Drive Encryption Filter Driver CNG Common Log (CLFS) Dynamic Volume Manager Hardware Policy Driver HTTP Kernel Mode Driver Frameworks service KSecDD KSecPkg LDDM Graphics Subsystem Link-Layer Topology Discovery Mapper I/O Driver Link-Layer Topology Discovery Responder Mount Point Manager msahci msisadrv mwlPSDNServ mwlPSDVDisk NativeWiFi Filter NDIS System Driver NDIS Usermode I/O Protocol NDProxy NETBT NetIO Legacy TDI Support Driver NSI proxy service driver. ntk_PowerDVD Null nvpciflt pciide PEAUTH Performance Counters for Windows Driver Power Control [2012/11/29 21:28:12] QoS Packet Scheduler RDP Encoder Mirror Driver RDPCDD Reflector Display Driver used to gain access to graphics data Remote Access IPv6 ARP Driver Security Driver Security Processor Loader Driver Storage volumes System Attribute Cache TCP/IP Protocol Driver TCP/IP Registry Compatibility User Mode Driver Frameworks Platform Driver VgaSave Virtual WiFi Filter Driver WFP Lightweight Filter Windows Firewall Authorization Driver Processors: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz 6.1.7600.16385 Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz 6.1.7600.16385 Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz 6.1.7600.16385 Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz 6.1.7600.16385 SD host adapters: Broadcom SD Host Controller 1.0.0.218 Sound, video and game controllers: Intel(R) Display Audio 6.14.0.3074 Realtek High Definition Audio 6.0.1.6423 Storage controllers: Broadcom Memory Stick 1.0.0.221 Storage Volumes: Generic volume 6.1.7601.17514 Generic volume 6.1.7601.17514 Generic volume 6.1.7601.17514 Generic volume 6.1.7601.17514 System devices: 2nd generation Intel(R) Core(TM) processor family DRAM Controller - 01049.2.0.1011 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 01019.2.0.1011 ACPI Fixed Feature Button 6.1.7601.17514 ACPI Lid 6.1.7601.17514 ACPI Sleep Button 6.1.7601.17514 ACPI Thermal Zone 6.1.7601.17514 ACPI Thermal Zone 6.1.7601.17514 Atheros Bluetooth Bus 7.4.0.90 Broadcom xD Picture Bus Driver 1.0.0.43 Broadcom xD Picture Card Host Controller 1.0.0.43 Composite Bus Enumerator 6.1.7601.17514 Direct memory access controller 6.1.7601.17514 File as Volume Driver 6.1.7600.16385 High Definition Audio Controller 6.1.7601.17514 High precision event timer 6.1.7601.17514 Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C109.2.0.1016 Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C129.2.0.1016 Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C169.2.0.1016 Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 5 - 1C189.2.0.1016 Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C229.2.0.1011 Intel(R) 82802 Firmware Hub Device 6.1.7601.17514 Intel(R) HM65 Express Chipset Family LPC Interface Controller - 1C499.2.0.1016 Intel(R) Management Engine Interface 7.0.0.1144 Microsoft ACPI-Compliant Embedded Controller 6.1.7601.17514 Microsoft ACPI-Compliant System 6.1.7601.17514 Microsoft System Management BIOS Driver 6.1.7601.17514 Microsoft Virtual Drive Enumerator Driver 6.1.7601.17514 Microsoft Windows Management Interface for ACPI 6.1.7601.17514 Microsoft Windows Management Interface for ACPI 6.1.7601.17514 Motherboard resources 6.1.7601.17514 Motherboard resources 6.1.7601.17514 Motherboard resources 6.1.7601.17514 Motherboard resources 6.1.7601.17514 Numeric data processor 6.1.7601.17514 PCI bus 6.1.7601.17514 Plug and Play Software Device Enumerator 6.1.7601.17514 Programmable interrupt controller 6.1.7601.17514 System board 6.1.7601.17514 System CMOS/real time clock 6.1.7601.17514 System timer 6.1.7601.17514 Terminal Server Keyboard Driver 6.1.7601.17514 Terminal Server Mouse Driver 6.1.7601.17514 UMBus Enumerator 6.1.7601.17514 UMBus Root Bus Enumerator 6.1.7601.17514 Volume Manager 6.1.7601.17514 Universal Serial Bus controllers: Generic USB Hub 6.1.7601.17586 Generic USB Hub 6.1.7601.17586 Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C269.2.0.1021 Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D9.2.0.1021 Renesas Electronics USB 3.0 Host Controller 2.0.32.0 Renesas Electronics USB 3.0 Root Hub 2.0.32.0 USB Composite Device 6.1.7601.17586 USB Root Hub 6.1.7601.17586 USB Root Hub 6.1.7601.17586 [ Batteries / Microsoft AC Adapter ] Device Properties: Driver Description Microsoft AC Adapter Driver Date 21/6/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File battery.inf Hardware ID ACPI\ACPI0003 PnP Device Microsoft AC Adapter [ Batteries / Microsoft ACPI-Compliant Control Method Battery ] Device Properties: Driver Description Microsoft ACPI-Compliant Control Method Battery Driver Date 21/6/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File battery.inf Hardware ID ACPI\PNP0C0A PnP Device Control Method Battery [ Batteries / Microsoft Composite Battery ] Device Properties: Driver Description Microsoft Composite Battery Driver Date 21/6/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File battery.inf Hardware ID COMPOSITE_BATTERY [ Computer / ACPI x64-based PC ] Device Properties: Driver Description ACPI x64-based PC Driver Date 21/6/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File hal.inf Hardware ID acpiapic [ Disk drives / Hitachi HTS545050A7E380 ATA Device ] Device Properties: Driver Description Hitachi HTS545050A7E380 ATA Device Driver Date 21/6/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File disk.inf Hardware ID IDE\DiskHitachi_HTS545050A7E380_________________GG2OA920 Location Information Channel 0, Target 0, Lun 0 Device Manufacturer: Company Name Hitachi Global Storage Technologies Product Information http://www.hgst.com Driver Update http://www.aida64.com/driver-updates [ Display adapters / Intel(R) HD Graphics Family ] Device Properties: Driver Description Intel(R) HD Graphics Family Driver Date 26/3/2011 Driver Version 8.15.10.2345 Driver Provider Intel Corporation INF File oem3.inf Hardware ID PCI\VEN_8086&DEV_0126&SUBSYS_05071025&REV_09 Location Information PCI bus 0, device 2, function 0 PCI Device Intel Sandy Bridge-MB - Integrated Graphics Controller (MB GT2 1.3GHz+) Device Resources: IRQ 65536 Memory 000A0000-000BFFFF Memory D0000000-DFFFFFFF Memory F3400000-F37FFFFF Port 03B0-03BB Port 03C0-03DF Port 3000-303F Video Adapter Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/graphics Driver Update http://www.aida64.com/driver-updates [ Display adapters / NVIDIA GeForce 610M ] Device Properties: Driver Description NVIDIA GeForce 610M Driver Date 27/11/2011 Driver Version 8.17.12.8590 Driver Provider NVIDIA INF File oem32.inf Hardware ID PCI\VEN_10DE&DEV_0DEA&SUBSYS_05071025&REV_A1 Location Information PCI bus 1, device 0, function 0 PCI Device nVIDIA GeForce 610M (Acer) Video Adapter Device Resources: IRQ 16 Memory E0000000-EFFFFFFF Memory F0000000-F1FFFFFF Memory F2000000-F2FFFFFF Port 2F80-2FFF Video Adapter Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/products.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ DVD/CD-ROM drives / MATSHITA DVD-RAM UJ8A0AS ATA Device ] Device Properties: Driver Description MATSHITA DVD-RAM UJ8A0AS ATA Device Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File cdrom.inf Hardware ID IDE\CdRomMATSHITA_DVD-RAM_UJ8A0AS________________1.00____ Location Information Channel 1, Target 0, Lun 0 Device Manufacturer: Company Name Matsushita Electric Industrial Co., Ltd. Product Information http://www.panasonic.com/industrial/optical-drives Firmware Download http://www.panasonic.com/industrial/optical-drives Driver Update http://www.aida64.com/driver-updates [ IDE ATA/ATAPI controllers / ATA Channel 0 ] Device Properties: Driver Description ATA Channel 0 Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File mshdc.inf Hardware ID Intel-1c01 Location Information Channel 0 [ IDE ATA/ATAPI controllers / ATA Channel 0 ] Device Properties: Driver Description ATA Channel 0 Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File mshdc.inf Hardware ID Intel-1c09 Location Information Channel 0 [ IDE ATA/ATAPI controllers / ATA Channel 1 ] Device Properties: Driver Description ATA Channel 1 Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File mshdc.inf Hardware ID Intel-1c01 Location Information Channel 1 [ IDE ATA/ATAPI controllers / ATA Channel 1 ] Device Properties: Driver Description ATA Channel 1 Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File mshdc.inf Hardware ID Intel-1c09 Location Information Channel 1 [ IDE ATA/ATAPI controllers / Intel(R) 6 Series/C200 Series Chipset Family 2 port Serial ATA Storage Controller - 1C09 ] Device Properties: Driver Description Intel(R) 6 Series/C200 Series Chipset Family 2 port Serial ATA Storage Controller - 1C09 Driver Date 28/9/2010 Driver Version 9.2.0.1014 Driver Provider Intel INF File oem9.inf Hardware ID PCI\VEN_8086&DEV_1C09&SUBSYS_05061025&REV_04 Location Information PCI bus 0, device 31, function 5 PCI Device Intel Cougar Point-M PCH - SATA 2-Port Controller [B-2] Device Resources: IRQ 19 Port 3060-306F Port 3070-307F Port 30A0-30A7 Port 30A8-30AF Port 30C0-30C3 Port 30C4-30C7 [ IDE ATA/ATAPI controllers / Intel(R) 6 Series/C200 Series Chipset Family 4 port Serial ATA Storage Controller - 1C01 ] Device Properties: Driver Description Intel(R) 6 Series/C200 Series Chipset Family 4 port Serial ATA Storage Controller - 1C01 Driver Date 28/9/2010 Driver Version 9.2.0.1014 Driver Provider Intel INF File oem9.inf Hardware ID PCI\VEN_8086&DEV_1C01&SUBSYS_05061025&REV_04 Location Information PCI bus 0, device 31, function 2 PCI Device Intel Cougar Point-M PCH - SATA Controller [B-2] Device Resources: IRQ 19 Port 3080-308F Port 3090-309F Port 30B0-30B7 Port 30B8-30BF Port 30C8-30CB Port 30CC-30CF [ Imaging devices / 1.3M HD WebCam ] Device Properties: Driver Description 1.3M HD WebCam Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File usbvideo.inf Hardware ID USB\VID_064E&PID_C21C&REV_0110&MI_00 Location Information 0000.001a.0000.001.005.000.000.000.000 [ Keyboards / Standard PS/2 Keyboard ] Device Properties: Driver Description Standard PS/2 Keyboard Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File keyboard.inf Hardware ID ACPI\PNP0303 PnP Device 101/102-Key or MS Natural Keyboard Device Resources: IRQ 01 Port 0060-0060 Port 0064-0064 [ Mice and other pointing devices / Synaptics PS/2 Port TouchPad ] Device Properties: Driver Description Synaptics PS/2 Port TouchPad Driver Date 8/10/2010 Driver Version 15.1.18.0 Driver Provider Synaptics INF File oem26.inf Hardware ID ACPI\SYN1B45 PnP Device Synaptics PS/2 Port TouchPad Device Resources: IRQ 12 [ Monitors / Generic PnP Monitor ] Device Properties: Driver Description Generic PnP Monitor Driver Date 21/6/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File monitor.inf Hardware ID MONITOR\AUO183C [ Network adapters / Atheros AR5B97 Wireless Network Adapter ] Device Properties: Driver Description Atheros AR5B97 Wireless Network Adapter Driver Date 3/9/2010 Driver Version 9.1.0.209 Driver Provider Atheros Communications Inc. INF File oem28.inf Hardware ID PCI\VEN_168C&DEV_002E&SUBSYS_E034105B&REV_01 Location Information PCI bus 3, device 0, function 0 PCI Device Atheros AR9287 Wireless Network Adapter Device Resources: IRQ 17 Memory F3A00000-F3A0FFFF Network Adapter Manufacturer: Company Name Atheros Communications, Inc. Product Information http://www.atheros.com/networking Driver Download http://www.atheros.com Driver Update http://www.aida64.com/driver-updates [ Network adapters / Broadcom NetLink (TM) Gigabit Ethernet ] Device Properties: Driver Description Broadcom NetLink (TM) Gigabit Ethernet Driver Date 1/11/2010 Driver Version 14.4.0.4 Driver Provider Broadcom INF File oem13.inf Hardware ID PCI\VEN_14E4&DEV_16B5&SUBSYS_05001025&REV_10 Location Information PCI bus 4, device 0, function 0 PCI Device Broadcom NetLink BCM57785 PCI-E Gigabit Ethernet Controller Device Resources: IRQ 65536 IRQ 65536 IRQ 65536 IRQ 65536 IRQ 65536 Memory F3800000-F380FFFF Memory F3810000-F381FFFF Network Adapter Manufacturer: Company Name Broadcom Corporation Product Information http://www.broadcom.com/products Driver Download http://www.broadcom.com/support/ethernet_nic Driver Update http://www.aida64.com/driver-updates [ Network adapters / Microsoft ISATAP Adapter #2 ] Device Properties: Driver Description Microsoft ISATAP Adapter #2 Driver Date 21/6/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File nettun.inf Hardware ID *ISATAP [ Network adapters / Microsoft ISATAP Adapter #3 ] Device Properties: Driver Description Microsoft ISATAP Adapter #3 Driver Date 21/6/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File nettun.inf Hardware ID *ISATAP [ Network adapters / Microsoft ISATAP Adapter ] Device Properties: Driver Description Microsoft ISATAP Adapter Driver Date 21/6/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File nettun.inf Hardware ID *ISATAP [ Network adapters / Teredo Tunneling Pseudo-Interface ] Device Properties: Driver Description Teredo Tunneling Pseudo-Interface Driver Date 21/6/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File nettun.inf Hardware ID *TEREDO [ Network adapters / WAN Miniport (IKEv2) ] Device Properties: Driver Description WAN Miniport (IKEv2) Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File netavpna.inf Hardware ID ms_agilevpnminiport [ Network adapters / WAN Miniport (IP) ] Device Properties: Driver Description WAN Miniport (IP) Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File netrasa.inf Hardware ID ms_ndiswanip [ Network adapters / WAN Miniport (IPv6) ] Device Properties: Driver Description WAN Miniport (IPv6) Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File netrasa.inf Hardware ID ms_ndiswanipv6 [ Network adapters / WAN Miniport (L2TP) ] Device Properties: Driver Description WAN Miniport (L2TP) Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File netrasa.inf Hardware ID ms_l2tpminiport [ Network adapters / WAN Miniport (Network Monitor) ] Device Properties: Driver Description WAN Miniport (Network Monitor) Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File netrasa.inf Hardware ID ms_ndiswanbh [ Network adapters / WAN Miniport (PPPOE) ] Device Properties: Driver Description WAN Miniport (PPPOE) Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File netrasa.inf Hardware ID ms_pppoeminiport [ Network adapters / WAN Miniport (PPTP) ] Device Properties: Driver Description WAN Miniport (PPTP) Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File netrasa.inf Hardware ID ms_pptpminiport [ Network adapters / WAN Miniport (SSTP) ] Device Properties: Driver Description WAN Miniport (SSTP) Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File netsstpa.inf Hardware ID ms_sstpminiport [ Non-Plug and Play Drivers / Ancillary Function Driver for Winsock ] Device Properties: Driver Description Ancillary Function Driver for Winsock [ Non-Plug and Play Drivers / Beep ] Device Properties: Driver Description Beep [ Non-Plug and Play Drivers / Bitlocker Drive Encryption Filter Driver ] Device Properties: Driver Description Bitlocker Drive Encryption Filter Driver [ Non-Plug and Play Drivers / CNG ] Device Properties: Driver Description CNG [ Non-Plug and Play Drivers / Common Log (CLFS) ] Device Properties: Driver Description Common Log (CLFS) [ Non-Plug and Play Drivers / Dynamic Volume Manager ] Device Properties: Driver Description Dynamic Volume Manager [ Non-Plug and Play Drivers / Hardware Policy Driver ] Device Properties: Driver Description Hardware Policy Driver [ Non-Plug and Play Drivers / HTTP ] Device Properties: Driver Description HTTP [ Non-Plug and Play Drivers / Kernel Mode Driver Frameworks service ] Device Properties: Driver Description Kernel Mode Driver Frameworks service [ Non-Plug and Play Drivers / KSecDD ] Device Properties: Driver Description KSecDD [ Non-Plug and Play Drivers / KSecPkg ] Device Properties: Driver Description KSecPkg [ Non-Plug and Play Drivers / LDDM Graphics Subsystem ] Device Properties: Driver Description LDDM Graphics Subsystem [ Non-Plug and Play Drivers / Link-Layer Topology Discovery Mapper I/O Driver ] Device Properties: Driver Description Link-Layer Topology Discovery Mapper I/O Driver [ Non-Plug and Play Drivers / Link-Layer Topology Discovery Responder ] Device Properties: Driver Description Link-Layer Topology Discovery Responder [ Non-Plug and Play Drivers / Mount Point Manager ] Device Properties: Driver Description Mount Point Manager [ Non-Plug and Play Drivers / msahci ] Device Properties: Driver Description msahci [ Non-Plug and Play Drivers / msisadrv ] Device Properties: Driver Description msisadrv [ Non-Plug and Play Drivers / mwlPSDNServ ] Device Properties: Driver Description mwlPSDNServ [ Non-Plug and Play Drivers / mwlPSDVDisk ] Device Properties: Driver Description mwlPSDVDisk [ Non-Plug and Play Drivers / NativeWiFi Filter ] Device Properties: Driver Description NativeWiFi Filter [ Non-Plug and Play Drivers / NDIS System Driver ] Device Properties: Driver Description NDIS System Driver [ Non-Plug and Play Drivers / NDIS Usermode I/O Protocol ] Device Properties: Driver Description NDIS Usermode I/O Protocol [ Non-Plug and Play Drivers / NDProxy ] Device Properties: Driver Description NDProxy [ Non-Plug and Play Drivers / NETBT ] Device Properties: Driver Description NETBT [ Non-Plug and Play Drivers / NetIO Legacy TDI Support Driver ] Device Properties: Driver Description NetIO Legacy TDI Support Driver [ Non-Plug and Play Drivers / NSI proxy service driver. ] Device Properties: Driver Description NSI proxy service driver. [ Non-Plug and Play Drivers / ntk_PowerDVD ] Device Properties: Driver Description ntk_PowerDVD [ Non-Plug and Play Drivers / Null ] Device Properties: Driver Description Null [ Non-Plug and Play Drivers / nvpciflt ] Device Properties: Driver Description nvpciflt [ Non-Plug and Play Drivers / pciide ] Device Properties: Driver Description pciide [ Non-Plug and Play Drivers / PEAUTH ] Device Properties: Driver Description PEAUTH [ Non-Plug and Play Drivers / Performance Counters for Windows Driver ] Device Properties: Driver Description Performance Counters for Windows Driver [ Non-Plug and Play Drivers / Power Control [2012/11/29 21:28:12] ] Device Properties: Driver Description Power Control [2012/11/29 21:28:12] [ Non-Plug and Play Drivers / QoS Packet Scheduler ] Device Properties: Driver Description QoS Packet Scheduler [ Non-Plug and Play Drivers / RDP Encoder Mirror Driver ] Device Properties: Driver Description RDP Encoder Mirror Driver [ Non-Plug and Play Drivers / RDPCDD ] Device Properties: Driver Description RDPCDD [ Non-Plug and Play Drivers / Reflector Display Driver used to gain access to graphics data ] Device Properties: Driver Description Reflector Display Driver used to gain access to graphics data [ Non-Plug and Play Drivers / Remote Access IPv6 ARP Driver ] Device Properties: Driver Description Remote Access IPv6 ARP Driver [ Non-Plug and Play Drivers / Security Driver ] Device Properties: Driver Description Security Driver [ Non-Plug and Play Drivers / Security Processor Loader Driver ] Device Properties: Driver Description Security Processor Loader Driver [ Non-Plug and Play Drivers / Storage volumes ] Device Properties: Driver Description Storage volumes [ Non-Plug and Play Drivers / System Attribute Cache ] Device Properties: Driver Description System Attribute Cache [ Non-Plug and Play Drivers / TCP/IP Protocol Driver ] Device Properties: Driver Description TCP/IP Protocol Driver [ Non-Plug and Play Drivers / TCP/IP Registry Compatibility ] Device Properties: Driver Description TCP/IP Registry Compatibility [ Non-Plug and Play Drivers / User Mode Driver Frameworks Platform Driver ] Device Properties: Driver Description User Mode Driver Frameworks Platform Driver [ Non-Plug and Play Drivers / VgaSave ] Device Properties: Driver Description VgaSave [ Non-Plug and Play Drivers / Virtual WiFi Filter Driver ] Device Properties: Driver Description Virtual WiFi Filter Driver [ Non-Plug and Play Drivers / WFP Lightweight Filter ] Device Properties: Driver Description WFP Lightweight Filter [ Non-Plug and Play Drivers / Windows Firewall Authorization Driver ] Device Properties: Driver Description Windows Firewall Authorization Driver [ Processors / Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz ] Device Properties: Driver Description Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz Driver Date 21/6/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File cpu.inf Hardware ID ACPI\GenuineIntel_-_Intel64_Family_6_Model_42 [ Processors / Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz ] Device Properties: Driver Description Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz Driver Date 21/6/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File cpu.inf Hardware ID ACPI\GenuineIntel_-_Intel64_Family_6_Model_42 [ Processors / Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz ] Device Properties: Driver Description Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz Driver Date 21/6/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File cpu.inf Hardware ID ACPI\GenuineIntel_-_Intel64_Family_6_Model_42 [ Processors / Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz ] Device Properties: Driver Description Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz Driver Date 21/6/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File cpu.inf Hardware ID ACPI\GenuineIntel_-_Intel64_Family_6_Model_42 [ SD host adapters / Broadcom SD Host Controller ] Device Properties: Driver Description Broadcom SD Host Controller Driver Date 11/12/2010 Driver Version 1.0.0.218 Driver Provider Broadcom Corporation INF File oem30.inf Hardware ID PCI\VEN_14E4&DEV_16BC&SUBSYS_05001025&REV_10 Location Information PCI bus 4, device 0, function 1 PCI Device Broadcom SD Card Reader Device Resources: IRQ 16 Memory F3820000-F382FFFF [ Sound, video and game controllers / Intel(R) Display Audio ] Device Properties: Driver Description Intel(R) Display Audio Driver Date 15/10/2010 Driver Version 6.14.0.3074 Driver Provider Intel(R) Corporation INF File oem4.inf Hardware ID HDAUDIO\FUNC_01&VEN_8086&DEV_2805&SUBSYS_80860101&REV_1000 Location Information Internal High Definition Audio Bus [ Sound, video and game controllers / Realtek High Definition Audio ] Device Properties: Driver Description Realtek High Definition Audio Driver Date 26/7/2011 Driver Version 6.0.1.6423 Driver Provider Realtek Semiconductor Corp. INF File oem11.inf Hardware ID HDAUDIO\FUNC_01&VEN_10EC&DEV_0269&SUBSYS_10250506&REV_1001 Location Information Internal High Definition Audio Bus Device Manufacturer: Company Name Realtek Semiconductor Corp. Product Information http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=8&PFid=14&Level=3&Conn=2 Driver Download http://www.realtek.com.tw/downloads Driver Update http://www.aida64.com/driver-updates [ Storage controllers / Broadcom Memory Stick ] Device Properties: Driver Description Broadcom Memory Stick Driver Date 10/12/2010 Driver Version 1.0.0.221 Driver Provider Broadcom Corporation INF File oem29.inf Hardware ID PCI\VEN_14E4&DEV_16BE&SUBSYS_05001025&REV_10 Location Information PCI bus 4, device 0, function 2 PCI Device Broadcom Memory Stick Card Reader Device Resources: IRQ 16 Memory F3830000-F383FFFF [ Storage Volumes / Generic volume ] Device Properties: Driver Description Generic volume Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File volume.inf Hardware ID STORAGE\Volume [ Storage Volumes / Generic volume ] Device Properties: Driver Description Generic volume Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File volume.inf Hardware ID STORAGE\Volume [ Storage Volumes / Generic volume ] Device Properties: Driver Description Generic volume Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File volume.inf Hardware ID STORAGE\Volume [ Storage Volumes / Generic volume ] Device Properties: Driver Description Generic volume Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File volume.inf Hardware ID STORAGE\Volume [ System devices / 2nd generation Intel(R) Core(TM) processor family DRAM Controller - 0104 ] Device Properties: Driver Description 2nd generation Intel(R) Core(TM) processor family DRAM Controller - 0104 Driver Date 10/9/2010 Driver Version 9.2.0.1011 Driver Provider Intel INF File oem10.inf Hardware ID PCI\VEN_8086&DEV_0104&SUBSYS_05061025&REV_09 Location Information PCI bus 0, device 0, function 0 PCI Device Intel Sandy Bridge-MB - Host Bridge/DRAM Controller [ System devices / 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101 ] Device Properties: Driver Description 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101 Driver Date 10/9/2010 Driver Version 9.2.0.1011 Driver Provider Intel INF File oem10.inf Hardware ID PCI\VEN_8086&DEV_0101&SUBSYS_05061025&REV_09 Location Information PCI bus 0, device 1, function 0 PCI Device Intel Sandy Bridge-DT - PCI Express Graphics Root Port Device Resources: IRQ 16 Memory E0000000-F1FFFFFF Memory F2000000-F30FFFFF Port 2000-2FFF [ System devices / ACPI Fixed Feature Button ] Device Properties: Driver Description ACPI Fixed Feature Button Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\FixedButton [ System devices / ACPI Lid ] Device Properties: Driver Description ACPI Lid Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0C0D PnP Device Lid [ System devices / ACPI Sleep Button ] Device Properties: Driver Description ACPI Sleep Button Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0C0E PnP Device Sleep Button [ System devices / ACPI Thermal Zone ] Device Properties: Driver Description ACPI Thermal Zone Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\ThermalZone [ System devices / ACPI Thermal Zone ] Device Properties: Driver Description ACPI Thermal Zone Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\ThermalZone [ System devices / Atheros Bluetooth Bus ] Device Properties: Driver Description Atheros Bluetooth Bus Driver Date 20/7/2011 Driver Version 7.4.0.90 Driver Provider Atheros Communications INF File oem17.inf Hardware ID root\BTATH_BUS [ System devices / Broadcom xD Picture Bus Driver ] Device Properties: Driver Description Broadcom xD Picture Bus Driver Driver Date 11/12/2010 Driver Version 1.0.0.43 Driver Provider Broadcom Corporation INF File oem31.inf Hardware ID PCI\VEN_14E4&DEV_16BF&SUBSYS_05001025&REV_10 Location Information PCI bus 4, device 0, function 3 PCI Device Broadcom xD Card Reader Device Resources: IRQ 16 Memory F3840000-F384FFFF [ System devices / Broadcom xD Picture Card Host Controller ] Device Properties: Driver Description Broadcom xD Picture Card Host Controller Driver Date 11/12/2010 Driver Version 1.0.0.43 Driver Provider Broadcom Corporation INF File oem31.inf Hardware ID b57xdbd\xd-sc Location Information BRCM_loc 0 Device Resources: IRQ 09 [ System devices / Composite Bus Enumerator ] Device Properties: Driver Description Composite Bus Enumerator Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File compositebus.inf Hardware ID ROOT\CompositeBus [ System devices / Direct memory access controller ] Device Properties: Driver Description Direct memory access controller Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0200 PnP Device DMA Controller Device Resources: DMA 04 Port 0000-001F Port 0081-0091 Port 0093-009F Port 00C0-00DF [ System devices / File as Volume Driver ] Device Properties: Driver Description File as Volume Driver Driver Date 21/6/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File blbdrive.inf Hardware ID ROOT\BLBDRIVE [ System devices / High Definition Audio Controller ] Device Properties: Driver Description High Definition Audio Controller Driver Date 19/11/2010 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File hdaudbus.inf Hardware ID PCI\VEN_8086&DEV_1C20&SUBSYS_05061025&REV_04 Location Information PCI bus 0, device 27, function 0 PCI Device Intel Cougar Point PCH - High Definition Audio Controller [B-2] Device Resources: IRQ 22 Memory F3B00000-F3B03FFF [ System devices / High precision event timer ] Device Properties: Driver Description High precision event timer Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0103 PnP Device High Precision Event Timer Device Resources: Memory FED00000-FED003FF [ System devices / Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10 ] Device Properties: Driver Description Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10 Driver Date 20/11/2010 Driver Version 9.2.0.1016 Driver Provider Intel INF File oem5.inf Hardware ID PCI\VEN_8086&DEV_1C10&SUBSYS_05061025&REV_B4 Location Information PCI bus 0, device 28, function 0 PCI Device Intel Cougar Point PCH - PCI Express Port 1 [B-2] Device Resources: IRQ 16 [ System devices / Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12 ] Device Properties: Driver Description Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12 Driver Date 20/11/2010 Driver Version 9.2.0.1016 Driver Provider Intel INF File oem5.inf Hardware ID PCI\VEN_8086&DEV_1C12&SUBSYS_05061025&REV_B4 Location Information PCI bus 0, device 28, function 1 PCI Device Intel Cougar Point PCH - PCI Express Port 2 [B-2] Device Resources: IRQ 17 Memory F3A00000-F3AFFFFF [ System devices / Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16 ] Device Properties: Driver Description Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16 Driver Date 20/11/2010 Driver Version 9.2.0.1016 Driver Provider Intel INF File oem5.inf Hardware ID PCI\VEN_8086&DEV_1C16&SUBSYS_05061025&REV_B4 Location Information PCI bus 0, device 28, function 3 PCI Device Intel Cougar Point PCH - PCI Express Port 4 [B-2] Device Resources: IRQ 19 Memory F3800000-F38FFFFF [ System devices / Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 5 - 1C18 ] Device Properties: Driver Description Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 5 - 1C18 Driver Date 20/11/2010 Driver Version 9.2.0.1016 Driver Provider Intel INF File oem5.inf Hardware ID PCI\VEN_8086&DEV_1C18&SUBSYS_05061025&REV_B4 Location Information PCI bus 0, device 28, function 4 PCI Device Intel Cougar Point PCH - PCI Express Port 5 [B-2] Device Resources: IRQ 16 Memory F3900000-F39FFFFF [ System devices / Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22 ] Device Properties: Driver Description Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22 Driver Date 10/9/2010 Driver Version 9.2.0.1011 Driver Provider Intel INF File oem7.inf Hardware ID PCI\VEN_8086&DEV_1C22&SUBSYS_05061025&REV_04 Location Information PCI bus 0, device 31, function 3 PCI Device Intel Cougar Point PCH - SMBus Controller [B-2] Device Resources: IRQ 11 Memory F3B04000-F3B040FF Port EFA0-EFBF [ System devices / Intel(R) 82802 Firmware Hub Device ] Device Properties: Driver Description Intel(R) 82802 Firmware Hub Device Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\INT0800 PnP Device Intel Flash EEPROM Device Resources: Memory FF000000-FFFFFFFF [ System devices / Intel(R) HM65 Express Chipset Family LPC Interface Controller - 1C49 ] Device Properties: Driver Description Intel(R) HM65 Express Chipset Family LPC Interface Controller - 1C49 Driver Date 20/11/2010 Driver Version 9.2.0.1016 Driver Provider Intel INF File oem5.inf Hardware ID PCI\VEN_8086&DEV_1C49&SUBSYS_05061025&REV_04 Location Information PCI bus 0, device 31, function 0 PCI Device Intel HM65 PCH - LPC Interface Controller [B-2] [ System devices / Intel(R) Management Engine Interface ] Device Properties: Driver Description Intel(R) Management Engine Interface Driver Date 19/10/2010 Driver Version 7.0.0.1144 Driver Provider Intel INF File oem12.inf Hardware ID PCI\VEN_8086&DEV_1C3A&SUBSYS_05061025&REV_04 Location Information PCI bus 0, device 22, function 0 PCI Device Intel Cougar Point PCH - Manageability Engine Interface 1 [B-2] Device Resources: IRQ 16 Memory F3B05000-F3B0500F [ System devices / Microsoft ACPI-Compliant Embedded Controller ] Device Properties: Driver Description Microsoft ACPI-Compliant Embedded Controller Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0C09 PnP Device Embedded Controller Device Device Resources: Port 0062-0062 Port 0066-0066 [ System devices / Microsoft ACPI-Compliant System ] Device Properties: Driver Description Microsoft ACPI-Compliant System Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File acpi.inf Hardware ID ACPI_HAL\PNP0C08 PnP Device ACPI Driver/BIOS Device Resources: IRQ 100 IRQ 101 IRQ 102 IRQ 103 IRQ 104 IRQ 105 IRQ 106 IRQ 107 IRQ 108 IRQ 109 IRQ 110 IRQ 111 IRQ 112 IRQ 113 IRQ 114 IRQ 115 IRQ 116 IRQ 117 IRQ 118 IRQ 119 IRQ 120 IRQ 121 IRQ 122 IRQ 123 IRQ 124 IRQ 125 IRQ 126 IRQ 127 IRQ 128 IRQ 129 IRQ 130 IRQ 131 IRQ 132 IRQ 133 IRQ 134 IRQ 135 IRQ 136 IRQ 137 IRQ 138 IRQ 139 IRQ 140 IRQ 141 IRQ 142 IRQ 143 IRQ 144 IRQ 145 IRQ 146 IRQ 147 IRQ 148 IRQ 149 IRQ 150 IRQ 151 IRQ 152 IRQ 153 IRQ 154 IRQ 155 IRQ 156 IRQ 157 IRQ 158 IRQ 159 IRQ 160 IRQ 161 IRQ 162 IRQ 163 IRQ 164 IRQ 165 IRQ 166 IRQ 167 IRQ 168 IRQ 169 IRQ 170 IRQ 171 IRQ 172 IRQ 173 IRQ 174 IRQ 175 IRQ 176 IRQ 177 IRQ 178 IRQ 179 IRQ 180 IRQ 181 IRQ 182 IRQ 183 IRQ 184 IRQ 185 IRQ 186 IRQ 187 IRQ 188 IRQ 189 IRQ 190 IRQ 81 IRQ 82 IRQ 83 IRQ 84 IRQ 85 IRQ 86 IRQ 87 IRQ 88 IRQ 89 IRQ 90 IRQ 91 IRQ 92 IRQ 93 IRQ 94 IRQ 95 IRQ 96 IRQ 97 IRQ 98 IRQ 99 [ System devices / Microsoft System Management BIOS Driver ] Device Properties: Driver Description Microsoft System Management BIOS Driver Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ROOT\mssmbios [ System devices / Microsoft Virtual Drive Enumerator Driver ] Device Properties: Driver Description Microsoft Virtual Drive Enumerator Driver Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ROOT\vdrvroot [ System devices / Microsoft Windows Management Interface for ACPI ] Device Properties: Driver Description Microsoft Windows Management Interface for ACPI Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File acpi.inf Hardware ID ACPI\PNP0C14 PnP Device ACPI Management Interface [ System devices / Microsoft Windows Management Interface for ACPI ] Device Properties: Driver Description Microsoft Windows Management Interface for ACPI Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File acpi.inf Hardware ID ACPI\PNP0C14 PnP Device ACPI Management Interface [ System devices / Motherboard resources ] Device Properties: Driver Description Motherboard resources Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\INT340E PnP Device Intel System Device [ System devices / Motherboard resources ] Device Properties: Driver Description Motherboard resources Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0C02 PnP Device Thermal Monitoring ACPI Device Device Resources: Memory F8000000-FBFFFFFF Memory FED10000-FED17FFF Memory FED18000-FED18FFF Memory FED19000-FED19FFF Memory FED1C000-FED1FFFF Memory FED20000-FED3FFFF Memory FED45000-FED8FFFF Memory FED90000-FED93FFF Memory FEE00000-FEEFFFFF Memory FF000000-FFFFFFFF [ System devices / Motherboard resources ] Device Properties: Driver Description Motherboard resources Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\INT3F0D PnP Device Intel Watchdog Timer Device Resources: Port 0454-0457 [ System devices / Motherboard resources ] Device Properties: Driver Description Motherboard resources Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0C02 PnP Device Thermal Monitoring ACPI Device Device Resources: Memory FE800000-FE80FFFF Port 002E-002F Port 004E-004F Port 0061-0061 Port 0063-0063 Port 0065-0065 Port 0067-0067 Port 0068-006F Port 006A-006A Port 006E-006E Port 0070-0070 Port 0080-0080 Port 0092-0092 Port 00B2-00B3 Port 0400-0453 Port 0458-047F Port 0500-057F Port 1000-100F Port FFFF-FFFF Port FFFF-FFFF [ System devices / Numeric data processor ] Device Properties: Driver Description Numeric data processor Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0C04 PnP Device Numeric Data Processor Device Resources: IRQ 13 Port 00F0-00F0 [ System devices / PCI bus ] Device Properties: Driver Description PCI bus Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0A08 PnP Device ACPI Three-wire Device Bus Device Resources: Memory 000A0000-000BFFFF Memory CFA00000-FEAFFFFF Memory FED40000-FED44FFF Port 0000-0CF7 Port 0D00-FFFF [ System devices / Plug and Play Software Device Enumerator ] Device Properties: Driver Description Plug and Play Software Device Enumerator Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID root\swenum [ System devices / Programmable interrupt controller ] Device Properties: Driver Description Programmable interrupt controller Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0000 PnP Device Programmable Interrupt Controller Device Resources: Port 0020-0021 Port 0024-0025 Port 0028-0029 Port 002C-002D Port 0030-0031 Port 0034-0035 Port 0038-0039 Port 003C-003D Port 00A0-00A1 Port 00A4-00A5 Port 00A8-00A9 Port 00AC-00AD Port 00B0-00B1 Port 00B4-00B5 Port 00B8-00B9 Port 00BC-00BD Port 04D0-04D1 [ System devices / System board ] Device Properties: Driver Description System board Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0C01 PnP Device System Board Extension Device Resources: Memory 20000000-201FFFFF Memory 40000000-401FFFFF [ System devices / System CMOS/real time clock ] Device Properties: Driver Description System CMOS/real time clock Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0B00 PnP Device Real-Time Clock Device Resources: IRQ 08 Port 0070-0077 [ System devices / System timer ] Device Properties: Driver Description System timer Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0100 PnP Device System Timer Device Resources: IRQ 00 Port 0040-0043 Port 0050-0053 [ System devices / Terminal Server Keyboard Driver ] Device Properties: Driver Description Terminal Server Keyboard Driver Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ROOT\RDP_KBD [ System devices / Terminal Server Mouse Driver ] Device Properties: Driver Description Terminal Server Mouse Driver Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ROOT\RDP_MOU [ System devices / UMBus Enumerator ] Device Properties: Driver Description UMBus Enumerator Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File umbus.inf Hardware ID UMB\UMBUS [ System devices / UMBus Root Bus Enumerator ] Device Properties: Driver Description UMBus Root Bus Enumerator Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File umbus.inf Hardware ID root\umbus [ System devices / Volume Manager ] Device Properties: Driver Description Volume Manager Driver Date 21/6/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ROOT\VOLMGR [ Universal Serial Bus controllers / Generic USB Hub ] Device Properties: Driver Description Generic USB Hub Driver Date 21/6/2006 Driver Version 6.1.7601.17586 Driver Provider Microsoft INF File usb.inf Hardware ID USB\VID_8087&PID_0024&REV_0000 Location Information Port_#0001.Hub_#0002 [ Universal Serial Bus controllers / Generic USB Hub ] Device Properties: Driver Description Generic USB Hub Driver Date 21/6/2006 Driver Version 6.1.7601.17586 Driver Provider Microsoft INF File usb.inf Hardware ID USB\VID_8087&PID_0024&REV_0000 Location Information Port_#0001.Hub_#0001 [ Universal Serial Bus controllers / Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26 ] Device Properties: Driver Description Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26 Driver Date 21/12/2010 Driver Version 9.2.0.1021 Driver Provider Intel INF File oem8.inf Hardware ID PCI\VEN_8086&DEV_1C26&SUBSYS_05061025&REV_04 Location Information PCI bus 0, device 29, function 0 PCI Device Intel Cougar Point PCH - USB EHCI #1 Controller [B-2] Device Resources: IRQ 23 Memory F3B08000-F3B083FF Chipset Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ Universal Serial Bus controllers / Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D ] Device Properties: Driver Description Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D Driver Date 21/12/2010 Driver Version 9.2.0.1021 Driver Provider Intel INF File oem8.inf Hardware ID PCI\VEN_8086&DEV_1C2D&SUBSYS_05061025&REV_04 Location Information PCI bus 0, device 26, function 0 PCI Device Intel Cougar Point PCH - USB EHCI #2 Controller [B-2] Device Resources: IRQ 16 Memory F3B09000-F3B093FF Chipset Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ Universal Serial Bus controllers / Renesas Electronics USB 3.0 Host Controller ] Device Properties: Driver Description Renesas Electronics USB 3.0 Host Controller Driver Date 10/12/2010 Driver Version 2.0.32.0 Driver Provider Renesas Electronics INF File oem15.inf Hardware ID PCI\VEN_1033&DEV_0194&SUBSYS_05071025&REV_04 Location Information PCI bus 5, device 0, function 0 PCI Device NEC uPD720200 USB 3.0 Host Controller Device Resources: IRQ 65536 IRQ 65536 IRQ 65536 IRQ 65536 IRQ 65536 IRQ 65536 IRQ 65536 IRQ 65536 Memory F3900000-F3901FFF [ Universal Serial Bus controllers / Renesas Electronics USB 3.0 Root Hub ] Device Properties: Driver Description Renesas Electronics USB 3.0 Root Hub Driver Date 10/12/2010 Driver Version 2.0.32.0 Driver Provider Renesas Electronics INF File oem16.inf Hardware ID NUSB3\ROOT_HUB30 [ Universal Serial Bus controllers / USB Composite Device ] Device Properties: Driver Description USB Composite Device Driver Date 21/6/2006 Driver Version 6.1.7601.17586 Driver Provider Microsoft INF File usb.inf Hardware ID USB\VID_064E&PID_C21C&REV_0110 Location Information Port_#0005.Hub_#0003 [ Universal Serial Bus controllers / USB Root Hub ] Device Properties: Driver Description USB Root Hub Driver Date 21/6/2006 Driver Version 6.1.7601.17586 Driver Provider Microsoft INF File usbport.inf Hardware ID USB\ROOT_HUB20&VID8086&PID1C26&REV0004 [ Universal Serial Bus controllers / USB Root Hub ] Device Properties: Driver Description USB Root Hub Driver Date 21/6/2006 Driver Version 6.1.7601.17586 Driver Provider Microsoft INF File usbport.inf Hardware ID USB\ROOT_HUB20&VID8086&PID1C2D&REV0004 --------[ Physical Devices ]-------------------------------------------------------------------------------------------- PCI Devices: Bus 3, Device 0, Function 0 Atheros AR9287 Wireless Network Adapter Bus 4, Device 0, Function 2 Broadcom Memory Stick Card Reader Bus 4, Device 0, Function 0 Broadcom NetLink BCM57785 PCI-E Gigabit Ethernet Controller Bus 4, Device 0, Function 1 Broadcom SD Card Reader Bus 4, Device 0, Function 3 Broadcom xD Card Reader Bus 0, Device 27, Function 0 Intel Cougar Point PCH - High Definition Audio Controller [B-2] Bus 0, Device 22, Function 0 Intel Cougar Point PCH - Manageability Engine Interface 1 [B-2] Bus 0, Device 28, Function 0 Intel Cougar Point PCH - PCI Express Port 1 [B-2] Bus 0, Device 28, Function 1 Intel Cougar Point PCH - PCI Express Port 2 [B-2] Bus 0, Device 28, Function 3 Intel Cougar Point PCH - PCI Express Port 4 [B-2] Bus 0, Device 28, Function 4 Intel Cougar Point PCH - PCI Express Port 5 [B-2] Bus 0, Device 31, Function 3 Intel Cougar Point PCH - SMBus Controller [B-2] Bus 0, Device 31, Function 6 Intel Cougar Point PCH - Thermal Management Controller [B-2] Bus 0, Device 29, Function 0 Intel Cougar Point PCH - USB EHCI #1 Controller [B-2] Bus 0, Device 26, Function 0 Intel Cougar Point PCH - USB EHCI #2 Controller [B-2] Bus 0, Device 31, Function 5 Intel Cougar Point-M PCH - SATA 2-Port Controller [B-2] Bus 0, Device 31, Function 2 Intel Cougar Point-M PCH - SATA Controller [B-2] Bus 0, Device 31, Function 0 Intel HM65 PCH - LPC Interface Controller [B-2] Bus 0, Device 1, Function 0 Intel Sandy Bridge-DT - PCI Express Graphics Root Port Bus 0, Device 0, Function 0 Intel Sandy Bridge-MB - Host Bridge/DRAM Controller Bus 0, Device 2, Function 0 Intel Sandy Bridge-MB - Integrated Graphics Controller (MB GT2 1.3GHz+) Bus 5, Device 0, Function 0 NEC uPD720200 USB 3.0 Host Controller PnP Devices: PNP0303 101/102-Key or MS Natural Keyboard PNP0C08 ACPI Driver/BIOS FIXEDBUTTON ACPI Fixed Feature Button PNP0C14 ACPI Management Interface PNP0C14 ACPI Management Interface THERMALZONE ACPI Thermal Zone THERMALZONE ACPI Thermal Zone PNP0A08 ACPI Three-wire Device Bus PNP0C0A Control Method Battery PNP0200 DMA Controller PNP0C09 Embedded Controller Device PNP0103 High Precision Event Timer INT0800 Intel Flash EEPROM INT340E Intel System Device INT3F0D Intel Watchdog Timer GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I5-2450M_CPU_@_2.50GHZIntel(R) Core(TM) i5-2450M CPU @ 2.50GHz GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I5-2450M_CPU_@_2.50GHZIntel(R) Core(TM) i5-2450M CPU @ 2.50GHz GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I5-2450M_CPU_@_2.50GHZIntel(R) Core(TM) i5-2450M CPU @ 2.50GHz GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I5-2450M_CPU_@_2.50GHZIntel(R) Core(TM) i5-2450M CPU @ 2.50GHz PNP0C0D Lid ACPI0003 Microsoft AC Adapter ISATAP Microsoft ISATAP Adapter #2 ISATAP Microsoft ISATAP Adapter #3 ISATAP Microsoft ISATAP Adapter PNP0C04 Numeric Data Processor PNP0000 Programmable Interrupt Controller PNP0B00 Real-Time Clock PNP0C0E Sleep Button SYN1B45 Synaptics PS/2 Port TouchPad PNP0C01 System Board Extension PNP0100 System Timer TEREDO Teredo Tunneling Pseudo-Interface PNP0C02 Thermal Monitoring ACPI Device PNP0C02 Thermal Monitoring ACPI Device USB Devices: 064E C21C 1.3M HD WebCam 8087 0024 Generic USB Hub 8087 0024 Generic USB Hub 064E C21C USB Composite Device --------[ PCI Devices ]------------------------------------------------------------------------------------------------- [ Atheros AR9287 Wireless Network Adapter ] Device Properties: Device Description Atheros AR9287 Wireless Network Adapter Bus Type PCI Express 2.0 x1 Bus / Device / Function 3 / 0 / 0 Device ID 168C-002E Subsystem ID 105B-E034 Device Class 0280 (Network Controller) Revision 01 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Broadcom Memory Stick Card Reader ] Device Properties: Device Description Broadcom Memory Stick Card Reader Bus Type PCI Express 2.0 x1 Bus / Device / Function 4 / 0 / 2 Device ID 14E4-16BE Subsystem ID 1025-0500 Device Class 0880 (Base System Peripheral) Revision 10 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Broadcom NetLink BCM57785 PCI-E Gigabit Ethernet Controller ] Device Properties: Device Description Broadcom NetLink BCM57785 PCI-E Gigabit Ethernet Controller Bus Type PCI Express 2.0 x1 Bus / Device / Function 4 / 0 / 0 Device ID 14E4-16B5 Subsystem ID 1025-0500 Device Class 0200 (Ethernet Controller) Revision 10 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled Network Adapter Manufacturer: Company Name Broadcom Corporation Product Information http://www.broadcom.com/products Driver Download http://www.broadcom.com/support/ethernet_nic Driver Update http://www.aida64.com/driver-updates [ Broadcom SD Card Reader ] Device Properties: Device Description Broadcom SD Card Reader Bus Type PCI Express 2.0 x1 Bus / Device / Function 4 / 0 / 1 Device ID 14E4-16BC Subsystem ID 1025-0500 Device Class 0805 (SD Host Controller) Revision 10 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Broadcom xD Card Reader ] Device Properties: Device Description Broadcom xD Card Reader Bus Type PCI Express 2.0 x1 Bus / Device / Function 4 / 0 / 3 Device ID 14E4-16BF Subsystem ID 1025-0500 Device Class 0880 (Base System Peripheral) Revision 10 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel Cougar Point PCH - High Definition Audio Controller [B-2] ] Device Properties: Device Description Intel Cougar Point PCH - High Definition Audio Controller [B-2] Bus Type PCI Express 1.0 Bus / Device / Function 0 / 27 / 0 Device ID 8086-1C20 Subsystem ID 1025-0506 Device Class 0403 (High Definition Audio) Revision 04 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel Cougar Point PCH - Manageability Engine Interface 1 [B-2] ] Device Properties: Device Description Intel Cougar Point PCH - Manageability Engine Interface 1 [B-2] Bus Type PCI Bus / Device / Function 0 / 22 / 0 Device ID 8086-1C3A Subsystem ID 1025-0506 Device Class 0780 (Communications Controller) Revision 04 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel Cougar Point PCH - PCI Express Port 1 [B-2] ] Device Properties: Device Description Intel Cougar Point PCH - PCI Express Port 1 [B-2] Bus Type PCI Bus / Device / Function 0 / 28 / 0 Device ID 8086-1C10 Subsystem ID 0000-0000 Device Class 0604 (PCI/PCI Bridge) Revision B4 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel Cougar Point PCH - PCI Express Port 2 [B-2] ] Device Properties: Device Description Intel Cougar Point PCH - PCI Express Port 2 [B-2] Bus Type PCI Bus / Device / Function 0 / 28 / 1 Device ID 8086-1C12 Subsystem ID 0000-0000 Device Class 0604 (PCI/PCI Bridge) Revision B4 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel Cougar Point PCH - PCI Express Port 4 [B-2] ] Device Properties: Device Description Intel Cougar Point PCH - PCI Express Port 4 [B-2] Bus Type PCI Bus / Device / Function 0 / 28 / 3 Device ID 8086-1C16 Subsystem ID 0000-0000 Device Class 0604 (PCI/PCI Bridge) Revision B4 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel Cougar Point PCH - PCI Express Port 5 [B-2] ] Device Properties: Device Description Intel Cougar Point PCH - PCI Express Port 5 [B-2] Bus Type PCI Bus / Device / Function 0 / 28 / 4 Device ID 8086-1C18 Subsystem ID 0000-0000 Device Class 0604 (PCI/PCI Bridge) Revision B4 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel Cougar Point PCH - SMBus Controller [B-2] ] Device Properties: Device Description Intel Cougar Point PCH - SMBus Controller [B-2] Bus Type PCI Bus / Device / Function 0 / 31 / 3 Device ID 8086-1C22 Subsystem ID 1025-0506 Device Class 0C05 (SMBus Controller) Revision 04 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Not Supported Bus Mastering Disabled [ Intel Cougar Point PCH - Thermal Management Controller [B-2] ] Device Properties: Device Description Intel Cougar Point PCH - Thermal Management Controller [B-2] Bus Type PCI Bus / Device / Function 0 / 31 / 6 Device ID 8086-1C24 Subsystem ID 1025-0506 Device Class 1180 (Data Acquisition / Signal Processing Controller) Revision 04 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Disabled [ Intel Cougar Point PCH - USB EHCI #1 Controller [B-2] ] Device Properties: Device Description Intel Cougar Point PCH - USB EHCI #1 Controller [B-2] Bus Type PCI Bus / Device / Function 0 / 29 / 0 Device ID 8086-1C26 Subsystem ID 1025-0506 Device Class 0C03 (USB Controller) Revision 04 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel Cougar Point PCH - USB EHCI #2 Controller [B-2] ] Device Properties: Device Description Intel Cougar Point PCH - USB EHCI #2 Controller [B-2] Bus Type PCI Bus / Device / Function 0 / 26 / 0 Device ID 8086-1C2D Subsystem ID 1025-0506 Device Class 0C03 (USB Controller) Revision 04 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel Cougar Point-M PCH - SATA 2-Port Controller [B-2] ] Device Properties: Device Description Intel Cougar Point-M PCH - SATA 2-Port Controller [B-2] Bus Type PCI Bus / Device / Function 0 / 31 / 5 Device ID 8086-1C09 Subsystem ID 1025-0506 Device Class 0101 (IDE Controller) Revision 04 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Supported Bus Mastering Enabled [ Intel Cougar Point-M PCH - SATA Controller [B-2] ] Device Properties: Device Description Intel Cougar Point-M PCH - SATA Controller [B-2] Bus Type PCI Bus / Device / Function 0 / 31 / 2 Device ID 8086-1C01 Subsystem ID 1025-0506 Device Class 0101 (IDE Controller) Revision 04 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Supported Bus Mastering Enabled [ Intel HM65 PCH - LPC Interface Controller [B-2] ] Device Properties: Device Description Intel HM65 PCH - LPC Interface Controller [B-2] Bus Type PCI Bus / Device / Function 0 / 31 / 0 Device ID 8086-1C49 Subsystem ID 1025-0506 Device Class 0601 (PCI/ISA Bridge) Revision 04 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel Sandy Bridge-DT - PCI Express Graphics Root Port ] Device Properties: Device Description Intel Sandy Bridge-DT - PCI Express Graphics Root Port Bus Type PCI Bus / Device / Function 0 / 1 / 0 Device ID 8086-0101 Subsystem ID 0000-0000 Device Class 0604 (PCI/PCI Bridge) Revision 09 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel Sandy Bridge-MB - Host Bridge/DRAM Controller ] Device Properties: Device Description Intel Sandy Bridge-MB - Host Bridge/DRAM Controller Bus Type PCI Bus / Device / Function 0 / 0 / 0 Device ID 8086-0104 Subsystem ID 1025-0506 Device Class 0600 (Host/PCI Bridge) Revision 09 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel Sandy Bridge-MB - Integrated Graphics Controller (MB GT2 1.3GHz+) ] Device Properties: Device Description Intel Sandy Bridge-MB - Integrated Graphics Controller (MB GT2 1.3GHz+) Bus Type PCI Bus / Device / Function 0 / 2 / 0 Device ID 8086-0126 Subsystem ID 1025-0507 Device Class 0300 (VGA Display Controller) Revision 09 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled Video Adapter Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/graphics Driver Update http://www.aida64.com/driver-updates [ NEC uPD720200 USB 3.0 Host Controller ] Device Properties: Device Description NEC uPD720200 USB 3.0 Host Controller Bus Type PCI Express 2.0 x1 Bus / Device / Function 5 / 0 / 0 Device ID 1033-0194 Subsystem ID 1025-0507 Device Class 0C03 (USB Controller) Revision 04 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled --------[ USB Devices ]------------------------------------------------------------------------------------------------- [ Generic USB Hub ] Device Properties: Device Description Generic USB Hub Device ID 8087-0024 Device Class 09 / 00 (Hi-Speed Hub with single TT) Device Protocol 01 Supported USB Version 2.00 Current Speed High (USB 2.0) [ USB Composite Device (1.3M HD WebCam) ] Device Properties: Device Description USB Composite Device Device ID 064E-C21C Device Class EF / 02 (Interface Association Descriptor) Device Protocol 01 Manufacturer SuYin Product 1.3M HD WebCam Serial Number HF1316-P80A-SS06-VA-R01.01.00 Supported USB Version 2.00 Current Speed High (USB 2.0) [ Generic USB Hub ] Device Properties: Device Description Generic USB Hub Device ID 8087-0024 Device Class 09 / 00 (Hi-Speed Hub with single TT) Device Protocol 01 Supported USB Version 2.00 Current Speed High (USB 2.0) --------[ Device Resources ]-------------------------------------------------------------------------------------------- DMA 04 Exclusive Direct memory access controller IRQ 00 Exclusive System timer IRQ 01 Exclusive Standard PS/2 Keyboard IRQ 08 Exclusive System CMOS/real time clock IRQ 09 Shared Broadcom xD Picture Card Host Controller IRQ 100 Exclusive Microsoft ACPI-Compliant System IRQ 101 Exclusive Microsoft ACPI-Compliant System IRQ 102 Exclusive Microsoft ACPI-Compliant System IRQ 103 Exclusive Microsoft ACPI-Compliant System IRQ 104 Exclusive Microsoft ACPI-Compliant System IRQ 105 Exclusive Microsoft ACPI-Compliant System IRQ 106 Exclusive Microsoft ACPI-Compliant System IRQ 107 Exclusive Microsoft ACPI-Compliant System IRQ 108 Exclusive Microsoft ACPI-Compliant System IRQ 109 Exclusive Microsoft ACPI-Compliant System IRQ 11 Shared Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22 IRQ 110 Exclusive Microsoft ACPI-Compliant System IRQ 111 Exclusive Microsoft ACPI-Compliant System IRQ 112 Exclusive Microsoft ACPI-Compliant System IRQ 113 Exclusive Microsoft ACPI-Compliant System IRQ 114 Exclusive Microsoft ACPI-Compliant System IRQ 115 Exclusive Microsoft ACPI-Compliant System IRQ 116 Exclusive Microsoft ACPI-Compliant System IRQ 117 Exclusive Microsoft ACPI-Compliant System IRQ 118 Exclusive Microsoft ACPI-Compliant System IRQ 119 Exclusive Microsoft ACPI-Compliant System IRQ 12 Exclusive Synaptics PS/2 Port TouchPad IRQ 120 Exclusive Microsoft ACPI-Compliant System IRQ 121 Exclusive Microsoft ACPI-Compliant System IRQ 122 Exclusive Microsoft ACPI-Compliant System IRQ 123 Exclusive Microsoft ACPI-Compliant System IRQ 124 Exclusive Microsoft ACPI-Compliant System IRQ 125 Exclusive Microsoft ACPI-Compliant System IRQ 126 Exclusive Microsoft ACPI-Compliant System IRQ 127 Exclusive Microsoft ACPI-Compliant System IRQ 128 Exclusive Microsoft ACPI-Compliant System IRQ 129 Exclusive Microsoft ACPI-Compliant System IRQ 13 Exclusive Numeric data processor IRQ 130 Exclusive Microsoft ACPI-Compliant System IRQ 131 Exclusive Microsoft ACPI-Compliant System IRQ 132 Exclusive Microsoft ACPI-Compliant System IRQ 133 Exclusive Microsoft ACPI-Compliant System IRQ 134 Exclusive Microsoft ACPI-Compliant System IRQ 135 Exclusive Microsoft ACPI-Compliant System IRQ 136 Exclusive Microsoft ACPI-Compliant System IRQ 137 Exclusive Microsoft ACPI-Compliant System IRQ 138 Exclusive Microsoft ACPI-Compliant System IRQ 139 Exclusive Microsoft ACPI-Compliant System IRQ 140 Exclusive Microsoft ACPI-Compliant System IRQ 141 Exclusive Microsoft ACPI-Compliant System IRQ 142 Exclusive Microsoft ACPI-Compliant System IRQ 143 Exclusive Microsoft ACPI-Compliant System IRQ 144 Exclusive Microsoft ACPI-Compliant System IRQ 145 Exclusive Microsoft ACPI-Compliant System IRQ 146 Exclusive Microsoft ACPI-Compliant System IRQ 147 Exclusive Microsoft ACPI-Compliant System IRQ 148 Exclusive Microsoft ACPI-Compliant System IRQ 149 Exclusive Microsoft ACPI-Compliant System IRQ 150 Exclusive Microsoft ACPI-Compliant System IRQ 151 Exclusive Microsoft ACPI-Compliant System IRQ 152 Exclusive Microsoft ACPI-Compliant System IRQ 153 Exclusive Microsoft ACPI-Compliant System IRQ 154 Exclusive Microsoft ACPI-Compliant System IRQ 155 Exclusive Microsoft ACPI-Compliant System IRQ 156 Exclusive Microsoft ACPI-Compliant System IRQ 157 Exclusive Microsoft ACPI-Compliant System IRQ 158 Exclusive Microsoft ACPI-Compliant System IRQ 159 Exclusive Microsoft ACPI-Compliant System IRQ 16 Shared Broadcom SD Host Controller IRQ 16 Shared NVIDIA GeForce 610M IRQ 16 Shared Broadcom Memory Stick IRQ 16 Shared Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D IRQ 16 Shared 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101 IRQ 16 Shared Broadcom xD Picture Bus Driver IRQ 16 Shared Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10 IRQ 16 Shared Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 5 - 1C18 IRQ 16 Shared Intel(R) Management Engine Interface IRQ 160 Exclusive Microsoft ACPI-Compliant System IRQ 161 Exclusive Microsoft ACPI-Compliant System IRQ 162 Exclusive Microsoft ACPI-Compliant System IRQ 163 Exclusive Microsoft ACPI-Compliant System IRQ 164 Exclusive Microsoft ACPI-Compliant System IRQ 165 Exclusive Microsoft ACPI-Compliant System IRQ 166 Exclusive Microsoft ACPI-Compliant System IRQ 167 Exclusive Microsoft ACPI-Compliant System IRQ 168 Exclusive Microsoft ACPI-Compliant System IRQ 169 Exclusive Microsoft ACPI-Compliant System IRQ 17 Shared Atheros AR5B97 Wireless Network Adapter IRQ 17 Shared Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12 IRQ 170 Exclusive Microsoft ACPI-Compliant System IRQ 171 Exclusive Microsoft ACPI-Compliant System IRQ 172 Exclusive Microsoft ACPI-Compliant System IRQ 173 Exclusive Microsoft ACPI-Compliant System IRQ 174 Exclusive Microsoft ACPI-Compliant System IRQ 175 Exclusive Microsoft ACPI-Compliant System IRQ 176 Exclusive Microsoft ACPI-Compliant System IRQ 177 Exclusive Microsoft ACPI-Compliant System IRQ 178 Exclusive Microsoft ACPI-Compliant System IRQ 179 Exclusive Microsoft ACPI-Compliant System IRQ 180 Exclusive Microsoft ACPI-Compliant System IRQ 181 Exclusive Microsoft ACPI-Compliant System IRQ 182 Exclusive Microsoft ACPI-Compliant System IRQ 183 Exclusive Microsoft ACPI-Compliant System IRQ 184 Exclusive Microsoft ACPI-Compliant System IRQ 185 Exclusive Microsoft ACPI-Compliant System IRQ 186 Exclusive Microsoft ACPI-Compliant System IRQ 187 Exclusive Microsoft ACPI-Compliant System IRQ 188 Exclusive Microsoft ACPI-Compliant System IRQ 189 Exclusive Microsoft ACPI-Compliant System IRQ 19 Shared Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16 IRQ 19 Shared Intel(R) 6 Series/C200 Series Chipset Family 2 port Serial ATA Storage Controller - 1C09 IRQ 19 Shared Intel(R) 6 Series/C200 Series Chipset Family 4 port Serial ATA Storage Controller - 1C01 IRQ 190 Exclusive Microsoft ACPI-Compliant System IRQ 22 Shared High Definition Audio Controller IRQ 23 Shared Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26 IRQ 65536 Exclusive Broadcom NetLink (TM) Gigabit Ethernet IRQ 65536 Exclusive Broadcom NetLink (TM) Gigabit Ethernet IRQ 65536 Exclusive Broadcom NetLink (TM) Gigabit Ethernet IRQ 65536 Exclusive Broadcom NetLink (TM) Gigabit Ethernet IRQ 65536 Exclusive Broadcom NetLink (TM) Gigabit Ethernet IRQ 65536 Exclusive Intel(R) HD Graphics Family IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller IRQ 81 Exclusive Microsoft ACPI-Compliant System IRQ 82 Exclusive Microsoft ACPI-Compliant System IRQ 83 Exclusive Microsoft ACPI-Compliant System IRQ 84 Exclusive Microsoft ACPI-Compliant System IRQ 85 Exclusive Microsoft ACPI-Compliant System IRQ 86 Exclusive Microsoft ACPI-Compliant System IRQ 87 Exclusive Microsoft ACPI-Compliant System IRQ 88 Exclusive Microsoft ACPI-Compliant System IRQ 89 Exclusive Microsoft ACPI-Compliant System IRQ 90 Exclusive Microsoft ACPI-Compliant System IRQ 91 Exclusive Microsoft ACPI-Compliant System IRQ 92 Exclusive Microsoft ACPI-Compliant System IRQ 93 Exclusive Microsoft ACPI-Compliant System IRQ 94 Exclusive Microsoft ACPI-Compliant System IRQ 95 Exclusive Microsoft ACPI-Compliant System IRQ 96 Exclusive Microsoft ACPI-Compliant System IRQ 97 Exclusive Microsoft ACPI-Compliant System IRQ 98 Exclusive Microsoft ACPI-Compliant System IRQ 99 Exclusive Microsoft ACPI-Compliant System Memory 000A0000-000BFFFF Shared Intel(R) HD Graphics Family Memory 000A0000-000BFFFF Shared PCI bus Memory 20000000-201FFFFF Exclusive System board Memory 40000000-401FFFFF Exclusive System board Memory CFA00000-FEAFFFFF Shared PCI bus Memory D0000000-DFFFFFFF Exclusive Intel(R) HD Graphics Family Memory E0000000-EFFFFFFF Exclusive NVIDIA GeForce 610M Memory E0000000-F1FFFFFF Exclusive 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101 Memory F0000000-F1FFFFFF Exclusive NVIDIA GeForce 610M Memory F2000000-F2FFFFFF Exclusive NVIDIA GeForce 610M Memory F2000000-F30FFFFF Exclusive 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101 Memory F3400000-F37FFFFF Exclusive Intel(R) HD Graphics Family Memory F3800000-F380FFFF Exclusive Broadcom NetLink (TM) Gigabit Ethernet Memory F3800000-F38FFFFF Exclusive Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16 Memory F3810000-F381FFFF Exclusive Broadcom NetLink (TM) Gigabit Ethernet Memory F3820000-F382FFFF Exclusive Broadcom SD Host Controller Memory F3830000-F383FFFF Exclusive Broadcom Memory Stick Memory F3840000-F384FFFF Exclusive Broadcom xD Picture Bus Driver Memory F3900000-F3901FFF Exclusive Renesas Electronics USB 3.0 Host Controller Memory F3900000-F39FFFFF Exclusive Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 5 - 1C18 Memory F3A00000-F3A0FFFF Exclusive Atheros AR5B97 Wireless Network Adapter Memory F3A00000-F3AFFFFF Exclusive Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12 Memory F3B00000-F3B03FFF Exclusive High Definition Audio Controller Memory F3B04000-F3B040FF Exclusive Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22 Memory F3B05000-F3B0500F Exclusive Intel(R) Management Engine Interface Memory F3B08000-F3B083FF Exclusive Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26 Memory F3B09000-F3B093FF Exclusive Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D Memory F8000000-FBFFFFFF Exclusive Motherboard resources Memory FE800000-FE80FFFF Exclusive Motherboard resources Memory FED00000-FED003FF Exclusive High precision event timer Memory FED10000-FED17FFF Exclusive Motherboard resources Memory FED18000-FED18FFF Exclusive Motherboard resources Memory FED19000-FED19FFF Exclusive Motherboard resources Memory FED1C000-FED1FFFF Exclusive Motherboard resources Memory FED20000-FED3FFFF Exclusive Motherboard resources Memory FED40000-FED44FFF Shared PCI bus Memory FED45000-FED8FFFF Exclusive Motherboard resources Memory FED90000-FED93FFF Exclusive Motherboard resources Memory FEE00000-FEEFFFFF Exclusive Motherboard resources Memory FF000000-FFFFFFFF Exclusive Intel(R) 82802 Firmware Hub Device Memory FF000000-FFFFFFFF Exclusive Motherboard resources Port 0000-001F Exclusive Direct memory access controller Port 0000-0CF7 Shared PCI bus Port 0020-0021 Exclusive Programmable interrupt controller Port 0024-0025 Exclusive Programmable interrupt controller Port 0028-0029 Exclusive Programmable interrupt controller Port 002C-002D Exclusive Programmable interrupt controller Port 002E-002F Exclusive Motherboard resources Port 0030-0031 Exclusive Programmable interrupt controller Port 0034-0035 Exclusive Programmable interrupt controller Port 0038-0039 Exclusive Programmable interrupt controller Port 003C-003D Exclusive Programmable interrupt controller Port 0040-0043 Exclusive System timer Port 004E-004F Exclusive Motherboard resources Port 0050-0053 Exclusive System timer Port 0060-0060 Exclusive Standard PS/2 Keyboard Port 0061-0061 Exclusive Motherboard resources Port 0062-0062 Exclusive Microsoft ACPI-Compliant Embedded Controller Port 0063-0063 Exclusive Motherboard resources Port 0064-0064 Exclusive Standard PS/2 Keyboard Port 0065-0065 Exclusive Motherboard resources Port 0066-0066 Exclusive Microsoft ACPI-Compliant Embedded Controller Port 0067-0067 Exclusive Motherboard resources Port 0068-006F Exclusive Motherboard resources Port 006A-006A Exclusive Motherboard resources Port 006E-006E Exclusive Motherboard resources Port 0070-0070 Exclusive Motherboard resources Port 0070-0077 Exclusive System CMOS/real time clock Port 0080-0080 Exclusive Motherboard resources Port 0081-0091 Exclusive Direct memory access controller Port 0092-0092 Exclusive Motherboard resources Port 0093-009F Exclusive Direct memory access controller Port 00A0-00A1 Exclusive Programmable interrupt controller Port 00A4-00A5 Exclusive Programmable interrupt controller Port 00A8-00A9 Exclusive Programmable interrupt controller Port 00AC-00AD Exclusive Programmable interrupt controller Port 00B0-00B1 Exclusive Programmable interrupt controller Port 00B2-00B3 Exclusive Motherboard resources Port 00B4-00B5 Exclusive Programmable interrupt controller Port 00B8-00B9 Exclusive Programmable interrupt controller Port 00BC-00BD Exclusive Programmable interrupt controller Port 00C0-00DF Exclusive Direct memory access controller Port 00F0-00F0 Exclusive Numeric data processor Port 03B0-03BB Shared Intel(R) HD Graphics Family Port 03C0-03DF Shared Intel(R) HD Graphics Family Port 0400-0453 Exclusive Motherboard resources Port 0454-0457 Exclusive Motherboard resources Port 0458-047F Exclusive Motherboard resources Port 04D0-04D1 Exclusive Programmable interrupt controller Port 0500-057F Exclusive Motherboard resources Port 0D00-FFFF Shared PCI bus Port 1000-100F Exclusive Motherboard resources Port 2000-2FFF Exclusive 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101 Port 2F80-2FFF Exclusive NVIDIA GeForce 610M Port 3000-303F Exclusive Intel(R) HD Graphics Family Port 3060-306F Exclusive Intel(R) 6 Series/C200 Series Chipset Family 2 port Serial ATA Storage Controller - 1C09 Port 3070-307F Exclusive Intel(R) 6 Series/C200 Series Chipset Family 2 port Serial ATA Storage Controller - 1C09 Port 3080-308F Exclusive Intel(R) 6 Series/C200 Series Chipset Family 4 port Serial ATA Storage Controller - 1C01 Port 3090-309F Exclusive Intel(R) 6 Series/C200 Series Chipset Family 4 port Serial ATA Storage Controller - 1C01 Port 30A0-30A7 Exclusive Intel(R) 6 Series/C200 Series Chipset Family 2 port Serial ATA Storage Controller - 1C09 Port 30A8-30AF Exclusive Intel(R) 6 Series/C200 Series Chipset Family 2 port Serial ATA Storage Controller - 1C09 Port 30B0-30B7 Exclusive Intel(R) 6 Series/C200 Series Chipset Family 4 port Serial ATA Storage Controller - 1C01 Port 30B8-30BF Exclusive Intel(R) 6 Series/C200 Series Chipset Family 4 port Serial ATA Storage Controller - 1C01 Port 30C0-30C3 Exclusive Intel(R) 6 Series/C200 Series Chipset Family 2 port Serial ATA Storage Controller - 1C09 Port 30C4-30C7 Exclusive Intel(R) 6 Series/C200 Series Chipset Family 2 port Serial ATA Storage Controller - 1C09 Port 30C8-30CB Exclusive Intel(R) 6 Series/C200 Series Chipset Family 4 port Serial ATA Storage Controller - 1C01 Port 30CC-30CF Exclusive Intel(R) 6 Series/C200 Series Chipset Family 4 port Serial ATA Storage Controller - 1C01 Port EFA0-EFBF Exclusive Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22 Port FFFF-FFFF Exclusive Motherboard resources Port FFFF-FFFF Exclusive Motherboard resources --------[ Input ]------------------------------------------------------------------------------------------------------- [ Standard PS/2 Keyboard ] Keyboard Properties: Keyboard Name Standard PS/2 Keyboard Keyboard Type IBM enhanced (101- or 102-key) keyboard Keyboard Layout US ANSI Code Page 1252 - Western European (Windows) OEM Code Page 437 Repeat Delay 1 Repeat Rate 31 [ Synaptics PS/2 Port TouchPad ] Mouse Properties: Mouse Name Synaptics PS/2 Port TouchPad Mouse Buttons 5 Mouse Hand Right Pointer Speed 1 Double-Click Time 500 msec X/Y Threshold 6 / 10 Wheel Scroll Lines 3 Mouse Features: Active Window Tracking Disabled ClickLock Disabled Hide Pointer While Typing Enabled Mouse Wheel Present Move Pointer To Default Button Disabled Pointer Trails Disabled Sonar Disabled --------[ Printers ]---------------------------------------------------------------------------------------------------- [ Fax ] Printer Properties: Printer Name Fax Default Printer No Share Point Not shared Printer Port SHRFAX: Printer Driver Microsoft Shared Fax Driver (v4.00) Device Name Fax Print Processor winprint Separator Page None Availability 9:00 AM - 9:00 AM Priority 1 Print Jobs Queued 0 Status Unknown Paper Properties: Paper Size Letter, 8.5 x 11 in Orientation Portrait Print Quality 200 x 200 dpi Mono [ Microsoft XPS Document Writer (Default) ] Printer Properties: Printer Name Microsoft XPS Document Writer Default Printer Yes Share Point Not shared Printer Port XPSPort: Printer Driver Microsoft XPS Document Writer (v6.00) Device Name Microsoft XPS Document Writer Print Processor winprint Separator Page None Availability Always Priority 1 Print Jobs Queued 0 Status Unknown Paper Properties: Paper Size Letter, 8.5 x 11 in Orientation Portrait Print Quality 600 x 600 dpi Color --------[ Auto Start ]-------------------------------------------------------------------------------------------------- ACPW06EN Registry\Common\Run C:\Program Files (x86)\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe /pid ACPW06EN Adobe ARM Registry\Common\Run C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe ArcadeMovieService Registry\Common\Run C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe AthBtTray Registry\Common\Run C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe AtherosBtStack Registry\Common\Run C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe BackupManagerTray Registry\Common\Run C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k Dolby Advanced Audio v2 Registry\Common\Run C:\Dolby PCEE4\pcee4.exe -autostart GrooveMonitor Registry\Common\Run C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe HotKeysCmds Registry\Common\Run C:\Windows\system32\hkcmd.exe IgfxTray Registry\Common\Run C:\Windows\system32\igfxtray.exe LManager Registry\Common\Run C:\Program Files (x86)\Launch Manager\LManager.exe NUSB3MON Registry\Common\Run C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe Persistence Registry\Common\Run C:\Windows\system32\igfxpers.exe Power Management Registry\Common\Run C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe RemoteControl11 Registry\Common\Run C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe RtHDVBg_Dolby Registry\Common\Run C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 RtHDVCpl Registry\Common\Run C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s Sidebar Registry\User\Run C:\Program Files\Windows Sidebar\sidebar.exe /autoRun Stardock ObjectDock StartMenu\User C:\Program Files (x86)\Stardock\ObjectDock Plus\ObjectDock.exe SuiteTray Registry\Common\Run C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe SunJavaUpdateSched Registry\Common\Run C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe SynTPEnh Registry\Common\Run %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe TkBellExe Registry\Common\Run C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe -osboot WinampAgent Registry\Common\Run C:\Program Files (x86)\Winamp\winampa.exe --------[ Scheduled ]--------------------------------------------------------------------------------------------------- [ Acer Registration - Reminder Recall task ] Task Properties: Task Name Acer Registration - Reminder Recall task Status Enabled Application Name C:\Program Files (x86)\Acer\Registration\GREG.exe Application Parameters /RR Working Folder C:\Program Files (x86)\Acer\Registration\ Comment Global Registration Account Name user Creator user Last Run 30/11/2012 3:30:00 PM Next Run 30/11/2012 4:00:00 PM Task Triggers: Daily At 8:00:00 AM every day - After triggered, repeat every 30 minutes for a duration of 1 day [ Adobe ARM ] Task Properties: Task Name Adobe ARM Status Enabled Application Name "c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Application Parameters Working Folder Comment Account Name Creator Last Run 30/11/2012 3:23:05 PM Next Run Unknown Task Triggers: At log on At log on of any user [ Adobe Reader Speed Launcher ] Task Properties: Task Name Adobe Reader Speed Launcher Status Enabled Application Name "c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" Application Parameters Working Folder Comment Account Name Creator Last Run 30/11/2012 3:25:05 PM Next Run Unknown Task Triggers: At log on At log on of any user [ EgisUpdate ] Task Properties: Task Name EgisUpdate Status Enabled Application Name "C:\Program Files\EgisTec IPS\EgisUpdate.exe" Application Parameters -d Working Folder Comment Account Name Creator Egis Technology Inc. Last Run 30/11/2012 3:31:05 PM Next Run Unknown Task Triggers: At log on At log on of any user [ PMMUpdate ] Task Properties: Task Name PMMUpdate Status Running Application Name "C:\Program Files\EgisTec IPS\PMMUpdate.exe" Application Parameters Working Folder Comment Account Name Creator Egis Technology Inc. Last Run 30/11/2012 3:31:05 PM Next Run Unknown Task Triggers: At log on At log on of any user [ RealUpgradeLogonTaskS-1-5-21-2602235906-715977651-979350228-1000 ] Task Properties: Task Name RealUpgradeLogonTaskS-1-5-21-2602235906-715977651-979350228-1000 Status Enabled Application Name C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Application Parameters /logoncheck Working Folder Comment Account Name user-PC\user Creator Last Run Unknown Next Run Unknown Task Triggers: At log on At log on of user [ RealUpgradeScheduledTaskS-1-5-21-2602235906-715977651-979350228-1000 ] Task Properties: Task Name RealUpgradeScheduledTaskS-1-5-21-2602235906-715977651-979350228-1000 Status Enabled Application Name C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Application Parameters /scheduledcheck Working Folder Comment Account Name user-PC\user Creator Last Run Unknown Next Run 7/12/2012 3:21:14 PM Task Triggers: Daily At 3:21:14 PM every 7 days --------[ Installed Programs ]------------------------------------------------------------------------------------------ ???? ??? Windows Live [arabic] 15.4.3502.0922 Unknown {FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69} Microsoft Corporation 2011-10-03 ???? Windows Live [arabic] 15.4.3502.0922 Unknown {0A4C4B29-5A9D-4910-A13C-B920D5758744} Microsoft Corporation 2011-10-03 ????? Windows Live [russian] 15.4.3502.0922 Unknown {B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137} ?????????? ?????????? 2011-10-03 ?????? ??????? ?? Windows Live [hebrew] 15.4.3502.0922 Unknown {CE929F09-3853-4180-BD90-30764BFF7136} Microsoft Corporation 2011-10-03 ???????? ?????????? Windows Live [russian] 15.4.3502.0922 Unknown {E83DC314-C926-4214-AD58-147691D6FE9F} Microsoft Corporation 2011-10-03 ?????????? Windows Live [russian] 15.4.3502.0922 Unknown {77F69CA1-E53D-4D77-8BA3-FA07606CC851} Microsoft Corporation 2011-10-03 ??????????? ?? Windows Live [bulgarian] 15.4.3502.0922 Unknown {4444F27C-B1A8-464E-9486-4C37BAB39A09} Microsoft Corporation 2011-10-03 2007 Microsoft Office Suite Service Pack 2 (SP2) Unknown {90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft 2007 Microsoft Office Suite Service Pack 2 (SP2) Unknown {90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft 2007 Microsoft Office Suite Service Pack 2 (SP2) Unknown {90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft 2007 Microsoft Office Suite Service Pack 2 (SP2) Unknown {90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft 2007 Microsoft Office Suite Service Pack 2 (SP2) Unknown {90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft 2007 Microsoft Office Suite Service Pack 2 (SP2) Unknown {90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft 2007 Microsoft Office Suite Service Pack 2 (SP2) Unknown {90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft 2007 Microsoft Office Suite Service Pack 2 (SP2) Unknown {90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft 2007 Microsoft Office Suite Service Pack 2 (SP2) Unknown {90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft 2007 Microsoft Office Suite Service Pack 2 (SP2) Unknown {90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{E64BA721-2310-4B55-BE5A-2925F9706192} Microsoft 2007 Microsoft Office Suite Service Pack 2 (SP2) Unknown {90120000-002A-0409-1000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft 2007 Microsoft Office Suite Service Pack 2 (SP2) Unknown {90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft 2007 Microsoft Office Suite Service Pack 2 (SP2) Unknown {90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft 2007 Microsoft Office Suite Service Pack 2 (SP2) Unknown {90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft 2007 Microsoft Office Suite Service Pack 2 (SP2) Unknown {90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft 2007 Microsoft Office Suite Service Pack 2 (SP2) Unknown {90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft 2007 Microsoft Office Suite Service Pack 2 (SP2) Unknown {90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft 2007 Microsoft Office Suite Service Pack 2 (SP2) Unknown {90120000-0116-0409-1000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft 2007 Microsoft Office Suite Service Pack 2 (SP2) Unknown {90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft 2007 Microsoft Office Suite Service Pack 2 (SP2) Unknown {91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft ACDSee Pro 6 6.0.169 Unknown {D40B2C78-30CA-4A8F-A157-C86B491C73AF} ACD Systems International Inc. 2012-11-30 Acer Backup Manager 3.0.0.99 Unknown InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270} NTI Corporation 2011-10-03 Acer Crystal Eye Webcam 1.0.1904 Unknown InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} CyberLink Corp. 2012-11-25 Acer ePower Management [english] 6.00.3008 Unknown {3DB0448D-AD82-4923-B305-D001E521A964} Acer Incorporated 2012-11-25 Acer eRecovery Management [english] 5.00.3504 Unknown {7F811A54-5A09-4579-90E1-C93498E230D9} Acer Incorporated 2012-11-25 Acer Games 1.0.2.5 Unknown WildTangent acer Master Uninstall WildTangent Acer Registration 1.04.3503 Unknown Acer Registration Acer Incorporated Acer ScreenSaver 1.1.0902.2011 Unknown Acer Screensaver Acer Incorporated Acer Updater [english] 1.02.3500 Unknown {EE171732-BEB4-4576-887D-CB62727F01CA} Acer Incorporated 2011-10-03 Adobe Flash Player 10 ActiveX 10.3.183.7 Unknown Adobe Flash Player ActiveX Adobe Systems Incorporated Adobe Reader XI 11.0.00 Unknown {AC76BA86-7AD7-1033-7B44-AB0000000001} Adobe Systems Incorporated 2012-11-29 Adobe Shockwave Player 11.6 11.6.8.638 Unknown Adobe Shockwave Player Adobe Systems, Inc. Advertising Center 0.0.0.2 Unknown {B2EC4A38-B545-4A00-8214-13FE0E915E6D} Nero AG 2012-11-30 Agatha Christie - Death on the Nile 2.2.0.98 Unknown WTA-55c2c8ba-7174-4dc9-a4fe-bc2359fb4ee8 WildTangent Bejeweled 2 Deluxe 2.2.0.95 Unknown WTA-d64f59f0-96cf-4242-ad53-1c5ba7fb1b0b WildTangent Bluetooth Win7 Suite (64) 7.4.0.96 Unknown {230D1595-57DA-4933-8C4E-375797EBB7E1} Atheros 2012-11-25 Broadcom Card Reader Driver Installer 14.4.9.2 Unknown {4710662C-8204-4334-A977-B1AC9E547819} Broadcom Corporation 2012-11-25 Broadcom Gigabit NetLink Controller 14.4.6.1 Unknown {029A4933-3F36-4E4F-AEC3-2207AB26463D} Broadcom Corporation 2012-11-25 Chuzzle Deluxe 2.2.0.95 Unknown WTA-ce206d57-495e-4930-931d-621036225d7b WildTangent clear.fi Client [english] 1.00.3500 Unknown {43AAE145-83CF-4C96-9A5E-756CEFCE879F} Acer Incorporated 2012-11-25 clear.fi 1.0.2016.00 Unknown InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761} CyberLink Corp. 2012-11-25 Crazy Chicken Kart 2 2.2.0.97 Unknown WTA-62809891-af2c-4160-9124-15d615655ef8 WildTangent CyberLink PowerDVD 11 11.0.1620.51 Unknown InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9} CyberLink Corp. 2012-11-29 D3DX10 15.4.2368.0902 Unknown {E09C4DB7-630C-4F06-A631-8EA7239923AF} Microsoft 2011-10-03 Dolby Advanced Audio v2 7.2.7000.7 Unknown {B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613} Dolby Laboratories Inc 2012-11-25 DolbyFiles 0.1 Unknown {B1ADF008-E898-4FE2-8A1F-690D9A06ACAF} Nero AG 2012-11-30 FATE 2.2.0.97 Unknown WTA-d9b98e58-ad98-4284-a61a-0757b8959918 WildTangent Final Drive: Nitro 2.2.0.95 Unknown WTA-a08c2d80-0757-43e9-9e4f-ebaeb99a8391 WildTangent Fotogalerija Windows Live [slovenian] 15.4.3502.0922 Unknown {E59969EA-3B5B-4B24-8B94-43842A7FBFE9} Microsoft Corporation 2011-10-03 Galeria de Fotografias do Windows Live [portuguese (portugal)] 15.4.3502.0922 Unknown {0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4} Microsoft Corporation 2011-10-03 Galería fotográfica de Windows Live [spanish (spain, international sort)] 15.4.3502.0922 Unknown {E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66} Microsoft Corporation 2011-10-03 Galeria fotogràfica del Windows Live [catalan] 15.4.3502.0922 Unknown {4736B0ED-F6A1-48EC-A1B7-C053027648F1} Microsoft Corporation 2011-10-03 Galeria fotografii uslugi Windows Live [polish] 15.4.3502.0922 Unknown {CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431} Microsoft Corporation 2011-10-03 Galerie de photos Windows Live [french] 15.4.3502.0922 Unknown {488F0347-C4A7-4374-91A7-30818BEDA710} Microsoft Corporation 2011-10-03 Galerie foto Windows Live [romanian] 15.4.3502.0922 Unknown {CB66242D-12B1-4494-82D2-6F53A7E024A3} Microsoft Corporation 2011-10-03 Identity Card 1.00.3501 Unknown Identity Card Acer Incorporated ImagXpress 7.0.74.0 Unknown {A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D} Nero AG 2012-11-30 Insaniquarium Deluxe 2.2.0.97 Unknown WTA-2fa1b850-1749-46dc-ae07-7495e5c65a1f WildTangent Intel(R) Control Center 1.2.1.1007 Unknown {F8A9085D-4C7A-41a9-8A77-C8998A96C421} Intel Corporation Intel(R) Management Engine Components 7.0.0.1144 Unknown {65153EA5-8B6E-43B6-857B-C6E4FC25798A} Intel Corporation Intel(R) Processor Graphics 8.15.10.2345 Unknown {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} Intel Corporation Java 7 Update 9 (64-bit) 7.0.90 Unknown {26A24AE4-039D-4CA4-87B4-2F86417009FF} Oracle 2012-11-29 Java 7 Update 9 7.0.90 Unknown {26A24AE4-039D-4CA4-87B4-2F83217009FF} Oracle 2012-11-29 Java Auto Updater 2.1.9.0 Unknown {4A03706F-666A-4037-7777-5F2748764D10} Sun Microsystems, Inc. 2012-11-29 Jewel Match 3 2.2.0.97 Unknown WTA-1d151e54-61e3-4740-9f46-f6cebe016666 WildTangent Jewel Quest Solitaire 2.2.0.95 Unknown WTA-dd8870f7-882e-4585-90bb-8d92a2f8a635 WildTangent John Deere Drive Green 2.2.0.95 Unknown WTA-63fe0305-8f81-4b19-b0e7-a96e3845bc49 WildTangent Junk Mail filter update 15.4.3502.0922 Unknown {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} Microsoft Corporation 2011-10-03 K-Lite Codec Pack 9.3.0 (64-bit) 9.3.0 Unknown KLiteCodecPack64_is1 2012-11-29 K-Lite Codec Pack 9.3.0 (Full) 9.3.0 Unknown KLiteCodecPack_is1 2012-11-29 Launch Manager 5.1.4 Unknown LManager Acer Inc. Mesh Runtime 15.4.5722.2 Unknown {8C6D6116-B724-4810-8F2D-D047E6B7D68E} Microsoft Corporation 2011-10-03 Microsoft Application Error Reporting 12.0.6015.5000 Unknown {95120000-00B9-0409-1000-0000000FF1CE} Microsoft Corporation 2011-10-03 Microsoft Office 2010 14.0.4763.1000 - Office 2010 Retail Unknown {95140000-0070-0000-0000-0000000FF1CE} Microsoft Corporation 2012-11-25 Microsoft Office Access MUI (English) 2007 12.0.6425.1000 - Office 2007 SP2 Unknown {90120000-0015-0409-0000-0000000FF1CE} Microsoft Corporation 2012-11-29 Microsoft Office Access Setup Metadata MUI (English) 2007 12.0.6425.1000 - Office 2007 SP2 Unknown {90120000-0117-0409-0000-0000000FF1CE} Microsoft Corporation 2012-11-29 Microsoft Office Excel MUI (English) 2007 12.0.6425.1000 - Office 2007 SP2 Unknown {90120000-0016-0409-0000-0000000FF1CE} Microsoft Corporation 2012-11-29 Microsoft Office Groove MUI (English) 2007 12.0.6425.1000 - Office 2007 SP2 Unknown {90120000-00BA-0409-0000-0000000FF1CE} Microsoft Corporation 2012-11-29 Microsoft Office Groove Setup Metadata MUI (English) 2007 12.0.6425.1000 - Office 2007 SP2 Unknown {90120000-0114-0409-0000-0000000FF1CE} Microsoft Corporation 2012-11-29 Microsoft Office InfoPath MUI (English) 2007 12.0.6425.1000 - Office 2007 SP2 Unknown {90120000-0044-0409-0000-0000000FF1CE} Microsoft Corporation 2012-11-29 Microsoft Office Office 64-bit Components 2007 12.0.6425.1000 - Office 2007 SP2 Unknown {90120000-002A-0000-1000-0000000FF1CE} Microsoft Corporation 2012-11-29 Microsoft Office OneNote MUI (English) 2007 12.0.6425.1000 - Office 2007 SP2 Unknown {90120000-00A1-0409-0000-0000000FF1CE} Microsoft Corporation 2012-11-29 Microsoft Office Outlook MUI (English) 2007 12.0.6425.1000 - Office 2007 SP2 Unknown {90120000-001A-0409-0000-0000000FF1CE} Microsoft Corporation 2012-11-29 Microsoft Office PowerPoint MUI (English) 2007 12.0.6425.1000 - Office 2007 SP2 Unknown {90120000-0018-0409-0000-0000000FF1CE} Microsoft Corporation 2012-11-29 Microsoft Office Proof (English) 2007 12.0.6425.1000 - Office 2007 SP2 Unknown {90120000-001F-0409-0000-0000000FF1CE} Microsoft Corporation 2012-11-29 Microsoft Office Proof (French) 2007 [french (france)] 12.0.6425.1000 - Office 2007 SP2 Unknown {90120000-001F-040C-0000-0000000FF1CE} Microsoft Corporation 2012-11-29 Microsoft Office Proof (Spanish) 2007 [spanish (spain, international sort)] 12.0.6425.1000 - Office 2007 SP2 Unknown {90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Corporation 2012-11-29 Microsoft Office Proofing (English) 2007 12.0.4518.1014 - Office 2007 Retail Unknown {90120000-002C-0409-0000-0000000FF1CE} Microsoft Corporation 2012-11-29 Microsoft Office Publisher MUI (English) 2007 12.0.6425.1000 - Office 2007 SP2 Unknown {90120000-0019-0409-0000-0000000FF1CE} Microsoft Corporation 2012-11-29 Microsoft Office Shared 64-bit MUI (English) 2007 12.0.6425.1000 - Office 2007 SP2 Unknown {90120000-002A-0409-1000-0000000FF1CE} Microsoft Corporation 2012-11-29 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 12.0.6425.1000 - Office 2007 SP2 Unknown {90120000-0116-0409-1000-0000000FF1CE} Microsoft Corporation 2012-11-29 Microsoft Office Shared MUI (English) 2007 12.0.6425.1000 - Office 2007 SP2 Unknown {90120000-006E-0409-0000-0000000FF1CE} Microsoft Corporation 2012-11-29 Microsoft Office Shared Setup Metadata MUI (English) 2007 12.0.6425.1000 - Office 2007 SP2 Unknown {90120000-0115-0409-0000-0000000FF1CE} Microsoft Corporation 2012-11-29 Microsoft Office Ultimate 2007 12.0.6425.1000 - Office 2007 SP2 Unknown ULTIMATER Microsoft Corporation Microsoft Office Ultimate 2007 12.0.6425.1000 - Office 2007 SP2 Unknown {91120000-002E-0000-0000-0000000FF1CE} Microsoft Corporation 2012-11-29 Microsoft Office Word MUI (English) 2007 12.0.6425.1000 - Office 2007 SP2 Unknown {90120000-001B-0409-0000-0000000FF1CE} Microsoft Corporation 2012-11-29 Microsoft Silverlight 5.1.10411.0 Unknown {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Corporation 2012-11-29 Microsoft SQL Server 2005 Compact Edition [ENU] 3.1.0000 Unknown {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Corporation 2011-10-03 Microsoft Visual C++ 2005 Redistributable 8.0.56336 Unknown {7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Corporation 2012-11-25 Microsoft Visual C++ 2005 Redistributable 8.0.59193 Unknown {837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Corporation 2011-10-03 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 9.0.30729 Unknown {9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Corporation 2011-10-03 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 9.0.30729.4148 Unknown {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Corporation 2011-10-03 Mozilla Firefox 16.0.2 (x86 en-US) 16.0.2 Unknown Mozilla Firefox 16.0.2 (x86 en-US) Mozilla Mozilla Maintenance Service 16.0.2 Unknown MozillaMaintenanceService Mozilla MSVCRT_amd64 15.4.2862.0708 Unknown {D0B44725-3666-492D-BEF6-587A14BD9BD9} Microsoft 2011-10-03 MSVCRT 15.4.2862.0708 Unknown {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} Microsoft 2011-10-03 Mystery of Mortlake Mansion 2.2.0.98 Unknown WTA-ad930a8c-1c28-495e-8319-7721a6252d28 WildTangent MyWinLocker Suite 4.0.14.18 Unknown InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE} Egis Technology Inc. 2011-10-03 MyWinLocker 4.0.14.27 Unknown {0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427} Egis Technology Inc. 2011-10-03 Nero 9 Essentials Unknown {fb3bf8b1-3bf6-4ba7-b474-80a7c59914bc} Nero AG 2012-11-30 Nero BurnRights Help 3.4.4.100 Unknown {F6BDD7C5-89ED-4569-9318-469AA9732572} Nero AG 2012-11-30 Nero BurnRights 3.4.13.100 Unknown {7829DB6F-A066-4E40-8912-CB07887C20BB} Nero AG 2012-11-30 Nero ControlCenter 9.0.0.1 Unknown {BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A} Nero AG 2012-11-30 Nero ControlCenter 9.0.0.1 Unknown {F4041DCE-3FE1-4E18-8A9E-9DE65231EE36} Nero AG 2012-11-30 Nero CoverDesigner Help 4.4.9.100 Unknown {CE96F5A5-584D-4F8F-AA3E-9BAED413DB72} Nero AG 2012-11-30 Nero CoverDesigner 4.4.15.100 Unknown {62AC81F6-BDD3-4110-9D36-3E9EAAB40999} Nero AG 2012-11-30 Nero Disc Copy Gadget Help 2.4.34.0 Unknown {60C731FB-C951-41CE-AD41-8E54C8594609} Nero AG 2012-11-30 Nero Disc Copy Gadget 2.4.34.0 Unknown {F1861F30-3419-44DB-B2A1-C274825698B3} Nero AG 2012-11-30 Nero DiscSpeed Help 5.4.4.100 Unknown {CC019E3F-59D2-4486-8D4B-878105B62A71} Nero AG 2012-11-30 Nero DiscSpeed 5.4.13.100 Unknown {869200DB-287A-4DC0-B02B-2B6787FBCD4C} Nero AG 2012-11-30 Nero DriveSpeed Help 4.4.4.100 Unknown {E5C7D048-F9B4-4219-B323-8BDB01A2563D} Nero AG 2012-11-30 Nero DriveSpeed 4.4.12.100 Unknown {33CF58F5-48D8-4575-83D6-96F574E4D83A} Nero AG 2012-11-30 Nero Express Help 9.4.27.100 Unknown {83202942-84B3-4C50-8622-B8C0AA2D2885} Nero AG 2012-11-30 Nero InfoTool Help 6.4.4.100 Unknown {20400DBD-E6DB-45B8-9B6B-1DD7033818EC} Nero AG 2012-11-30 Nero InfoTool 6.4.12.100 Unknown {FBCDFD61-7DCF-4E71-9226-873BA0053139} Nero AG 2012-11-30 Nero Installer 4.4.9.0 Unknown {E8A80433-302B-4FF1-815D-FCC8EAC482FF} Nero AG 2012-11-30 Nero Online Upgrade 1.3.0.0 Unknown {C81A2FE0-3574-00A9-CED4-BDAA334CBE8E} Nero AG 2012-11-30 Nero PhotoSnap Help 2.4.28.0 Unknown {1C00C7C5-E615-4139-B817-7F4003DE68C0} Nero AG 2012-11-30 Nero PhotoSnap 2.4.28.0 Unknown {9E82B934-9A25-445B-B8DF-8012808074AC} Nero AG 2012-11-30 Nero Recode Help 4.4.38.1 Unknown {AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80} Nero AG 2012-11-30 Nero Recode 4.4.38.1 Unknown {359CFC0A-BEB1-440D-95BA-CF63A86DA34F} Nero AG 2012-11-30 Nero ShowTime 5.4.0.100 Unknown {02627EE5-EACA-4742-A9CC-E687631773E4} Nero AG 2012-11-30 Nero ShowTime 5.4.24.100 Unknown {D9DCF92E-72EB-412D-AC71-3B01276E5F8B} Nero AG 2012-11-30 Nero StartSmart Help 9.4.19.100 Unknown {2348B586-C9AE-46CE-936C-A68E9426E214} Nero AG 2012-11-30 Nero StartSmart OEM 9.4.10.100 Unknown {4D43D635-6FDA-4FA5-AA9B-23CF73D058EA} Nero AG 2012-11-30 Nero StartSmart 9.4.19.100 Unknown {7748AC8C-18E3-43BB-959B-088FAEA16FB2} Nero AG 2012-11-30 Nero Vision Help 6.4.15.100 Unknown {5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1} Nero AG 2012-11-30 Nero Vision 6.4.16.100 Unknown {43E39830-1826-415D-8BAE-86845787B54B} Nero AG 2012-11-30 NeroExpress 9.4.27.100 Unknown {595A3116-40BB-4E0F-A2E8-D7951DA56270} Nero AG 2012-11-30 neroxml 1.0.0 Unknown {56C049BE-79E9-4502-BEA7-9754A3E60F9B} Nero AG 2012-11-30 newsXpresso 1.0.0.40 Unknown InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF} esobi Inc. 2011-10-03 NVIDIA Control Panel 285.90 [english (malaysia)] 285.90 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel NVIDIA Corporation 2012-11-25 NVIDIA Graphics Driver 285.90 [english (malaysia)] 285.90 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver NVIDIA Corporation 2012-11-25 NVIDIA Install Application [english (malaysia)] 2.1002.48.261 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer NVIDIA Corporation 2012-11-25 NVIDIA Optimus 1.5.21 [english (malaysia)] 1.5.21 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus NVIDIA Corporation 2012-11-25 NVIDIA Update Components [english (malaysia)] 1.5.21 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update NVIDIA Corporation 2012-11-25 ObjectDock Plus 2.01 Unknown ObjectDock Plus2.01 Stardock Corporation Penguins! 2.2.0.95 Unknown WTA-b5b0ab73-8aee-49a3-a474-646eacc98638 WildTangent PhotoScape Unknown PhotoScape Plants vs. Zombies - Game of the Year 2.2.0.95 Unknown WTA-01938454-9d94-4c51-8476-97da54b79d44 WildTangent Poczta uslugi Windows Live [polish] 15.4.3502.0922 Unknown {64376910-1860-4CEF-8B34-AA5D205FC5F1} Microsoft Corporation 2011-10-03 Podstawowe programy Windows Live [polish] 15.4.3502.0922 Unknown {7A9D47BA-6D50-4087-866F-0800D8B89383} Microsoft Corporation 2011-10-03 Polar Bowler 2.2.0.97 Unknown WTA-7eb2fe2d-f0d4-43a2-afca-13f8eeb3f1d8 WildTangent Pošta Windows Live [slovenian] 15.4.3502.0922 Unknown {7BA19818-F717-4DFB-BC11-FAF17B2B8AEE} Microsoft Corporation 2011-10-03 Raccolta foto di Windows Live [italian] 15.4.3502.0922 Unknown {ED16B700-D91F-44B0-867C-7EB5253CA38D} Microsoft Corporation 2011-10-03 RealNetworks - Microsoft Visual C++ 2008 Runtime 9.0 Unknown {7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA} RealNetworks, Inc 2012-11-29 RealPlayer 15.0.6 Unknown RealPlayer 15.0 RealNetworks Realtek High Definition Audio Driver [english] 6.0.1.6423 Unknown {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} Realtek Semiconductor Corp. 2012-11-25 RealUpgrade 1.1 1.1.0 Unknown {28C2DED6-325B-4CC7-983A-1777C8F7FBAB} RealNetworks, Inc. 2012-11-29 Renesas Electronics USB 3.0 Host Controller Driver 2.0.32.0 Unknown InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996} Renesas Electronics Corporation 2012-11-25 S?????? f?t???af??? t?? Windows Live [greek] 15.4.3502.0922 Unknown {C00C2A91-6CB3-483F-80B3-2958E29468F1} Microsoft Corporation 2011-10-03 Shredder 2.0.8.9 Unknown {1F557316-CFC0-41BD-AFF7-8BC49CE444D7} Egis Technology Inc. 2011-10-03 Skype™ 5.3 5.3.116 Unknown {5335DADB-34BA-4AE8-A519-648D78498846} Skype Technologies S.A. 2012-11-25 Slingo Deluxe 2.2.0.95 Unknown WTA-f06f4e69-dc07-40bf-bfe0-021920832f25 WildTangent swMSM 12.0.0.1 Unknown {612C34C7-5E90-47D8-9B5C-0F717DD82726} Adobe Systems, Inc 2012-11-29 Synaptics Pointing Device Driver 15.1.18.0 Unknown SynTPDeinstKey Synaptics Incorporated Torchlight 2.2.0.97 Unknown WTA-ae6b40dc-9e13-4843-a24d-594bf61608a7 WildTangent Update Installer for WildTangent Games App Unknown {2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App WildTangent Virtual Villagers 4 - The Tree of Life 2.2.0.97 Unknown WTA-53d66ed0-fa53-436d-9704-dde2e67c1aee WildTangent Wedding Dash 2.2.0.95 Unknown WTA-7281d7bc-5602-4a4a-824d-e972b78fd491 WildTangent Welcome Center 1.02.3503 Unknown Acer Welcome Center Acer Incorporated WildTangent Games App (Acer Games) 4.0.5.14 Unknown {70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer WildTangent Winamp Detector Plug-in 1.0.0.1 Unknown Winamp Detect Nullsoft, Inc 2012-11-29 Winamp Detector Plug-in 1.0.0.1 Unknown Winamp Detect Nullsoft, Inc 2012-11-29 Winamp 5.623 Unknown Winamp Nullsoft, Inc Windows Live ??? [chinese (traditional, taiwan)] 15.4.3502.0922 Unknown {EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB} Microsoft Corporation 2011-10-03 Windows Live ???? [chinese (traditional, taiwan)] 15.4.3502.0922 Unknown {EEF99142-3357-402C-B298-DEC303E12D92} Microsoft Corporation 2011-10-03 Windows Live [french] 15.4.3502.0922 Unknown {34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5} Microsoft Corporation 2011-10-03 Windows Live Communications Platform 15.4.3502.0922 Unknown {D45240D3-B6B3-4FF9-B243-54ECE3E10066} Microsoft Corporation 2011-10-03 Windows Live Essentials [arabic] 15.4.3502.0922 Unknown {84A411F9-40A5-4CDA-BF46-E09FBB2BC313} Microsoft Corporation 2011-10-03 Windows Live Essentials [bulgarian] 15.4.3502.0922 Unknown {B0AD205F-60D0-4084-AFB8-34D9A706D9A8} Microsoft Corporation 2011-10-03 Windows Live Essentials [catalan] 15.4.3502.0922 Unknown {06B05153-97E4-427E-B1A8-E098F6C5E52F} Microsoft Corporation 2011-10-03 Windows Live Essentials [croatian] 15.4.3502.0922 Unknown {C01FCACE-CC3D-49A2-ADC2-583A49857C58} Microsoft Corporation 2011-10-03 Windows Live Essentials [czech] 15.4.3502.0922 Unknown {FE62C88B-425B-4BDE-8B70-CD5AE3B83176} Microsoft Corporation 2011-10-03 Windows Live Essentials [danish] 15.4.3502.0922 Unknown {827D3E4A-0186-48B7-9801-7D1E9DD40C07} Microsoft Corporation 2011-10-03 Windows Live Essentials [dutch] 15.4.3502.0922 Unknown {2A07C35B-8384-4DA4-9A95-442B6C89A073} Microsoft Corporation 2011-10-03 Windows Live Essentials [english] 15.4.3502.0922 Unknown {FE044230-9CA5-43F7-9B58-5AC5A28A1F33} Microsoft Corporation 2011-10-03 Windows Live Essentials [german] 15.4.3502.0922 Unknown {F95E4EE0-0C6E-4273-B6B9-91FD6F071D76} Microsoft Corporation 2011-10-03 Windows Live Essentials [greek] 15.4.3502.0922 Unknown {17F99FCE-8F03-4439-860A-25C5A5434E18} Microsoft Corporation 2011-10-03 Windows Live Essentials [hebrew] 15.4.3502.0922 Unknown {ABD534B7-E951-470E-92C2-CD5AF1735726} Microsoft Corporation 2011-10-03 Windows Live Essentials [hungarian] 15.4.3502.0922 Unknown {FEEF7F78-5876-438B-B554-C4CC426A4302} Microsoft Corporation 2011-10-03 Windows Live Essentials [italian] 15.4.3502.0922 Unknown {DEF91E0F-D266-453D-B6F2-1BA002B40CB6} Microsoft Corporation 2011-10-03 Windows Live Essentials [norwegian] 15.4.3502.0922 Unknown {F0F9505B-3ACF-4158-9311-D0285136AA00} Microsoft Corporation 2011-10-03 Windows Live Essentials [portuguese (brazil)] 15.4.3502.0922 Unknown {43B43577-2514-4CE0-B14A-7E85C17C0453} Microsoft Corporation 2011-10-03 Windows Live Essentials [portuguese (portugal)] 15.4.3502.0922 Unknown {B618C3BF-5142-4630-81DD-F96864F97C7E} Microsoft Corporation 2011-10-03 Windows Live Essentials [portuguese (portugal)] 15.4.3538.0513 Unknown WinLiveSuite Microsoft Corporation Windows Live Essentials [romanian] 15.4.3502.0922 Unknown {17835B63-8308-427F-8CF5-D76E0D5FE457} Microsoft Corporation 2011-10-03 Windows Live Essentials [slovak] 15.4.3502.0922 Unknown {6491AB99-A11E-41FD-A5E7-32DE8A097B8E} Microsoft Corporation 2011-10-03 Windows Live Essentials [slovenian] 15.4.3502.0922 Unknown {410DF0AA-882D-450D-9E1B-F5397ACFFA80} Microsoft Corporation 2011-10-03 Windows Live Essentials [spanish (spain, international sort)] 15.4.3502.0922 Unknown {7D1C7B9F-2744-4388-B128-5C75B8BCCC84} Microsoft Corporation 2011-10-03 Windows Live Essentials [swedish] 15.4.3502.0922 Unknown {4A04DB63-8F81-4EF4-9D09-61A2057EF419} Microsoft Corporation 2011-10-03 Windows Live Essentials [thai] 15.4.3502.0922 Unknown {3B72C1E0-26A1-40F6-8516-D50C651DFB3C} Microsoft Corporation 2011-10-03 Windows Live Fotogaléria [slovak] 15.4.3502.0922 Unknown {97F77D62-5110-4FA3-A2D3-410B92D31199} Microsoft Corporation 2011-10-03 Windows Live Fotogalerie [czech] 15.4.3502.0922 Unknown {FB79FDB7-4DE1-453D-99FE-9A880F57380E} Microsoft Corporation 2011-10-03 Windows Live Fotogalerie [german] 15.4.3502.0922 Unknown {B113D18C-67B0-4FB7-B329-E89B66194AE6} Microsoft Corporation 2011-10-03 Windows Live Fotogalleri [norwegian] 15.4.3502.0922 Unknown {5C2F5C1B-9732-4F81-8FBF-6711627DC508} Microsoft Corporation 2011-10-03 Windows Live Fotograf Galerisi [turkish] 15.4.3502.0922 Unknown {BD695C2F-3EA0-4DA4-92D5-154072468721} Microsoft Corporation 2011-10-03 Windows Live Fotótár [hungarian] 15.4.3502.0922 Unknown {7272F232-A7E0-4B2B-A5D2-71B7C5E2379C} Microsoft Corporation 2011-10-03 Windows Live Galeria de Fotos [portuguese (brazil)] 15.4.3502.0922 Unknown {F7A46527-DF1F-4B0F-9637-98547E189442} Microsoft Corporation 2011-10-03 Windows Live Galerija fotografija [croatian] 15.4.3502.0922 Unknown {E5377D46-83C5-445A-A1F1-830336B42A10} Microsoft Corporation 2011-10-03 Windows Live ID Sign-in Assistant 7.250.4232.0 Unknown {1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698} Microsoft Corporation 2011-10-03 Windows Live Installer 15.4.3502.0922 Unknown {0B0F231F-CE6A-483D-AA23-77B364F75917} Microsoft Corporation 2011-10-03 Windows Live Language Selector 15.4.3538.0513 Unknown {180C8888-50F1-426B-A9DC-AB83A1989C65} Microsoft Corporation 2011-10-03 Windows Live Mail [bulgarian] 15.4.3502.0922 Unknown {82803FF3-563F-414F-A403-8D4C167D4120} Microsoft Corporation 2011-10-03 Windows Live Mail [catalan] 15.4.3502.0922 Unknown {48F597DD-D397-4CFA-91A0-4C033A0113BD} Microsoft Corporation 2011-10-03 Windows Live Mail [chinese (traditional, taiwan)] 15.4.3502.0922 Unknown {A0B91308-6666-4249-8FF6-1E11AFD75FE1} Microsoft Corporation 2011-10-03 Windows Live Mail [croatian] 15.4.3502.0922 Unknown {ABE2F2AA-7ADC-4717-9573-BF3F83C696AC} Microsoft Corporation 2011-10-03 Windows Live Mail [czech] 15.4.3502.0922 Unknown {C454280F-3C3E-4929-B60E-9E6CED5717E7} Microsoft Corporation 2011-10-03 Windows Live Mail [danish] 15.4.3502.0922 Unknown {10186F1A-6A14-43DF-A404-F0105D09BB07} Microsoft Corporation 2011-10-03 Windows Live Mail [dutch] 15.4.3502.0922 Unknown {D588365A-AE39-4F27-BDAE-B4E72C8E900C} Microsoft Corporation 2011-10-03 Windows Live Mail [english] 15.4.3502.0922 Unknown {C66824E4-CBB3-4851-BB3F-E8CFD6350923} Microsoft Corporation 2011-10-03 Windows Live Mail [french] 15.4.3502.0922 Unknown {9FAE6E8D-E686-49F5-A574-0A58DFD9580C} Microsoft Corporation 2011-10-03 Windows Live Mail [german] 15.4.3502.0922 Unknown {B1239994-A850-44E2-BED8-E70A21124E16} Microsoft Corporation 2011-10-03 Windows Live Mail [greek] 15.4.3502.0922 Unknown {ADE85655-8D1E-4E4B-BF88-5E312FB2C74F} Microsoft Corporation 2011-10-03 Windows Live Mail [hebrew] 15.4.3502.0922 Unknown {DBAA2B17-D596-4195-A169-BA2166B0D69B} Microsoft Corporation 2011-10-03 Windows Live Mail [hungarian] 15.4.3502.0922 Unknown {C8421D85-CA0E-4E93-A9A9-B826C4FB88EA} Microsoft Corporation 2011-10-03 Windows Live Mail [italian] 15.4.3502.0922 Unknown {677AAD91-1790-4FC5-B285-0E6A9D65F7DC} Microsoft Corporation 2011-10-03 Windows Live Mail [norwegian] 15.4.3502.0922 Unknown {924B4D82-1B97-48EB-8F1E-55C4353C22DB} Microsoft Corporation 2011-10-03 Windows Live Mail [portuguese (brazil)] 15.4.3502.0922 Unknown {9DA3F03B-2CEE-4344-838E-117861E61FAF} Microsoft Corporation 2011-10-03 Windows Live Mail [portuguese (portugal)] 15.4.3502.0922 Unknown {25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E} Microsoft Corporation 2011-10-03 Windows Live Mail [romanian] 15.4.3502.0922 Unknown {D07B1FDA-876B-4914-9E9A-309732B6D44F} Microsoft Corporation 2011-10-03 Windows Live Mail [slovak] 15.4.3502.0922 Unknown {FA6CF94F-DACF-4FE7-959D-55C421B91B17} Microsoft Corporation 2011-10-03 Windows Live Mail [spanish (spain, international sort)] 15.4.3502.0922 Unknown {0D261C88-454B-46FE-B43B-640E621BDA11} Microsoft Corporation 2011-10-03 Windows Live Mail [swedish] 15.4.3502.0922 Unknown {D31169F2-CD71-4337-B783-3E53F29F4CAD} Microsoft Corporation 2011-10-03 Windows Live Mail [thai] 15.4.3502.0922 Unknown {249EE21B-8EDD-4F36-8A23-E580E9DBE80A} Microsoft Corporation 2011-10-03 Windows Live Mail [turkish] 15.4.3502.0922 Unknown {63CF7D0C-B6E7-4EE9-8253-816B613CC437} Microsoft Corporation 2011-10-03 Windows Live Mail 15.4.3502.0922 Unknown {9D56775A-93F3-44A3-8092-840E3826DE30} Microsoft Corporation 2011-10-03 Windows Live Mesh [arabic] 15.4.3502.0922 Unknown {AF01B90A-D25C-4F60-AECD-6EEDF509DC11} Microsoft Corporation 2011-10-03 Windows Live Mesh [bulgarian] 15.4.3502.0922 Unknown {2D3E034E-F76B-410A-A169-55755D2637BB} Microsoft Corporation 2011-10-03 Windows Live Mesh [catalan] 15.4.3502.0922 Unknown {625D45F0-5DCB-48BF-8770-C240A84DAAEB} Microsoft Corporation 2011-10-03 Windows Live Mesh [chinese (traditional, taiwan)] 15.4.3502.0922 Unknown {2C865FB0-051E-4D22-AC62-428E035AEAF0} Microsoft Corporation 2011-10-03 Windows Live Mesh [croatian] 15.4.3502.0922 Unknown {99BE7F5D-AB52-4404-9E03-4240FFAA7DE9} Microsoft Corporation 2011-10-03 Windows Live Mesh [czech] 15.4.3502.0922 Unknown {80E8C65A-8F70-4585-88A2-ABC54BABD576} Microsoft Corporation 2011-10-03 Windows Live Mesh [danish] 15.4.3502.0922 Unknown {00884F14-05BD-4D8E-90E5-1ABF78948CA4} Microsoft Corporation 2011-10-03 Windows Live Mesh [dutch] 15.4.3502.0922 Unknown {3F4143A1-9C21-4011-8679-3BC1014C6886} Microsoft Corporation 2011-10-03 Windows Live Mesh [english] 15.4.3502.0922 Unknown {A0C91188-C88F-4E86-93E6-CD7C9A266649} Microsoft Corporation 2011-10-03 Windows Live Mesh [finnish] 15.4.3502.0922 Unknown {39F95B0B-A0B7-4FA7-BB6C-197DA2546468} Microsoft Corporation 2011-10-03 Windows Live Mesh [french] 15.4.3502.0922 Unknown {841F1FB4-FDF8-461C-A496-3E1CFD84C0B5} Microsoft Corporation 2011-10-03 Windows Live Mesh [german] 15.4.3502.0922 Unknown {ACFBE99B-6981-4513-B17E-A2683CEB9EE5} Microsoft Corporation 2011-10-03 Windows Live Mesh [greek] 15.4.3502.0922 Unknown {7496FD31-E5CB-4AE4-82D3-31099558BF6A} Microsoft Corporation 2011-10-03 Windows Live Mesh [hebrew] 15.4.3502.0922 Unknown {F7E80BA7-A09D-4DD1-828B-C4A0274D4720} Microsoft Corporation 2011-10-03 Windows Live Mesh [hungarian] 15.4.3502.0922 Unknown {6ABE832B-A5C7-44C1-B697-3E123B7B4D5B} Microsoft Corporation 2011-10-03 Windows Live Mesh [italian] 15.4.3502.0922 Unknown {46872828-6453-4138-BE1C-CE35FBF67978} Microsoft Corporation 2011-10-03 Windows Live Mesh [norwegian] 15.4.3502.0922 Unknown {11417707-1F72-4279-95A3-01E0B898BBF5} Microsoft Corporation 2011-10-03 Windows Live Mesh [polish] 15.4.3502.0922 Unknown {BF35168D-F6F9-4202-BA87-86B5E3C9BF7A} Microsoft Corporation 2011-10-03 Windows Live Mesh [portuguese (brazil)] 15.4.3502.0922 Unknown {644063FA-ABA3-42AC-A8AC-3EDC0706018B} Microsoft Corporation 2011-10-03 Windows Live Mesh [portuguese (portugal)] 15.4.3502.0922 Unknown {FCDE76CB-989D-4E32-9739-6A272D2B0ED7} Microsoft Corporation 2011-10-03 Windows Live Mesh [romanian] 15.4.3502.0922 Unknown {C08D5964-C42F-48EE-A893-2396F9562A7C} Microsoft Corporation 2011-10-03 Windows Live Mesh [russian] 15.4.3502.0922 Unknown {039480EE-6933-4845-88B8-77FD0C3D059D} Microsoft Corporation 2011-10-03 Windows Live Mesh [slovak] 15.4.3502.0922 Unknown {AD001A69-88CC-4766-B2DB-3C1DFAB9AC72} Microsoft Corporation 2011-10-03 Windows Live Mesh [slovenian] 15.4.3502.0922 Unknown {5CF5B1A5-CBC3-42F0-8533-5A5090665862} Microsoft Corporation 2011-10-03 Windows Live Mesh [spanish (spain, international sort)] 15.4.3502.0922 Unknown {78DAE910-CA72-450E-AD22-772CB1A00678} Microsoft Corporation 2011-10-03 Windows Live Mesh [swedish] 15.4.3502.0922 Unknown {110668B7-54C6-47C9-BAC4-1CE77F156AF5} Microsoft Corporation 2011-10-03 Windows Live Mesh [thai] 15.4.3502.0922 Unknown {AB0B2113-5B96-4B95-8AD1-44613384911F} Microsoft Corporation 2011-10-03 Windows Live Mesh [turkish] 15.4.3502.0922 Unknown {71C95134-F6A9-45E7-B7B3-07CA6012BF2A} Microsoft Corporation 2011-10-03 Windows Live Mesh 15.4.3502.0922 Unknown {DECDCB7C-58CC-4865-91AF-627F9798FE48} Microsoft Corporation 2011-10-03 Windows Live Messenger [arabic] 15.4.3538.0513 Unknown {78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D} Microsoft Corporation 2011-10-03 Windows Live Messenger [bulgarian] 15.4.3538.0513 Unknown {F35DC85A-E96B-496B-ABE7-F04192824856} Microsoft Corporation 2011-10-03 Windows Live Messenger [catalan] 15.4.3538.0513 Unknown {820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE} Microsoft Corporation 2011-10-03 Windows Live Messenger [chinese (traditional, taiwan)] 15.4.3538.0513 Unknown {BAEE89D5-6E87-4F89-9603-A1C100479181} Microsoft Corporation 2011-10-03 Windows Live Messenger [croatian] 15.4.3538.0513 Unknown {F783464C-C7C6-4E9B-AC40-BC90E5414BAF} Microsoft Corporation 2011-10-03 Windows Live Messenger [czech] 15.4.3538.0513 Unknown {F2979AAA-FDD7-4CB3-93BC-5C24D965D679} Microsoft Corporation 2011-10-03 Windows Live Messenger [danish] 15.4.3538.0513 Unknown {4B744C85-DBB1-4038-B989-4721EB22C582} Microsoft Corporation 2011-10-03 Windows Live Messenger [dutch] 15.4.3538.0513 Unknown {48294D95-EE9A-4377-8213-44FC4265FB27} Microsoft Corporation 2011-10-03 Windows Live Messenger [english] 15.4.3538.0513 Unknown {2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24} Microsoft Corporation 2011-10-03 Windows Live Messenger [finnish] 15.4.3538.0513 Unknown {BFC47A0B-D487-4DF0-889E-D6D392DF31E0} Microsoft Corporation 2011-10-03 Windows Live Messenger [french] 15.4.3538.0513 Unknown {AB61A2E9-37D3-485D-9085-19FBDF8CEF4A} Microsoft Corporation 2011-10-03 Windows Live Messenger [german] 15.4.3538.0513 Unknown {1BA1DBDC-5431-46FD-A66F-A17EB1C439EE} Microsoft Corporation 2011-10-03 Windows Live Messenger [greek] 15.4.3538.0513 Unknown {B2E90616-C50D-4B89-A40D-92377AC669E5} Microsoft Corporation 2011-10-03 Windows Live Messenger [hebrew] 15.4.3538.0513 Unknown {C95A5A77-622F-45CA-9540-84468FCB18B1} Microsoft Corporation 2011-10-03 Windows Live Messenger [hungarian] 15.4.3538.0513 Unknown {A7056D45-C63A-4FE4-A69D-FB54EF9B21BB} Microsoft Corporation 2011-10-03 Windows Live Messenger [italian] 15.4.3538.0513 Unknown {6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305} Microsoft Corporation 2011-10-03 Windows Live Messenger [norwegian] 15.4.3538.0513 Unknown {FFFA0584-8E3D-4195-8283-CCA3AD73C746} Microsoft Corporation 2011-10-03 Windows Live Messenger [polish] 15.4.3538.0513 Unknown {E9AD2143-26D5-4201-BED1-19DCC03B407D} Microsoft Corporation 2011-10-03 Windows Live Messenger [portuguese (brazil)] 15.4.3538.0513 Unknown {C9E1343D-E21E-4508-A1BE-04A089EC137D} Microsoft Corporation 2011-10-03 Windows Live Messenger [portuguese (portugal)] 15.4.3538.0513 Unknown {062E4D94-8306-46D5-81B6-45E6AD09C799} Microsoft Corporation 2011-10-03 Windows Live Messenger [romanian] 15.4.3538.0513 Unknown {BD0C3887-64E6-41D8-9A38-BC6F34369352} Microsoft Corporation 2011-10-03 Windows Live Messenger [russian] 15.4.3538.0513 Unknown {CBFD061C-4B27-4A89-ADD8-210316EEFA11} ?????????? ?????????? 2011-10-03 Windows Live Messenger [slovak] 15.4.3538.0513 Unknown {A3389C72-1782-4BB4-BBAA-33345DE52E3F} Microsoft Corporation 2011-10-03 Windows Live Messenger [slovenian] 15.4.3538.0513 Unknown {2F54E453-8C93-4B3B-936A-233C909E6CAC} Microsoft Corporation 2011-10-03 Windows Live Messenger [spanish (spain, international sort)] 15.4.3538.0513 Unknown {8FF3891F-01B5-4A71-BFCD-20761890471C} Microsoft Corporation 2011-10-03 Windows Live Messenger [swedish] 15.4.3538.0513 Unknown {6A67578E-095B-4661-88F7-0B199CEC3371} Microsoft Corporation 2011-10-03 Windows Live Messenger [thai] 15.4.3538.0513 Unknown {542DA303-FB91-4731-9F37-6E518368D3B9} Microsoft Corporation 2011-10-03 Windows Live Messenger [turkish] 15.4.3538.0513 Unknown {443B561F-DE1B-4DEF-ADD9-484B684653C7} Microsoft Corporation 2011-10-03 Windows Live Messenger 15.4.3538.0513 Unknown {E5B21F11-6933-4E0B-A25C-7963E3C07D11} Microsoft Corporation 2011-10-03 Windows Live MIME IFilter 15.4.3502.0922 Unknown {DA54F80E-261C-41A2-A855-549A144F2F59} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [arabic] 15.4.3502.0922 Unknown {FF105207-8423-4E13-B0B1-50753170B245} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [bulgarian] 15.4.3502.0922 Unknown {7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [catalan] 15.4.3502.0922 Unknown {71527C7C-5289-4CB2-88C9-23344C0FF6C1} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [chinese (traditional, taiwan)] 15.4.3502.0922 Unknown {6CB36609-E3A6-446C-A3C1-C71E311D2B9C} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [croatian] 15.4.3502.0922 Unknown {FF737490-5A2D-4269-9D82-97DB2F7C0B09} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [czech] 15.4.3502.0922 Unknown {64B2D6B3-71AC-45A7-A6A1-2E07ABF58341} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [danish] 15.4.3502.0922 Unknown {DB1208F4-B2FE-44E9-BFE6-8824DBD7891B} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [dutch] 15.4.3502.0922 Unknown {CB7224D9-6DCA-43F1-8F83-6B1E39A00F92} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [english] 15.4.3502.0922 Unknown {19BA08F7-C728-469C-8A35-BFBD3633BE08} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [finnish] 15.4.3502.0922 Unknown {6EF2BE2C-3121-48B7-B7A6-C56046B3A588} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [french] 15.4.3502.0922 Unknown {6DEC8BD5-7574-47FA-B080-492BBBE2FEA3} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [german] 15.4.3502.0922 Unknown {E4E88B54-4777-4659-967A-2EED1E6AFD83} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [greek] 15.4.3502.0922 Unknown {BF022D76-9F72-4203-B8FA-6522DC66DFDA} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [hebrew] 15.4.3502.0922 Unknown {9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [hungarian] 15.4.3502.0922 Unknown {60C3C026-DB53-4DAB-8B97-7C1241F9A847} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [italian] 15.4.3502.0922 Unknown {FF3DFA01-1E98-46B4-A065-DA8AD47C9598} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [norwegian] 15.4.3502.0922 Unknown {CD442136-9115-4236-9C14-278F6A9DCB3F} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [polish] 15.4.3502.0922 Unknown {F80E5450-3EF3-4270-B26C-6AC53BEC5E76} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [portuguese (brazil)] 15.4.3502.0922 Unknown {A199DB88-E22D-4CE7-90AC-B8BE396D7BF4} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [portuguese (portugal)] 15.4.3502.0922 Unknown {DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [romanian] 15.4.3502.0922 Unknown {7AF8E500-B349-4A77-8265-9854E9A47925} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [russian] 15.4.3502.0922 Unknown {7465A996-0FCA-4D2D-A52C-F833B0829B5B} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [slovak] 15.4.3502.0922 Unknown {FB3D07AE-73D0-47A9-AC12-6F50BF8B6202} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [slovenian] 15.4.3502.0922 Unknown {A101F637-2E56-42C0-8E08-F1E9086BFAF3} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [spanish (spain, international sort)] 15.4.3502.0922 Unknown {5D273F60-0525-48BA-A5FB-D0CAA4A952AE} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [swedish] 15.4.3502.0922 Unknown {133D9D67-D475-4407-AC3C-D558087B2453} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [thai] 15.4.3502.0922 Unknown {DDC1E1BD-7615-4186-89E1-F5F43F9B6491} Microsoft Corporation 2011-10-03 Windows Live Movie Maker [turkish] 15.4.3502.0922 Unknown {640798A0-A4FB-4C52-AC72-755134767F1E} Microsoft Corporation 2011-10-03 Windows Live Movie Maker 15.4.3502.0922 Unknown {92EA4134-10D1-418A-91E1-5A0453131A38} Microsoft Corporation 2011-10-03 Windows Live Photo Common [arabic] 15.4.3502.0922 Unknown {4D83F339-5A5C-4B21-8FD3-5D407B981E72} Microsoft Corporation 2011-10-03 Windows Live Photo Common [bulgarian] 15.4.3502.0922 Unknown {BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E} Microsoft Corporation 2011-10-03 Windows Live Photo Common [catalan] 15.4.3502.0922 Unknown {F0F5D89A-197C-495B-827E-3E98B811CD2E} Microsoft Corporation 2011-10-03 Windows Live Photo Common [chinese (traditional, taiwan)] 15.4.3502.0922 Unknown {29373E24-AC72-424E-8F2A-FB0F9436F21F} Microsoft Corporation 2011-10-03 Windows Live Photo Common [croatian] 15.4.3502.0922 Unknown {073F306D-9851-4969-B828-7B6444D07D55} Microsoft Corporation 2011-10-03 Windows Live Photo Common [czech] 15.4.3502.0922 Unknown {78906B56-0E81-42A7-AC25-F54C946E1538} Microsoft Corporation 2011-10-03 Windows Live Photo Common [dutch] 15.4.3502.0922 Unknown {9BD262D0-B788-4546-A0A5-F4F56EC3834B} Microsoft Corporation 2011-10-03 Windows Live Photo Common [english] 15.4.3502.0922 Unknown {D436F577-1695-4D2F-8B44-AC76C99E0002} Microsoft Corporation 2011-10-03 Windows Live Photo Common [finnish] 15.4.3502.0922 Unknown {CD7CB1E6-267A-408F-877D-B532AD2C882E} Microsoft Corporation 2011-10-03 Windows Live Photo Common [french] 15.4.3502.0922 Unknown {C893D8C0-1BA0-4517-B11C-E89B65E72F70} Microsoft Corporation 2011-10-03 Windows Live Photo Common [german] 15.4.3502.0922 Unknown {C2AB7DC4-489E-4BE9-887A-52262FBADBE0} Microsoft Corporation 2011-10-03 Windows Live Photo Common [greek] 15.4.3502.0922 Unknown {ADFE4AED-7F8E-4658-8D6E-742B15B9F120} Microsoft Corporation 2011-10-03 Windows Live Photo Common [hebrew] 15.4.3502.0922 Unknown {B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D} Microsoft Corporation 2011-10-03 Windows Live Photo Common [hungarian] 15.4.3502.0922 Unknown {84267681-BF16-40B6-9564-27BC57D7D71C} Microsoft Corporation 2011-10-03 Windows Live Photo Common [italian] 15.4.3502.0922 Unknown {73FC3510-6421-40F7-9503-EDAE4D0CF70D} Microsoft Corporation 2011-10-03 Windows Live Photo Common [norwegian] 15.4.3502.0922 Unknown {7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F} Microsoft Corporation 2011-10-03 Windows Live Photo Common [polish] 15.4.3502.0922 Unknown {0654EA5D-308A-4196-882B-5C09744A5D81} Microsoft Corporation 2011-10-03 Windows Live Photo Common [portuguese (brazil)] 15.4.3502.0922 Unknown {B33B61FE-701F-425F-98AB-2B85725CBF68} Microsoft Corporation 2011-10-03 Windows Live Photo Common [portuguese (portugal)] 15.4.3502.0922 Unknown {370F888E-42A7-4911-9E34-7D74632E17EB} Microsoft Corporation 2011-10-03 Windows Live Photo Common [romanian] 15.4.3502.0922 Unknown {7D0DE76C-874E-4BDE-A204-F4240160693E} Microsoft Corporation 2011-10-03 Windows Live Photo Common [russian] 15.4.3502.0922 Unknown {168E7302-890A-4138-9109-A225ACAF7AD1} Microsoft Corporation 2011-10-03 Windows Live Photo Common [slovak] 15.4.3502.0922 Unknown {6F37D92B-41AA-44B7-80D2-457ABDE11896} Microsoft Corporation 2011-10-03 Windows Live Photo Common [slovenian] 15.4.3502.0922 Unknown {6B556C37-8919-4991-AC34-93D018B9EA49} Microsoft Corporation 2011-10-03 Windows Live Photo Common [spanish (spain, international sort)] 15.4.3502.0922 Unknown {A41A708E-3BE6-4561-855D-44027C1CF0F8} Microsoft Corporation 2011-10-03 Windows Live Photo Common [swedish] 15.4.3502.0922 Unknown {28B9D2D8-4304-483F-AD71-51890A063A74} Microsoft Corporation 2011-10-03 Windows Live Photo Common [thai] 15.4.3502.0922 Unknown {7C2A3479-A5A0-412B-B0E6-6D64CBB9B251} Microsoft Corporation 2011-10-03 Windows Live Photo Common [turkish] 15.4.3502.0922 Unknown {85373DA7-834E-4850-8AF5-1D99F7526857} Microsoft Corporation 2011-10-03 Windows Live Photo Common 15.4.3502.0922 Unknown {A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Microsoft Corporation 2011-10-03 Windows Live Photo Gallery [danish] 15.4.3502.0922 Unknown {429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA} Microsoft Corporation 2011-10-03 Windows Live Photo Gallery [danish] 15.4.3502.0922 Unknown {CF671BFE-6BA3-44E7-98C1-500D9C51D947} Microsoft Corporation 2011-10-03 Windows Live Photo Gallery [dutch] 15.4.3502.0922 Unknown {A60B3BF0-954B-42AF-B8D8-2C1D34B613AA} Microsoft Corporation 2011-10-03 Windows Live Photo Gallery [english] 15.4.3502.0922 Unknown {34F4D9A4-42C2-4348-BEF4-E553C84549E7} Microsoft Corporation 2011-10-03 Windows Live Photo Gallery [swedish] 15.4.3502.0922 Unknown {885F1BCD-C344-4758-85BD-09640CF449A5} Microsoft Corporation 2011-10-03 Windows Live Photo Gallery [thai] 15.4.3502.0922 Unknown {861B1145-7762-4794-B40C-3FF0A389DFE6} Microsoft Corporation 2011-10-03 Windows Live Photo Gallery 15.4.3502.0922 Unknown {3336F667-9049-4D46-98B6-4C743EEBC5B1} Microsoft Corporation 2011-10-03 Windows Live PIMT Platform 15.4.3508.1109 Unknown {83C292B7-38A5-440B-A731-07070E81A64F} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [arabic] 15.4.5722.2 Unknown {FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [bulgarian] 15.4.5722.2 Unknown {ED421F97-E1C3-4E78-9F54-A53888215D58} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [catalan] 15.4.5722.2 Unknown {702A632F-99CE-4E2D-B8F2-BF980E9CF62F} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [chinese (traditional, taiwan)] 15.4.5722.2 Unknown {825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [croatian] 15.4.5722.2 Unknown {B680A663-1A15-47A5-A07C-7DF9A97558B7} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [czech] 15.4.5722.2 Unknown {3921492E-82D2-4180-8124-E347AD2F2DB4} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [danish] 15.4.5722.2 Unknown {850B8072-2EA7-4EDC-B930-7FE569495E76} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [dutch] 15.4.5722.2 Unknown {C9F05151-95A9-4B9B-B534-1760E2D014A5} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [english] 15.4.5722.2 Unknown {847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [finnish] 15.4.5722.2 Unknown {2C1A6191-9804-4FDC-AB01-6F9183C91A13} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [french] 15.4.5722.2 Unknown {B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [german] 15.4.5722.2 Unknown {D5876F0A-B2E9-4376-B9F5-CD47B7B8D820} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [greek] 15.4.5722.2 Unknown {DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [hebrew] 15.4.5722.2 Unknown {B0BF8602-EA52-4B0A-A2BD-EDABB0977030} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [hungarian] 15.4.5722.2 Unknown {2F304EF4-0C31-47F4-8557-0641AAE4197C} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [italian] 15.4.5722.2 Unknown {8970AE69-40BE-4058-9916-0ACB1B974A3D} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [norwegian] 15.4.5722.2 Unknown {A060182D-CDBE-4AD6-B9B4-860B435D6CBD} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [polish] 15.4.5722.2 Unknown {2426E29F-9E8C-4C0B-97FC-0DB690C1ED98} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [portuguese (brazil)] 15.4.5722.2 Unknown {CFF3C688-2198-4BC3-A399-598226949C39} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [portuguese (portugal)] 15.4.5722.2 Unknown {692CCE55-9EAE-4F57-A834-092882E7FE0B} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [romanian] 15.4.5722.2 Unknown {22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [russian] 15.4.5722.2 Unknown {C504EC13-E122-4939-BD6E-EE5A3BAA5FEC} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [slovak] 15.4.5722.2 Unknown {5F44A3A1-5D24-4708-8776-66B42B174C64} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [slovenian] 15.4.5722.2 Unknown {456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [spanish (spain, international sort)] 15.4.5722.2 Unknown {8EB588BD-D398-40D0-ADF7-BE1CEEF7C116} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [swedish] 15.4.5722.2 Unknown {4C2E49C0-9276-4324-841D-774CCCE5DB48} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [thai] 15.4.5722.2 Unknown {5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E} Microsoft Corporation 2011-10-03 Windows Live Remote Client Resources [turkish] 15.4.5722.2 Unknown {D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66} Microsoft Corporation 2011-10-03 Windows Live Remote Client 15.4.5722.2 Unknown {DF6D988A-EEA0-4277-AAB8-158E086E439B} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [arabic] 15.4.5722.2 Unknown {EFB20CF5-1A6D-41F3-8895-223346CE6291} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [bulgarian] 15.4.5722.2 Unknown {9E9C960F-7F47-46D5-A95D-950B354DE2B8} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [catalan] 15.4.5722.2 Unknown {1553D712-B35F-4A82-BC72-D6B11A94BE3E} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [chinese (traditional, taiwan)] 15.4.5722.2 Unknown {FAA3933C-6F0D-4350-B66B-9D7F7031343E} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [croatian] 15.4.5722.2 Unknown {97A295A7-8840-4B35-BB61-27A8F4512CA3} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [czech] 15.4.5722.2 Unknown {34384A2A-2CA2-4446-AB0E-1F360BA2AAC5} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [danish] 15.4.5722.2 Unknown {F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [dutch] 15.4.5722.2 Unknown {6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [english] 15.4.5722.2 Unknown {656DEEDE-F6AC-47CA-A568-A1B4E34B5760} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [finnish] 15.4.5722.2 Unknown {1685AE50-97ED-485B-80F6-145071EE14B0} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [french] 15.4.5722.2 Unknown {5E2CD4FB-4538-4831-8176-05D653C3E6D4} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [german] 15.4.5722.2 Unknown {D930AF5C-5193-4616-887D-B974CEFC4970} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [greek] 15.4.5722.2 Unknown {19F09425-3C20-4730-9E2A-FC2E17C9F362} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [hebrew] 15.4.5722.2 Unknown {0919C44F-F18A-4E3B-A737-03685272CE72} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [hungarian] 15.4.5722.2 Unknown {5151E2DB-0748-4FD1-86A2-72E2F94F8BE7} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [italian] 15.4.5722.2 Unknown {5FEAD3E5-A158-4B66-B92B-0C959D7CF838} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [norwegian] 15.4.5722.2 Unknown {7AEC844D-448A-455E-A34E-E1032196BBCD} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [polish] 15.4.5722.2 Unknown {480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [portuguese (brazil)] 15.4.5722.2 Unknown {A508D5A2-3AC1-4594-A718-A663D6D3CF11} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [portuguese (portugal)] 15.4.5722.2 Unknown {1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [romanian] 15.4.5722.2 Unknown {61407251-7F7D-4303-810D-226A04D5CFF3} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [russian] 15.4.5722.2 Unknown {17A4FD95-A507-43F1-BC92-D8572AF8340A} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [slovak] 15.4.5722.2 Unknown {5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [slovenian] 15.4.5722.2 Unknown {D3E4F422-7E0F-49C7-8B00-F42490D7A385} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [spanish (spain, international sort)] 15.4.5722.2 Unknown {A679FBE4-BA2D-4514-8834-030982C8B31A} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [swedish] 15.4.5722.2 Unknown {57F2BD1C-14A3-4785-8E48-2075B96EB2DF} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [thai] 15.4.5722.2 Unknown {350FD0E7-175A-4F86-84EF-05B77FCD7161} Microsoft Corporation 2011-10-03 Windows Live Remote Service Resources [turkish] 15.4.5722.2 Unknown {6C9D3F1D-DBBE-46F9-96A0-726CC72935AF} Microsoft Corporation 2011-10-03 Windows Live Remote Service 15.4.5722.2 Unknown {E02A6548-6FDE-40E2-8ED9-119D7D7E641F} Microsoft Corporation 2011-10-03 Windows Live SOXE Definitions 15.4.3502.0922 Unknown {200FEC62-3C34-4D60-9CE8-EC372E01C08F} Microsoft Corporation 2011-10-03 Windows Live SOXE 15.4.3502.0922 Unknown {682B3E4F-696A-42DE-A41C-4C07EA1678B4} Microsoft Corporation 2011-10-03 Windows Live Temel Parçalar [turkish] 15.4.3502.0922 Unknown {1203DC60-D9BD-44F9-B372-2B8F227E6094} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [arabic] 15.4.3508.1109 Unknown {128133D3-037A-4C62-B1B7-55666A10587A} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [bulgarian] 15.4.3508.1109 Unknown {4C378B16-46B7-4DA1-A2CE-2EE676F74680} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [catalan] 15.4.3508.1109 Unknown {5495E9A4-501A-4D4C-87C9-E80916CA9478} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [chinese (traditional, taiwan)] 15.4.3508.1109 Unknown {D299197D-CDEA-41A6-A363-F532DE4114FD} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [croatian] 15.4.3508.1109 Unknown {EA777812-4905-4C08-8F6E-13BDCC734609} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [czech] 15.4.3508.1109 Unknown {1DA6D447-C54D-4833-84D4-3EA31CAECE9B} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [danish] 15.4.3508.1109 Unknown {E5DD4723-FE0B-436E-A815-DC23CF902A0B} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [dutch] 15.4.3508.1109 Unknown {D6F25CF9-4E87-43EB-B324-C12BE9CDD668} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [english] 15.4.3508.1109 Unknown {579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [finnish] 15.4.3508.1109 Unknown {8CF5D47D-27B7-49D6-A14F-10550B92749D} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [french] 15.4.3508.1109 Unknown {05E379CC-F626-4E7D-8354-463865B303BF} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [german] 15.4.3508.1109 Unknown {37B33B16-2535-49E7-8990-32668708A0A3} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [greek] 15.4.3508.1109 Unknown {74E8A7F6-575D-42C7-9178-E87D1B3BEFE8} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [hebrew] 15.4.3508.1109 Unknown {2C4E06CC-1F04-4C25-8B3C-93A9049EC42C} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [hungarian] 15.4.3508.1109 Unknown {09922FFE-D153-44AE-8B60-EA3CB8088F93} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [italian] 15.4.3508.1109 Unknown {40BFD84C-64CD-42CC-9909-8734C50429C6} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [norwegian] 15.4.3508.1109 Unknown {24DF33E0-F924-4D0D-9B96-11F28F0D602D} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [polish] 15.4.3508.1109 Unknown {0C1931EB-8339-4837-8BEC-75029BF42734} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [portuguese (brazil)] 15.4.3508.1109 Unknown {DF71ABBB-B834-41C0-BB58-80B0545D754C} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [portuguese (portugal)] 15.4.3508.1109 Unknown {506FC723-8E6C-4417-9CFF-351F99130425} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [romanian] 15.4.3508.1109 Unknown {F4BEA6C1-AAC3-4810-AAEA-588E26E0F237} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [russian] 15.4.3508.1109 Unknown {6A4ABCDC-0A49-4132-944E-01FBCCB3465C} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [slovak] 15.4.3508.1109 Unknown {5E627606-53B9-42D1-97E1-D03F6229E248} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [slovenian] 15.4.3508.1109 Unknown {4D141929-141B-4605-95D6-2B8650C1C6DA} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [spanish (spain, international sort)] 15.4.3508.1109 Unknown {77477AEA-5757-47D8-8B33-939F43D82218} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [swedish] 15.4.3508.1109 Unknown {220C7F8C-929D-4F71-9DC7-F7A6823B38E4} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [thai] 15.4.3508.1109 Unknown {7327080F-6673-421F-BBD9-B618F357EEB3} Microsoft Corporation 2011-10-03 Windows Live UX Platform Language Pack [turkish] 15.4.3508.1109 Unknown {523DF2BB-3A85-4047-9898-29DC8AEB7E69} Microsoft Corporation 2011-10-03 Windows Live UX Platform 15.4.3502.0922 Unknown {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Microsoft Corporation 2011-10-03 Windows Live Writer [arabic] 15.4.3502.0922 Unknown {1A82AE99-84D3-486D-BAD6-675982603E14} Microsoft Corporation 2011-10-03 Windows Live Writer [bulgarian] 15.4.3502.0922 Unknown {C1C9D199-B4DD-4895-92DD-9A726A2FE341} Microsoft Corporation 2011-10-03 Windows Live Writer [catalan] 15.4.3502.0922 Unknown {0557BBDA-69D3-4FA4-A93C-A5300F7034B4} Microsoft Corporation 2011-10-03 Windows Live Writer [chinese (traditional, taiwan)] 15.4.3502.0922 Unknown {E62E0550-C098-43A2-B54B-03FB1E634483} Microsoft Corporation 2011-10-03 Windows Live Writer [croatian] 15.4.3502.0922 Unknown {69C9C672-400A-43A0-B2DE-9DB38C371282} Microsoft Corporation 2011-10-03 Windows Live Writer [czech] 15.4.3502.0922 Unknown {4264C020-850B-4F08-ACBE-98205D9C336C} Microsoft Corporation 2011-10-03 Windows Live Writer [danish] 15.4.3502.0922 Unknown {E8524B28-3BBB-4763-AC83-0E83FE31C350} Microsoft Corporation 2011-10-03 Windows Live Writer [dutch] 15.4.3502.0922 Unknown {7E017923-16F8-4E32-94EF-0A150BD196FE} Microsoft Corporation 2011-10-03 Windows Live Writer [english] 15.4.3502.0922 Unknown {AAF454FC-82CA-4F29-AB31-6A109485E76E} Microsoft Corporation 2011-10-03 Windows Live Writer [finnish] 15.4.3502.0922 Unknown {DA29F644-2420-4448-8128-1331BE588999} Microsoft Corporation 2011-10-03 Windows Live Writer [french] 15.4.3502.0922 Unknown {3B9A92DA-6374-4872-B646-253F18624D5F} Microsoft Corporation 2011-10-03 Windows Live Writer [german] 15.4.3502.0922 Unknown {859D4022-B76D-40DE-96EF-C90CDA263F44} Microsoft Corporation 2011-10-03 Windows Live Writer [greek] 15.4.3502.0922 Unknown {4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F} Microsoft Corporation 2011-10-03 Windows Live Writer [hebrew] 15.4.3502.0922 Unknown {804DE397-F82C-4867-9085-E0AA539A3294} Microsoft Corporation 2011-10-03 Windows Live Writer [hungarian] 15.4.3502.0922 Unknown {1FC83EAE-74C8-4C72-8400-2D8E40A017DE} Microsoft Corporation 2011-10-03 Windows Live Writer [italian] 15.4.3502.0922 Unknown {DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501} Microsoft Corporation 2011-10-03 Windows Live Writer [norwegian] 15.4.3502.0922 Unknown {25CD4B12-8CC5-433E-B723-C9CB41FA8C5A} Microsoft Corporation 2011-10-03 Windows Live Writer [polish] 15.4.3502.0922 Unknown {E55E0C35-AC3C-4683-BA2F-834348577B80} Microsoft Corporation 2011-10-03 Windows Live Writer [portuguese (brazil)] 15.4.3502.0922 Unknown {B3BE54A4-8DFE-4593-8E66-56AB7133B812} Microsoft Corporation 2011-10-03 Windows Live Writer [portuguese (portugal)] 15.4.3502.0922 Unknown {198EA334-8A3F-4CB2-9D61-6C10B8168A6F} Microsoft Corporation 2011-10-03 Windows Live Writer [romanian] 15.4.3502.0922 Unknown {2BA5FD10-653F-4CAF-9CCD-F685082A1DC1} Microsoft Corporation 2011-10-03 Windows Live Writer [russian] 15.4.3502.0922 Unknown {CDC39BF2-9697-4959-B893-A2EE05EF6ACB} Microsoft Corporation 2011-10-03 Windows Live Writer [slovak] 15.4.3502.0922 Unknown {11778DA1-0495-4ED9-972F-F9E0B0367CD5} Microsoft Corporation 2011-10-03 Windows Live Writer [slovenian] 15.4.3502.0922 Unknown {1D6C2068-807F-4B76-A0C2-62ED05656593} Microsoft Corporation 2011-10-03 Windows Live Writer [spanish (spain, international sort)] 15.4.3502.0922 Unknown {48C0DC5E-820A-44F2-890E-29B68EDD3C78} Microsoft Corporation 2011-10-03 Windows Live Writer [swedish] 15.4.3502.0922 Unknown {DCAB6BA7-6533-44BF-9235-E5BF33B7431C} Microsoft Corporation 2011-10-03 Windows Live Writer [thai] 15.4.3502.0922 Unknown {5DA7D148-D2D2-4C67-8444-2F0F9BD88A06} Microsoft Corporation 2011-10-03 Windows Live Writer [turkish] 15.4.3502.0922 Unknown {71A81378-79D5-40CC-9BDC-380642D1A87F} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [arabic] 15.4.3502.0922 Unknown {F52C5BE7-3F57-464E-8A54-908402E43CE8} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [bulgarian] 15.4.3502.0922 Unknown {458F399F-62AC-4747-99F5-499BBF073D29} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [catalan] 15.4.3502.0922 Unknown {7D926AD2-16D6-42C2-8CA1-AB09E96040BA} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [chinese (traditional, taiwan)] 15.4.3502.0922 Unknown {6807427D-8D68-4D30-AF5B-0B38F8F948C8} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [croatian] 15.4.3502.0922 Unknown {B7B67AA5-12DA-4F01-918D-B1BF66779D8A} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [czech] 15.4.3502.0922 Unknown {AB78C965-5C67-409B-8433-D7B5BDB12073} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [danish] 15.4.3502.0922 Unknown {E9D98402-21AB-4E9F-BF6B-47AF36EF7E97} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [dutch] 15.4.3502.0922 Unknown {14B441B7-774D-4170-98EA-A13667AE6218} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [english] 15.4.3502.0922 Unknown {DDC8BDEE-DCAC-404D-8257-3E8D4B782467} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [finnish] 15.4.3502.0922 Unknown {734104DE-C2BF-412F-BB97-FCCE1EC94229} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [french] 15.4.3502.0922 Unknown {62687B11-58B5-4A18-9BC3-9DF4CE03F194} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [german] 15.4.3502.0922 Unknown {1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [greek] 15.4.3502.0922 Unknown {C29FC15D-E84B-4EEC-8505-4DED94414C59} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [hebrew] 15.4.3502.0922 Unknown {2511AAD7-82DF-4B97-B0B3-E1B933317010} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [hungarian] 15.4.3502.0922 Unknown {5275D81E-83AD-4DE4-BC2B-6E6BA3A33244} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [italian] 15.4.3502.0922 Unknown {93E464B3-D075-4989-87FD-A828B5C308B1} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [norwegian] 15.4.3502.0922 Unknown {2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [polish] 15.4.3502.0922 Unknown {26E3C07C-7FF7-4362-9E99-9E49E383CF16} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [portuguese (brazil)] 15.4.3502.0922 Unknown {4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [portuguese (portugal)] 15.4.3502.0922 Unknown {DE8F99FD-2FC7-4C98-AA67-2729FDE1F040} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [romanian] 15.4.3502.0922 Unknown {5D2E7BD7-4B6F-4086-BA8A-E88484750624} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [russian] 15.4.3502.0922 Unknown {7FF11E53-C002-4F40-8D68-6BE751E5DD62} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [slovak] 15.4.3502.0922 Unknown {7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [slovenian] 15.4.3502.0922 Unknown {7E90B133-FF47-48BB-91B8-36FC5A548FE9} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [spanish (spain, international sort)] 15.4.3502.0922 Unknown {E727A662-AF9F-4DEE-81C5-F4A1686F3DFC} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [swedish] 15.4.3502.0922 Unknown {69CAC24D-B1DC-4B97-A1BE-FE21843108FE} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [thai] 15.4.3502.0922 Unknown {D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE} Microsoft Corporation 2011-10-03 Windows Live Writer Resources [turkish] 15.4.3502.0922 Unknown {3125D9DE-8D7A-4987-95F3-8A42389833D8} Microsoft Corporation 2011-10-03 Windows Live Writer 15.4.3502.0922 Unknown {A726AE06-AAA3-43D1-87E3-70F510314F04} Microsoft Corporation 2011-10-03 Windows Live Writer 15.4.3502.0922 Unknown {AAAFC670-569B-4A2F-82B4-42945E0DE3EF} Microsoft Corporation 2011-10-03 Windows Liven asennustyökalu [finnish] 15.4.3502.0922 Unknown {8909CFA8-97BF-4077-AC0F-6925243FFE08} Microsoft Corporation 2011-10-03 Windows Liven sähköposti [finnish] 15.4.3502.0922 Unknown {0C975FCC-A06E-4CB6-8F54-A9B52CF37781} Microsoft Corporation 2011-10-03 Windows Liven valokuvavalikoima [finnish] 15.4.3502.0922 Unknown {1A72337E-D126-4BAF-AC89-E6122DB71866} Microsoft Corporation 2011-10-03 Windows Media Player Firefox Plugin 1.0.0.8 Unknown {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Microsoft Corp 2012-11-29 WinRAR 4.20 (32-bit) 4.20.0 Unknown WinRAR archiver win.rar GmbH Zuma Deluxe 2.2.0.95 Unknown WTA-3641f0f3-8a99-45a3-9b40-59cf6838b2e6 WildTangent --------[ Licenses ]---------------------------------------------------------------------------------------------------- Ahead Nero 2M0M-K0CC-7353-1KE3-A3CL-HP88-AW2X-T02E-412P-6Z4U-5L66-X9C5-2W2Z-0L09-M69L-5U07-K5L1-45XH-3T47-0P2E-272W-605L-4Z8Z-334U-0P79-A104 Microsoft Internet Explorer 9.0.8112.16421 VQB3X-Q3KP8-WJ2H8-R6B6D-7QJB7 Microsoft Office Ultimate 2007 J67F8-BB7GM-8VPH2-8YMXP-K49QQ Microsoft Windows 7 Home Premium VQB3X-Q3KP8-WJ2H8-R6B6D-7QJB7 --------[ File Types ]-------------------------------------------------------------------------------------------------- 386 Virtual Device Driver 3G2 3GPP2 Audio/Video video/3gpp2 3GP 3GPP Audio/Video video/3gpp 3GP2 3GPP2 Audio/Video video/3gpp2 3GPP 3GPP Audio/Video video/3gpp 669 Composer 669 Module 7Z WinRAR archive AA Audible Audiobooks AC3 AC3 Audio ACCDA Microsoft Office Access Add-in application/msaccess ACCDB Microsoft Office Access 2007 Database application/msaccess ACCDC Microsoft Office Access Signed Package application/msaccess ACCDE Microsoft Office Access ACCDE Database application/msaccess ACCDR Microsoft Office Access Runtime Application application/msaccess ACCDT Microsoft Office Access Template application/msaccess ACCDU Microsoft Office Access Add-in Data ACCDW ACCDW File ACE WinRAR archive ACL AutoCorrect List File ACROBATSECURITYSETTINGS Adobe Acrobat Security Settings Document application/vnd.adobe.acrobat-security-settings ADE Microsoft Office Access Project Extension application/msaccess ADN Microsoft Office Access Blank Project Template ADP Microsoft Office Access Project application/msaccess ADT ADTS Audio audio/vnd.dlna.adts ADTS ADTS Audio audio/vnd.dlna.adts AGATHACHRISTIEDEATHNILESAVEDGAME AGATHACHRISTIEDEATHNILESAVEDGAME File AIF AIFF Format Sound audio/aiff AIFC AIFF Format Sound audio/aiff AIFF AIFF Format Sound audio/aiff AMF DSMI AMF Module AMR AMR Narrow-Band Content ANI Animated Cursor API API File APPLICATION Application Manifest application/x-ms-application APPREF-MS Application Reference ARJ WinRAR archive ASA ASA File ASF Windows Media Audio/Video file video/x-ms-asf ASP ASP File ASX Windows Media Audio/Video playlist video/x-ms-asf AU AU Format Sound audio/basic AVI Video Clip video/avi AVR Audio Visual Research File AVS AVISynth AW Answer Wizard File AWB AMR Wide-Band Content B4S Winamp playlist file BAT Windows Batch File BEJEWELED2DELUXESAVEDGAME BEJEWELED2DELUXESAVEDGAME File BIOEXCESS MyWinLocker Protected File BLG Performance Monitor File BLOGTHIS Windows Live Writer BlogThis data file application/x-blogthis BMP Windows Bitmap Image image/bmp BMPENX MyWinLocker Protected File BSF AVC Blu-ray Disc video BUP Backup File of the IFO BZ WinRAR archive BZ2 WinRAR archive C2R C2R File CAB WinRAR archive CAF Apple Core Audio Format CAMP WCS Viewing Condition Profile CAT Security Catalog application/vnd.ms-pki.seccat CDC Nero CD Cover Document CDMP WCS Device Profile CDX CDX File CER Security Certificate application/x-x509-ca-cert CHESSTITANSSAVE-MS .ChessTitansSave-ms CHK Recovered File Fragments CHM Compiled HTML Help file CHUZZLEDELUXESAVEDGAME CHUZZLEDELUXESAVEDGAME File CLSJ CLSJ File CMD Windows Command Script COM MS-DOS Application COMFYCAKESSAVE-MS .ComfyCakesSave-ms COMPOSITEFONT Composite Font File CONTACT Contact File text/x-ms-contact CPL Control Panel Item CRAZYCHICKENKART2SAVEDGAME CRAZYCHICKENKART2SAVEDGAME File CRD Information Card CRDS Information Card Store CRL Certificate Revocation List application/pkix-crl CRT Security Certificate application/x-x509-ca-cert CRTX Microsoft Office Chart Template CSS Cascading Style Sheet Document text/css CSV Microsoft Office Excel Comma Separated Values File application/vnd.ms-excel CSVENX MyWinLocker Protected File CUE Image Files CUR Cursor CUT Dr. Halo Image DAT Video CD Movie DB Data Base File DDS DirectDraw Surface Image DER Security Certificate application/x-x509-ca-cert DESKLINK Desktop Shortcut DET Office Data File DIAGCAB Diagnostic Cabinet DIAGCFG Diagnostic Configuration DIAGPKG Diagnostic Document DIB Device Independent Bitmap image/bmp DIC Text Document DIVX DivX Video ICM.DIV6 DLL Application Extension application/x-msdownload DOC Microsoft Office Word 97 - 2003 Document application/msword DOCENX MyWinLocker Protected File DOCHTML Microsoft Word HTML Document DOCM Microsoft Office Word Macro-Enabled Document application/vnd.ms-word.document.macroEnabled.12 DOCMENX MyWinLocker Protected File DOCMHTML DOCMHTML File DOCX Microsoft Office Word Document application/vnd.openxmlformats-officedocument.wordprocessingml.document DOCXENX MyWinLocker Protected File DOCXML Microsoft Word XML Document DOT Microsoft Office Word 97 - 2003 Template application/msword DOTHTML Microsoft Word HTML Template DOTM Microsoft Office Word Macro-Enabled Template application/vnd.ms-word.template.macroEnabled.12 DOTX Microsoft Office Word Template application/vnd.openxmlformats-officedocument.wordprocessingml.template DQY Microsoft Office Excel ODBC Query files DRV Device Driver DSN Microsoft OLE DB Provider for ODBC Drivers DV Digital Video Movie DVR Microsoft Recorded TV Show DVR-MS Windows Movie DWFX XPS Document model/vnd.dwfx+xps EASMX XPS Document model/vnd.easmx+xps EDRWX XPS Document model/vnd.edrwx+xps EGISENC MyWinLocker Protected File EGISENX MyWinLocker Protected File ELM Microsoft Office Themes File EMF EMF File EML Windows Live Mail Mail Message message/rfc822 EMPTYBINARYREGISTRY URL:OneNote Protocol ENC MyWinLocker Protected File ENX MyWinLocker Protected File EPF Exchange Certificate File EPRTX XPS Document model/vnd.eprtx+xps ESOBI eSobi application/x-esobi EVR Qualcomm Enhanced Variable Rate audio/evrc-qcp EVRC Qualcomm Enhanced Variable Rate audio/evrc-qcp EVT EVT File EVTX EVTX File EXC Text Document EXE Application application/x-msdownload FAD Office Data File FAR Farandole Composer Module FATESAVEDGAME FATESAVEDGAME File FDF Adobe Acrobat Forms Document application/vnd.fdf FDM Microsoft Office Outlook Form Definition FINALDRIVENITROSAVEDGAME FINALDRIVENITROSAVEDGAME File FLAC Free Losless Audio Codec FLV Flash Video video/x-flv FON Font file FREECELLSAVE-MS .FreeCellSave-ms GADGET Windows Gadget GCSX Microsoft Office SmartArt Graphic Color Variation GFS Microsoft Office Groove Remote File GIF Graphics Interchange Format Image image/gif GIFENX MyWinLocker Protected File GLK Microsoft Office Groove Shortcut GLOX Microsoft Office SmartArt Graphic Layout GMMP WCS Gamut Mapping Profile GQSX Microsoft Office SmartArt Graphic Quick Style GRA Microsoft Graph Chart GROUP Contact Group File text/x-ms-group GRP Microsoft Program Group GRV Microsoft Office Groove File application/vnd.groove-injector GSA Microsoft Office Groove Space Archive GTA Microsoft Office Groove Tool Archive GZ WinRAR archive H1C Windows Help Collection Definition File H1D Windows Help Validator File H1F Windows Help Include File H1H Windows Help Merged Hierarchy H1K Windows Help Index File H1Q Windows Help Merged Query Index H1S Compiled Windows Help file H1T Windows Help Table of Contents File H1V Windows Help Virtual Topic Definition File H1W Windows Help Merged Keyword Index HEARTSSAVE-MS .HeartsSave-ms HLP Help File HOL Microsoft Office Outlook Holidays HTA HTML Application application/hta HTK Hidden Markov Model Toolkit Speech Recognition File HTM HTML Document text/html HTMENX MyWinLocker Protected File HTML HTML Document text/html HTMLENX MyWinLocker Protected File HXA Microsoft Help Attribute Definition File application/xml HXC Microsoft Help Collection Definition File application/xml HXD Microsoft Help Validator File application/octet-stream HXE Microsoft Help Samples Definition File application/xml HXF Microsoft Help Include File application/xml HXH Microsoft Help Merged Hierarchy File application/octet-stream HXI Microsoft Help Compiled Index File application/octet-stream HXK Microsoft Help Index File application/xml HXQ Microsoft Help Merged Query Index File application/octet-stream HXR Microsoft Help Merged Attribute Index File application/octet-stream HXS Microsoft Help Compiled Storage File application/octet-stream HXT Microsoft Help Table of Contents File application/xml HXV Microsoft Help Virtual Topic Definition File application/xml HXW Microsoft Help Attribute Definition File application/octet-stream IBC InterConnect Bizcard File ICC ICC Profile ICL Icon Library ICM ICC Profile ICO Icon File image/x-icon ICS iCalendar File IFF Amiga Paint Image IFO DVD Movie Info IMG Image Files INF Setup Information INFOPATHXML Microsoft Office InfoPath Form application/ms-infopath.xml INI Configuration Settings INSANIQUARIUMDELUXESAVEDGAME INSANIQUARIUMDELUXESAVEDGAME File IQY Microsoft Office Excel Web Query File text/x-ms-iqy ISO Image Files IT Impulsetracker Module ITZ Impulsetracker Compressed Module IVR Internet Video Recording JAR Executable Jar File JEWELMATCH3SAVEDGAME JEWELMATCH3SAVEDGAME File JEWELQUESTSOLITAIRESAVEDGAME JEWELQUESTSOLITAIRESAVEDGAME File JFIF JPEG File Interchange Format image/jpeg JIF JPEG File Interchange Format JNG JPEG Network Graphics Image JNLP JNLP File application/x-java-jnlp-file JNT Journal Document JOB Task Scheduler Task Object JOD Microsoft.Jet.OLEDB.4.0 JOHNDEEREDRIVEGREENSAVEDGAME JOHNDEEREDRIVEGREENSAVEDGAME File JPE JPEG Image image/jpeg JPEG JPEG Image image/jpeg JPEGENX MyWinLocker Protected File JPG JPEG Image image/jpeg JPGENX MyWinLocker Protected File JS JScript Script File JSE JScript Encoded File JTP Journal Template JTX XPS Document application/x-jtx+xps KAR Karaoke MIDI File KOA Koala Paint Image LABEL Property List LACCDB Microsoft Office Access Record-Locking Information LBM Amiga Paint Image LDB Microsoft Office Access Record-Locking Information LEX Dictionary File LHA WinRAR archive LIBRARY-MS Library Folder application/windows-library+xml LJP Lossless JPEG LNK Shortcut LOG Text Document LZH WinRAR archive M1V Movie Clip video/mpeg M2P MPEG-2 Program Stream Format video/mpeg M2T MPEG Movie video/vnd.dlna.mpeg-tts M2TS MPEG-2 Transport stream video/vnd.dlna.mpeg-tts M2V Movie Clip video/mpeg M3U M3U file audio/x-mpegurl M3U8 Winamp playlist file M4V MP4 Video video/mp4 MAD Microsoft Office Access Module Shortcut MAF Microsoft Office Access Form Shortcut MAG Microsoft Office Access Diagram Shortcut MAHJONGTITANSSAVE-MS .MahjongTitansSave-ms MAM Microsoft Office Access Macro Shortcut MAPIMAIL Mail Service MAQ Microsoft Office Access Query Shortcut MAR Microsoft Office Access Report Shortcut MAS Microsoft Office Access Stored Procedure Shortcut MAT Microsoft Office Access Table Shortcut MAU MAU File MAV Microsoft Office Access View Shortcut MAW Microsoft Office Access Data Access Page Shortcut MCL MCL File MDA Microsoft Office Access Add-in application/msaccess MDB Microsoft Office Access Database application/msaccess MDBHTML Microsoft Office Access HTML Document MDE Microsoft Office Access MDE Database application/msaccess MDN Microsoft Office Access Blank Database Template MDT Microsoft Office Access Add-in Data MDW Microsoft Office Access Workgroup Information MDZ Protracker Compressed Module MFP Macromedia Flash Paper application/x-shockwave-flash MGC Media Catalog File MHT MHTML Document message/rfc822 MHTENX MyWinLocker Protected File MHTML MHTML Document message/rfc822 MHTMLENX MyWinLocker Protected File MID MIDI Sequence audio/mid MIDI MIDI Sequence audio/mid MIG Migration Store MINESWEEPERSAVE-MS .MinesweeperSave-ms MIZ Compressed MIDI File MKV Matroska Video Stream video/x-matroska MLC Language Pack File_ MML Media Catalog File MMV MicroMV Movie MMW Media Catalog File MNG Multiple Network Graphics Image MOD Hard Disk Camera Movie video/mpeg MP2V Movie Clip video/mpeg MP3 MP3 Format Sound audio/mpeg MP4 MP4 Video video/mp4 MP4V MP4 Video video/mp4 MPE Movie Clip video/mpeg MPEG Movie Clip video/mpeg MPF Clip Organizer Media Package File application/vnd.ms-mediapackage MPG Movie Clip video/mpeg MPV2 Movie Clip video/mpeg MSC Microsoft Common Console Document MSDVD MSDVD File MSE MSE File MSG Outlook Item MSI Windows Installer Package MSP Windows Installer Patch MSRCINCIDENT Windows Remote Assistance Invitation MSSTYLES Windows Visual Style File MSU Microsoft Update Standalone Package MTM Multitracker Module MTS AVCHD Video video/vnd.dlna.mpeg-tts MYDOCS MyDocs Drop Target MYSTERYOFMORTLAKEMANSIONSAVEDGAME MYSTERYOFMORTLAKEMANSIONSAVEDGAME File NCD Nero CD Cover Document NCT NCT File NCW NCW File NFO MSInfo Configuration File NHF HFS CD Compilation NHV HD-BURN-Video Compilation NICK Office Data File NK2 Office Data File NMD miniDVD Compilation NR3 CD-ROM (MP3) Compilation NR4 CD-ROM (AAC) Compilation NRA Audio CD Compilation NRB CD-ROM (Boot) Compilation NRC CD-ROM (UDF/ISO) Compilation NRD DVD-Video Compilation NRE CD EXTRA Compilation NRG Disc Image NRH CD-ROM (Hybrid) Compilation NRI CD-ROM (ISO) Compilation NRM Mixed Mode CD Compilation NRS CD-ROM (EFI Boot) Compilation NRU CD-ROM (UDF) Compilation NRV Video CD Compilation NRW CD-ROM (WMA) Compilation NSA Nullsoft Streaming Audio File NSD Super Video CD Compilation NST NoiseTracker Module Module NSV Nullsoft Streaming Video File NVC Nero Vision Document(nvc) NWS Windows Live Mail News Message message/rfc822 OCX ActiveX control ODC Microsoft Office Data Connection text/x-ms-odc ODCCUBEFILE ODCCUBEFILE File ODCDATABASEFILE ODCDATABASEFILE File ODCNEWFILE ODCNEWFILE File ODCTABLEFILE ODCTABLEFILE File ODP OpenDocument Presentation application/vnd.oasis.opendocument.presentation ODS OpenDocument Spreadsheet application/vnd.oasis.opendocument.spreadsheet ODT OpenDocument Text application/vnd.oasis.opendocument.text OFS OFS File OFT Outlook Item Template OGG OGG Vorbis audio video/ogg OGM OGG Media Stream video/ogm OKT Amiga Oktalyzer Module OLS Microsoft Office List Shortcut application/vnd.ms-publisher ONE Microsoft Office OneNote Section application/msonenote ONEPKG Microsoft Office OneNote Single File Package application/msonenote ONETOC Microsoft Office OneNote 2003 Table Of Contents ONETOC2 Microsoft Office OneNote Table Of Contents OPC Microsoft Clean-up Wizard File OQY Microsoft Office Excel OLAP Query File OSDX OpenSearch Description File application/opensearchdescription+xml OST Microsoft Office Outlook Offline Folders OTF OpenType Font file OTM Outlook VBA Project File P10 Certificate Request application/pkcs10 P12 Personal Information Exchange application/x-pkcs12 P7B PKCS #7 Certificates application/x-pkcs7-certificates P7C Digital ID File application/pkcs7-mime P7M PKCS #7 MIME Message application/pkcs7-mime P7R Certificate Request Response application/x-pkcs7-certreqresp P7S PKCS #7 Signature application/pkcs7-signature PAB Office Data File PAF Paris Audio File PARTIAL Partial Download PBK Dial-Up Phonebook PBM Portable Bitmap PCB PCB File PCD PhotoCD Image PCX Paintbrush Image PDF Adobe Acrobat Document application/pdf PDFENX MyWinLocker Protected File PDFXML Adobe Acrobat PDFXML Document application/vnd.adobe.pdfxml PDX Acrobat Catalog Index application/vnd.adobe.pdx PENGUINSSAVEDGAME PENGUINSSAVEDGAME File PERFMONCFG Performance Monitor Configuration PFM Type 1 Font file PFX Personal Information Exchange application/x-pkcs12 PIF Shortcut to MS-DOS Program PIP Microsoft Office Settings File PKO Public Key Security Object application/vnd.ms-pki.pko PLANTSVSZOMBIESSAVEDGAME PLANTSVSZOMBIESSAVEDGAME File PNF Precompiled Setup Information PNG Portable Network Graphics Image image/png POLARBOWLERSAVEDGAME POLARBOWLERSAVEDGAME File POT Microsoft Office PowerPoint 97-2003 Template application/vnd.ms-powerpoint POTHTML Microsoft Office PowerPoint HTML Template POTM Microsoft Office PowerPoint Macro-Enabled Design Template application/vnd.ms-powerpoint.template.macroEnabled.12 POTX Microsoft Office PowerPoint Template application/vnd.openxmlformats-officedocument.presentationml.template PPA Microsoft Office PowerPoint 97-2003 Addin application/vnd.ms-powerpoint PPAM Microsoft Office PowerPoint Addin application/vnd.ms-powerpoint.addin.macroEnabled.12 PPM Portable Pixelmap Graphics PPS Microsoft Office PowerPoint 97-2003 Slide Show application/vnd.ms-powerpoint PPSENX MyWinLocker Protected File PPSM Microsoft Office PowerPoint Macro-Enabled Slide Show application/vnd.ms-powerpoint.slideshow.macroEnabled.12 PPSMENX MyWinLocker Protected File PPSX Microsoft Office PowerPoint Slide Show application/vnd.openxmlformats-officedocument.presentationml.slideshow PPSXENX MyWinLocker Protected File PPT Microsoft Office PowerPoint 97-2003 Presentation application/vnd.ms-powerpoint PPTENX MyWinLocker Protected File PPTHTML Microsoft Office PowerPoint HTML Document PPTM Microsoft Office PowerPoint Macro-Enabled Presentation application/vnd.ms-powerpoint.presentation.macroEnabled.12 PPTMENX MyWinLocker Protected File PPTMHTML PPTMHTML File PPTX Microsoft Office PowerPoint Presentation application/vnd.openxmlformats-officedocument.presentationml.presentation PPTXENX MyWinLocker Protected File PPTXML Microsoft Office PowerPoint XML Presentation PRF PICS Rules File application/pics-rules PS1 PS1 File PS1XML PS1XML File PSC1 PSC1 File application/PowerShell PSD Photoshop Image PSD1 PSD1 File PSM1 PSM1 File PST Microsoft Office Outlook Personal Folders PTM PolyTracker Module PUB Microsoft Office Publisher Document application/vnd.ms-publisher PUBHTML PUBHTML File PUBMHTML PUBMHTML File PURBLEPAIRSSAVE-MS .PurblePairsSave-ms PURBLESHOPSAVE-MS .PurbleShopSave-ms PVF Portable Voice Format File PWZ Microsoft PowerPoint Wizard application/vnd.ms-powerpoint QCP Qualcomm PureVoice and Enhanced Variable Rate audio/qcelp QDS Directory Query R00 WinRAR archive R01 WinRAR archive R02 WinRAR archive R03 WinRAR archive R04 WinRAR archive R05 WinRAR archive R06 WinRAR archive R07 WinRAR archive R08 WinRAR archive R09 WinRAR archive R10 WinRAR archive R11 WinRAR archive R12 WinRAR archive R13 WinRAR archive R14 WinRAR archive R15 WinRAR archive R16 WinRAR archive R17 WinRAR archive R18 WinRAR archive R19 WinRAR archive R20 WinRAR archive R21 WinRAR archive R22 WinRAR archive R23 WinRAR archive R24 WinRAR archive R25 WinRAR archive R26 WinRAR archive R27 WinRAR archive R28 WinRAR archive R29 WinRAR archive RA RealAudio audio/vnd.rn-realaudio RAM RealPlayer Presentation audio/x-pn-realaudio RAR WinRAR archive RARENX MyWinLocker Protected File RAT Rating System File application/rat-file RAW Headerless RAW Waveform RAX RealAudio Protected RDP Remote Desktop Connection REG Registration Entries RELS XML Document RESMONCFG Resource Monitor Configuration REV RAR recovery volume RF64 RIFF 64 Broadcast Wave Format RJT RealSystem Track Info Style application/vnd.rn-realsystem-rjt RLE RLE File RLL Application Extension RM RealAudio / RealVideo application/vnd.rn-realmedia RMI MIDI Sequence audio/mid RMJ RealSystem Media application/vnd.rn-realsystem-rmj RMM RealPlayer Presentation audio/x-pn-realaudio RMP Real Metadata Package application/vnd.rn-rn_music_package RMS Secure RealAudio / RealVideo File application/vnd.rn-realmedia-secure RMVB RealAudio / RealVideo VBR application/vnd.rn-realmedia-vbr RMX RealSystem Secure Media File application/vnd.rn-realsystem-rmx RNX RealPlayer File application/vnd.rn-realplayer RP RealPix image/vnd.rn-realpix RQY Microsoft Office Excel OLE DB Query files text/x-ms-rqy RSML RealSystem ML File application/vnd.rn-rsml RSS Windows Live Mail Mail Message message/rfc822 RT RealText text/vnd.rn-realtext RTF Rich Text Format application/msword RTFENX MyWinLocker Protected File RV RealVideo video/vnd.rn-realvideo RVX RealVideo Protected RWZ Office Data File S3M Screamtracker 3 Module S3Z Screamtracker 3 Compressed Module SCF Windows Explorer Command SCP Text Document SCR Screen saver SCT Windows Script Component text/scriptlet SD2 Sound Designer II Audio File SDF SQL Server Compact Edition Database File SDP Scalable Multicast application/sdp SDS Raw Midi Sample Dump Standard File SEARCHCONNECTOR-MS Search Connector Folder application/windows-search-connector+xml SEARCH-MS Saved Search SECSTORE SECSTORE File SF IRCAM Sound File SFCACHE ReadyBoost Cache File SHTML SHTML File text/html SKYPE Skype Content application/x-skype SLDM Microsoft Office PowerPoint Macro-Enabled Slide application/vnd.ms-powerpoint.slide.macroEnabled.12 SLDX Microsoft Office PowerPoint Slide application/vnd.openxmlformats-officedocument.presentationml.slide SLINGODELUXESAVEDGAME SLINGODELUXESAVEDGAME File SLK Microsoft Office Excel SLK Data Import Format application/vnd.ms-excel SLUPKG-MS XrML Digital License Package application/x-ms-license SMI SMIL Multimedia Presentation application/smil SMIL SMIL Multimedia Presentation application/smil SND AU Format Sound audio/basic SOLITAIRESAVE-MS .SolitaireSave-ms SPC PKCS #7 Certificates application/x-pkcs7-certificates SPIDERSOLITAIRESAVE-MS .SpiderSolitaireSave-ms SPL Shockwave Flash Object application/futuresplash SST Microsoft Serialized Certificate Store application/vnd.ms-pki.certstore STL Certificate Trust List application/vnd.ms-pki.stl STM Screamtracker 2 Module STZ Screamtracker 2 Compressed Module SVG SVG Document image/svg+xml SWF Shockwave Flash application/x-shockwave-flash SYS System file TAR WinRAR archive TAZ WinRAR archive TBZ WinRAR archive TBZ2 WinRAR archive TGA Truevision Targa Image TGZ WinRAR archive THEME Windows Theme File THEMEPACK Windows Theme Pack THMX Microsoft Office Theme application/vnd.ms-officetheme TIF Tagged Image File Format Image image/tiff TIFENX MyWinLocker Protected File TIFF Tagged Image File Format Image image/tiff TIFFENX MyWinLocker Protected File TOD Hard Disk Camera Movie TORCHLIGHTSAVEDGAME TORCHLIGHTSAVEDGAME File TRP Transport Stream TS MPEG-2 TS Video video/vnd.dlna.mpeg-tts TTC TrueType Collection Font file TTF TrueType Font file TTS MPEG-2 TS Video video/vnd.dlna.mpeg-tts TXT Text Document text/plain TXTENX MyWinLocker Protected File UDL Microsoft Data Link ULT Ultratracker Module URL URL File UU WinRAR archive UUE WinRAR archive UXDC UXDC File VBE VBScript Encoded File VBS VBScript Script File VCF vCard File text/x-vcard VCG Microsoft Office Groove VCard application/vnd.groove-vcard VCS vCalendar File VDL VDL File VDX Microsoft Visio Document application/vnd.ms-visio.viewer VIRTUALVILLAGERS4THETREEOFLIFESAVEDGAME VIRTUALVILLAGERS4THETREEOFLIFESAVEDGAME File VLB Dolby Very Low Bitrate AAC File VOB DVD Movie video/mpeg VOC Creative VOC Format VSD Microsoft Visio Document application/vnd.ms-visio.viewer VSS Microsoft Visio Document application/vnd.ms-visio.viewer VST Microsoft Visio Document application/vnd.ms-visio.viewer VSX Microsoft Visio Document application/vnd.ms-visio.viewer VTX Microsoft Visio Document application/vnd.ms-visio.viewer VXD Virtual Device Driver W64 Soundforge Wow 64 Format WAB Address Book File WAL Winamp extension installation file interface/x-winamp3-skin WAV Wave Sound audio/wav WAVE Windows Audio WAX Windows Media Audio shortcut audio/x-ms-wax WBCAT Windows Backup Catalog File WBK Microsoft Word Backup Document application/msword WBM Wireless Bitmap Image WBMP Wireless Bitmap Image WCX Workspace Configuration File WDP Windows Media Photo image/vnd.ms-photo WEBM WebM Video video/x-webm WEBPNP Web Point And Print File WEBSITE Pinned Site Shortcut application/x-mswebsite WEDDINGDASHSAVEDGAME WEDDINGDASHSAVEDGAME File WIZ Microsoft Word Wizard application/msword WIZHTML Microsoft Office Access HTML Template WLL WLL File WLPGINSTALL WLPGINSTALL File application/x-wlpg-detect WLPGINSTALL3 WLPGINSTALL3 File application/x-wlpg3-detect WLZ Winamp language installation file interface/x-winamp-lang WM Windows Media Audio/Video file video/x-ms-wm WMA Windows Media Audio file audio/x-ms-wma WMD Windows Media Player Download Package application/x-ms-wmd WMDB Windows Media Library WMF Windows Meta File WMS Windows Media Player Skin File WMV Windows Media Audio/Video file video/x-ms-wmv WMX Windows Media Audio/Video playlist video/x-ms-wmx WMZ Windows Media Player Skin Package application/x-ms-wmz WPG WildTangent PNG File WPL Winamp playlist file application/vnd.ms-wpl WPOST Windows Live Writer Post application/x-wpost WSC Windows Script Component text/scriptlet WSF Windows Script File WSH Windows Script Host Settings File WSZ Winamp extension installation file interface/x-winamp-skin WTV Windows Recorded TV Show WTX Text Document WVE Microsoft Wave Sound Format WVX Windows Media Audio/Video playlist video/x-ms-wvx XAML Windows Markup File application/xaml+xml XBAP XAML Browser Application application/x-ms-xbap XBM X11 Bitmap Image XDP Adobe Acrobat XML Data Package File application/vnd.adobe.xdp+xml XEVGENXML XEVGENXML File XFDF Adobe Acrobat Forms Document application/vnd.adobe.xfdf XHT XHTML Document application/xhtml+xml XHTML XHTML Document application/xhtml+xml XI Fasttracker 2 Waveform XLA Microsoft Office Excel Add-In application/vnd.ms-excel XLAM Microsoft Office Excel Add-In application/vnd.ms-excel.addin.macroEnabled.12 XLK Microsoft Office Excel Backup File application/vnd.ms-excel XLL Microsoft Office Excel XLL Add-In application/vnd.ms-excel XLM Microsoft Office Excel 4.0 Macro application/vnd.ms-excel XLS Microsoft Office Excel 97-2003 Worksheet application/vnd.ms-excel XLSB Microsoft Office Excel Binary Worksheet application/vnd.ms-excel.sheet.binary.macroEnabled.12 XLSBENX MyWinLocker Protected File XLSENX MyWinLocker Protected File XLSHTML Microsoft Office Excel HTML Document XLSM Microsoft Office Excel Macro-Enabled Worksheet application/vnd.ms-excel.sheet.macroEnabled.12 XLSMENX MyWinLocker Protected File XLSMHTML XLSMHTML File XLSX Microsoft Office Excel Worksheet application/vnd.openxmlformats-officedocument.spreadsheetml.sheet XLSXENX MyWinLocker Protected File XLT Microsoft Office Excel Template application/vnd.ms-excel XLTHTML Microsoft Office Excel HTML Template XLTM Microsoft Office Excel Macro-Enabled Template application/vnd.ms-excel.template.macroEnabled.12 XLTX Microsoft Office Excel Template application/vnd.openxmlformats-officedocument.spreadsheetml.template XLW Microsoft Office Excel Workspace application/vnd.ms-excel XLXML Microsoft Office Excel XML Worksheet XM Fasttracker 2 Module XML XML Document text/xml XMZ Fasttracker 2 Compressed Module XPS XPS Document application/vnd.ms-xpsdocument XRM-MS XrML Digital License text/xml XSF Microsoft Office InfoPath Form Definition File XSL XSL Stylesheet text/xml XSN Microsoft Office InfoPath Form Template XST Microsoft Office Outlook Personal Folders XTP Microsoft Office InfoPath Template Part File XXE WinRAR archive Z WinRAR archive ZFSENDTOTARGET Compressed (zipped) Folder SendTo Target ZIP WinRAR ZIP archive ZIPENX MyWinLocker Protected File ZUMASAVEDGAME ZUMASAVEDGAME File --------[ Desktop Gadgets ]--------------------------------------------------------------------------------------------- [ Calendar ] Gadget Properties: Name Calendar Description Browse the days of the calendar. Version 1.1.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML Calendar.Gadget\en-US\gadget.xml [ Clock ] Gadget Properties: Name Clock Description Watch the clock in your own time zone or any city in the world. Version 1.0.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML Clock.Gadget\en-US\gadget.xml [ CPU Meter ] Gadget Properties: Name CPU Meter Description See the current computer CPU and system memory (RAM). Version 1.0.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML CPU.Gadget\en-US\gadget.xml [ Currency ] Gadget Properties: Name Currency Description Convert from one currency to another. Version 1.0.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML Currency.Gadget\en-US\gadget.xml [ Feed Headlines ] Gadget Properties: Name Feed Headlines Description Track the latest news, sports, and entertainment headlines. Version 1.1.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML RSSFeeds.Gadget\en-US\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description ? s?s?e?? MyWinLocker s?? ep?t??pe? ?a e????ete t? Yo-Safe, ?a? ?a ???ete µetaf??? ?a? ap??es? a??e??? ??a e????? ???pt????f?s?/ap????pt????f?s?. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\EL\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description ??????????? MyWinLocker ?? ????????? ?? ???????????? ???? Yo-Safe ? ?? ???????? ? ??????? ??????? ?? ????? ????????? ? ???????????. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\BG\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description A MyWinLocker minialkalmazás lehetové teszi a Yo-Safe vezérlését illetve a könnyu titkosítás és dekódolás érdekében a fájlok húzását és ejtését. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\HU\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description Das Gadget MyWinLocker ermöglicht Ihnen die Kontrolle über Ihre Yo-Safe sowie die Ver- und Entschlüsselung Ihrer Dateien durch einfaches Drag Drop. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\DE\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description El gadget MyWinLocker le permite controlar su Yo-Safe, así como arrastrar y soltar archivos para un sencillo cifrado y descifrado. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\ES\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description Gadzet MyWinLocker pozwala ci kontrolowac Twój Yo-Safe, oraz przeciagac do niego pliki w celu latwego szyfrowania i odszyfrowywania. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\PL\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description Het MyWinLocker gadget biedt u demogelijkheid uw Yo-Safe te beheren en bestanden te slepen en neer te zetten voor een eenvoudige codering en decodering. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\NL\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description I gadget di MyWinLocker consentono di controllare il Yo-Safe e di trascinare e rilasciare i file per semplificare la codifica e la decodifica. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\IT\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description Instrumentul MyWinLocker va permite sa controlati Yo-Safe si sa copiati si alipiti fisiere pentru criptare si decriptare usoara. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\RO\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description Le gadget MyWinLocker vous permet de contrôler votre Yo-Safe, et de glisser déposer des fichiers pour les crypter ou les décrypter. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\FR\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description Med ekstrautstyret MyWinLocker kan du kontrollere din Yo-Safe, dra og slippe filer, slik at du enkelt kan kryptere og dekryptere dem. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\NO\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description Med MyWinLocker kan du kontrollera din Yo-Safe och dra och släppa filer för enkel kryptering och avkryptering. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\SV\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description Miniaplikace MyWinLocker umožnuje ovládat jednotku Yo-Safe a jednoduše šifrovat a dešifrovat soubory jejich pretažením. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\CS\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description MyWinLocker ??? (gadget) ?????Yo-Safe,???????????????? Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\zh-TW\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description MyWinLocker ??? Yo-Safe? ??? ? ??? ?? ?? ???? ???? ?? ??? ??? ???? ?? ????. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\KO\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description MyWinLocker ????????? ????????? ?????? Yo-Safe, ? ????? ????????????? ????? ??? ???????? ?????????? ? ???????????. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\RU\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description MyWinLocker ?????????Yo-Safe,???????????????? Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\zh-CN\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description MyWinLocker ????????Yo-Safe????????????????????&?????????????????????? Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\JA\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description MyWinLocker gadget vam omogucava da kontrolirate vaš Yo-Safe i da povlacite i ispuštate datoteke radi lake enkripcije i dekripcije. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\HR\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description MyWinLocker gadget’en sætter dig i stand til kontrollere din Yo-Safe og trække og slippe filer til hurtig kryptering og dekryptering. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\DA\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description MyWinLocker itaisas leidžia kontroliuoti savo Yo-Safe, ir vilkit bei paleisti rinkmenas, norint lengvai jas šifruoti ir iššifruoti. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\LT\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description MyWinLocker –toiminto mahdollistaa Yo-Safe:n hallinnan ja tiedostojen vetämisen ja pudottamisen salaamisen ja purkamisen helpottamiseksi. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\FI\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description MyWinLocker uygulamasi, Yo-Safe’nizi kontrol etmenize ve kolay sifreleme/sifre çözme için dosyalari sürükleyip birakmaniza olanak verir. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\TR\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description MyWinLocker vidin võimaldab teil hallata oma Yo-Safe-d ning faile pukseerimise teel kerge vaevaga krüpteerida ja dekrüpteerida. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\ET\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description O dispositivo MyWinLocker permite-lhe controlar o seu Yo-Safe e arrastar e largar ficheiros para maior facilidade de encriptação e desencriptação. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\PT\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description Pomôcka MyWinLocker umožnuje spravovat Yo-Safe a premiestnovat súbory na šifrovanie a dešifrovanie uchopením a presunutím myšou. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\SK\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description Pripomocek MyWinLocker vam omogoca nadzirati Yo-Safe in vleci in spustiti datoteke za preprosto šifriranje in dešifriranje. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\SL\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description Sikriks MyWinLocker nodrošina jums iespeju kontrolet savu Yo-Safe, ka ari vilkt un nomest failus, lai tos erti šifretu un atšifretu. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\LV\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description The MyWinLocker gadget allows you to control you Yo-Safe, and drag drop files for easy encryption and decryption. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\DU\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description The MyWinLocker gadget allows you to control your Yo-Safe, and drag drop files for easy encryption and decryption. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\gadget.xml [ MyWinLocker ] Gadget Properties: Name MyWinLocker Description The MyWinLocker gadget allows you to control your Yo-Safe, and drag drop files for easy encryption and decryption. Version 4 Author EgisTec Inc. Copyright 2010 Folder ProgramFiles XML MyWinLocker.Gadget\PT-BR\gadget.xml [ Nero DiscCopy ] Gadget Properties: Name Nero DiscCopy Description ?? CD?DVD?Blu-ray ???? HD DVD?????????? ISO?NRG?? IMG ??? Version 2.4.34.100 Author Nero AG Copyright © 2008 URL http://www.nero.com Folder ProgramFiles XML NeroDiscCopy9.Gadget\zh-ZH\gadget.xml [ Nero DiscCopy ] Gadget Properties: Name Nero DiscCopy Description ??CD?DVD??????HD DVD???????ISO?NRG?IMG??? Version 2.4.34.100 Author Nero AG Copyright © 2008 URL http://www.nero.com Folder ProgramFiles XML NeroDiscCopy9.Gadget\zh-HANT\gadget.xml [ Nero DiscCopy ] Gadget Properties: Name Nero DiscCopy Description Copies CDs, DVDs, Blu-ray discs, and HD DVDs. Burns ISO, NRG, and IMG files via drag-and-drop. Version 2.4.34.100 Author Nero AG Copyright © 2008 URL http://www.nero.com Folder ProgramFiles XML NeroDiscCopy9.Gadget\gadget.xml [ Picture Puzzle ] Gadget Properties: Name Picture Puzzle Description Move the pieces of the puzzle and try to put them in order. Version 1.0.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML PicturePuzzle.Gadget\en-US\gadget.xml [ Slide Show ] Gadget Properties: Name Slide Show Description Show a continuous slide show of your pictures. Version 1.0.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML SlideShow.Gadget\en-US\gadget.xml [ Weather ] Gadget Properties: Name Weather Description See what the weather looks like around the world. Version 1.1.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML Weather.Gadget\en-US\gadget.xml [ Windows Media Center ] Gadget Properties: Name Windows Media Center Description Play your latest TV recordings, new Internet TV clips, and favorite music and pictures. Version 1.0.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML MediaCenter.Gadget\en-US\gadget.xml --------[ Windows Security ]-------------------------------------------------------------------------------------------- Operating System Properties: OS Name Microsoft Windows 7 Home Premium OS Service Pack Service Pack 1 Winlogon Shell explorer.exe User Account Control (UAC) Enabled System Restore Enabled Data Execution Prevention (DEP, NX, EDB): Supported by Operating System Yes Supported by CPU Yes Active (To Protect Applications) Yes Active (To Protect Drivers) Yes --------[ Windows Update ]---------------------------------------------------------------------------------------------- (Automatic Update) Unknown Security Update for Windows (KB2507938) Update 26/11/2012 Security Update for Windows (KB2532531) Update 26/11/2012 Security Update for Windows (KB2536276) Update 26/11/2012 Security Update for Windows (KB2555917) Update 26/11/2012 Security Update for Windows (KB2556532) Update 26/11/2012 Security Update for Windows (KB2560656) Update 26/11/2012 Security Update for Windows (KB2562937) Update 26/11/2012 Security Update for Windows (KB2563894) Update 26/11/2012 Security Update for Windows (KB2567680) Update 26/11/2012 Update for Windows (KB2533623) Update 26/11/2012 Update for Windows (KB2545698) Update 26/11/2012 Update for Windows (KB2547666) Update 26/11/2012 Update for Windows (KB2552343) Update 26/11/2012 Update for Windows (KB2563227) Update 26/11/2012 --------[ Firewall ]---------------------------------------------------------------------------------------------------- Windows Firewall 6.1.7600.16385 Enabled --------[ Anti-Spyware ]------------------------------------------------------------------------------------------------ Microsoft Windows Defender 6.1.7600.16385(win7_rtm.090713-1255) --------[ Regional ]---------------------------------------------------------------------------------------------------- Time Zone: Current Time Zone Malay Peninsula Standard Time Current Time Zone Description (UTC+08:00) Kuala Lumpur, Singapore Change To Standard Time Change To Daylight Saving Time Language: Language Name (Native) English Language Name (English) English Language Name (ISO 639) en Country/Region: Country Name (Native) Malaysia Country Name (English) Malaysia Country Name (ISO 3166) MY Country Code 60 Currency: Currency Name (Native) Malaysian Ringgit Currency Name (English) Malaysian Ringgit Currency Symbol (Native) RM Currency Symbol (ISO 4217) MYR Currency Format RM123,456,789.00 Negative Currency Format (RM123,456,789.00) Formatting: Time Format h:mm:ss tt Short Date Format d/M/yyyy Long Date Format dddd, d MMMM, yyyy Number Format 123,456,789.00 Negative Number Format -123,456,789.00 List Format first, second, third Native Digits 0123456789 Days of Week: Native Name for Monday Monday / Mon Native Name for Tuesday Tuesday / Tue Native Name for Wednesday Wednesday / Wed Native Name for Thursday Thursday / Thu Native Name for Friday Friday / Fri Native Name for Saturday Saturday / Sat Native Name for Sunday Sunday / Sun Months: Native Name for January January / Jan Native Name for February February / Feb Native Name for March March / Mar Native Name for April April / Apr Native Name for May May / May Native Name for June June / Jun Native Name for July July / Jul Native Name for August August / Aug Native Name for September September / Sep Native Name for October October / Oct Native Name for November November / Nov Native Name for December December / Dec Miscellaneous: Calendar Type Gregorian (localized) Default Paper Size A4 Measurement System Metric Display Languages: LCID 0409h (Active) English (United States) --------[ Environment ]------------------------------------------------------------------------------------------------- ALLUSERSPROFILE C:\ProgramData APPDATA C:\Users\user\AppData\Roaming CommonProgramFiles(x86) C:\Program Files (x86)\Common Files CommonProgramFiles C:\Program Files (x86)\Common Files CommonProgramW6432 C:\Program Files\Common Files COMPUTERNAME USER-PC ComSpec C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK NO HOMEDRIVE C: HOMEPATH \Users\user LOCALAPPDATA C:\Users\user\AppData\Local LOGONSERVER \\USER-PC NUMBER_OF_PROCESSORS 4 OS Windows_NT Path C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\EgisTec MyWinLocker\x64;C:\Program Files (x86)\EgisTec MyWinLocker\;C:\Program Files (x86)\Windows Live\Shared PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE x86 PROCESSOR_ARCHITEW6432 AMD64 PROCESSOR_IDENTIFIER Intel64 Family 6 Model 42 Stepping 7, GenuineIntel PROCESSOR_LEVEL 6 PROCESSOR_REVISION 2a07 ProgramData C:\ProgramData ProgramFiles(x86) C:\Program Files (x86) ProgramFiles C:\Program Files (x86) ProgramW6432 C:\Program Files PSModulePath C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC C:\Users\Public SystemDrive C: SystemRoot C:\Windows TEMP C:\Users\user\AppData\Local\Temp TMP C:\Users\user\AppData\Local\Temp USERDOMAIN user-PC USERNAME user USERPROFILE C:\Users\user windir C:\Windows windows_tracing_flags 3 windows_tracing_logfile C:\BVTBin\Tests\installpackage\csilogfile.log --------[ Control Panel ]----------------------------------------------------------------------------------------------- Flash Player Manage Flash Player Settings Java Java(TM) Control Panel Mail Microsoft Office Outlook Profiles Nero BurnRights Configure CD/DVD burn rights. --------[ Recycle Bin ]------------------------------------------------------------------------------------------------- C: 0 0 ? ? D: 0 0 ? ? --------[ System Files ]------------------------------------------------------------------------------------------------ [ system.ini ] ; for 16-bit app support [386Enh] woafont=dosapp.fon EGA80WOA.FON=EGA80WOA.FON EGA40WOA.FON=EGA40WOA.FON CGA80WOA.FON=CGA80WOA.FON CGA40WOA.FON=CGA40WOA.FON [drivers] wave=mmdrv.dll timer=timer.drv [mci] [ win.ini ] ; for 16-bit app support [fonts] [extensions] [mci extensions] [files] [Mail] MAPI=1 CMCDLLNAME32=mapi32.dll CMC=1 MAPIX=1 MAPIXVER=1.0.0.1 OLEMessaging=1 [MCI Extensions.BAK] 3g2=MPEGVideo 3gp=MPEGVideo 3gp2=MPEGVideo 3gpp=MPEGVideo aac=MPEGVideo adt=MPEGVideo adts=MPEGVideo m2t=MPEGVideo m2ts=MPEGVideo m2v=MPEGVideo m4a=MPEGVideo m4v=MPEGVideo mod=MPEGVideo mov=MPEGVideo mp4=MPEGVideo mp4v=MPEGVideo mts=MPEGVideo ts=MPEGVideo tts=MPEGVideo [ResponseResult] ResultCode=0 [ hosts ] [ lmhosts.sam ] --------[ System Folders ]---------------------------------------------------------------------------------------------- Administrative Tools C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools AppData C:\Users\user\AppData\Roaming Cache C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files CD Burning C:\Users\user\AppData\Local\Microsoft\Windows\Burn\Burn Common Administrative Tools C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools Common AppData C:\ProgramData Common Desktop C:\Users\Public\Desktop Common Documents C:\Users\Public\Documents Common Favorites C:\Users\user\Favorites Common Files (x86) C:\Program Files (x86)\Common Files Common Files C:\Program Files (x86)\Common Files Common Music C:\Users\Public\Music Common Pictures C:\Users\Public\Pictures Common Programs C:\ProgramData\Microsoft\Windows\Start Menu\Programs Common Start Menu C:\ProgramData\Microsoft\Windows\Start Menu Common Startup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Common Templates C:\ProgramData\Microsoft\Windows\Templates Common Video C:\Users\Public\Videos Cookies C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies Desktop C:\Users\user\Desktop Device C:\Windows\inf Favorites C:\Users\user\Favorites Fonts C:\Windows\Fonts History C:\Users\user\AppData\Local\Microsoft\Windows\History Local AppData C:\Users\user\AppData\Local My Documents C:\Users\user\Documents My Music C:\Users\user\Music My Pictures C:\Users\user\Pictures My Video C:\Users\user\Videos NetHood C:\Users\user\AppData\Roaming\Microsoft\Windows\Network Shortcuts PrintHood C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts Profile C:\Users\user Program Files (x86) C:\Program Files (x86) Program Files C:\Program Files (x86) Programs C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs Recent C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent Resources C:\Windows\resources SendTo C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo Start Menu C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu Startup C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup System (x86) C:\Windows\SysWOW64 System C:\Windows\system32 Temp C:\Users\user\AppData\Local\Temp\ Templates C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates Windows C:\Windows --------[ Event Logs ]-------------------------------------------------------------------------------------------------- Application Warning 1 2012-11-25 14:26:55 Windows Search Service 1008: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. Application Warning None 2012-11-25 17:29:14 SYSTEM Microsoft-Windows-User Profiles Service 1530: Application Warning None 2012-11-29 18:51:29 user MsiInstaller 1004: Detection of product '{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}', feature 'ProductFeature', component '{4DFB7A1C-5916-4BF2-B8FF-A750D7CC5489}' failed. The resource 'HKEY_CURRENT_USER\Software\Symantec\Norton Online Backup\Install\DTI' does not exist. Application Warning None 2012-11-29 18:51:29 user MsiInstaller 1001: Detection of product '{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}', feature 'ProductFeature' failed during request for component '{C0D93E97-174B-476B-8C87-CB8F0D3C36B0}' Application Warning None 2012-11-29 18:54:19 user Microsoft-Windows-RestartManager 10010: Application 'C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe' (pid 3576) cannot be restarted - 1. Application Warning None 2012-11-29 18:54:19 user Microsoft-Windows-RestartManager 10010: Application 'C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe' (pid 4356) cannot be restarted - 1. Application Error None 2012-11-29 18:54:33 user Microsoft-Windows-RestartManager 10007: Application or service 'Norton Online Backup' could not be restarted. Application Warning None 2012-11-29 19:01:42 SYSTEM Microsoft-Windows-User Profiles Service 1530: Application Warning None 2012-11-29 20:08:48 SYSTEM Microsoft-Windows-User Profiles Service 1530: Application Warning None 2012-11-29 20:45:15 SYSTEM Microsoft-Windows-User Profiles Service 1530: Application Warning None 2012-11-29 21:20:28 SYSTEM Microsoft-Windows-User Profiles Service 1530: Application Warning None 2012-11-29 22:16:37 SYSTEM WinMgmt Application Warning None 2012-11-29 22:16:37 SYSTEM WinMgmt Application Warning None 2012-11-29 22:42:30 SYSTEM Microsoft-Windows-User Profiles Service 1530: Application Warning None 2012-11-29 22:58:30 SYSTEM Microsoft-Windows-User Profiles Service 1530: Application Warning None 2012-11-30 09:21:42 SYSTEM Microsoft-Windows-User Profiles Service 1530: Application Warning None 2012-11-30 11:03:36 SYSTEM Microsoft-Windows-User Profiles Service 1530: Security Audit Success 12288 2012-11-25 14:26:38 Microsoft-Windows-Security-Auditing 4616: The system time was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process Information: Process ID: 0x3fc Name: C:\Windows\System32\oobe\msoobe.exe Previous Time: 2012-11-25T22:26:38.365747300Z New Time: 2012-11-25T06:26:38.350000000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer. Security Audit Success 12544 2012-11-25 14:26:39 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x274 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-25 14:26:39 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13824 2012-11-25 14:26:40 Microsoft-Windows-Security-Auditing 4720: A user account was created. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 New Account: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Attributes: SAM Account Name: user Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 Allowed To Delegate To: - Old UAC Value: 0x0 New UAC Value: 0x15 User Account Control: %%2080 %%2082 %%2084 User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges - Security Audit Success 13826 2012-11-25 14:26:40 Microsoft-Windows-Security-Auditing 4728: A member was added to a security-enabled global group. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: - Group: Security ID: S-1-5-21-2602235906-715977651-979350228-513 Group Name: None Group Domain: user-PC Additional Information: Privileges: - Security Audit Success 13826 2012-11-25 14:26:40 Microsoft-Windows-Security-Auditing 4732: A member was added to a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: - Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Additional Information: Privileges: - Security Audit Success 13824 2012-11-25 14:26:41 Microsoft-Windows-Security-Auditing 4722: A user account was enabled. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Security Audit Success 13824 2012-11-25 14:26:41 Microsoft-Windows-Security-Auditing 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Changed Attributes: SAM Account Name: user Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x15 New UAC Value: 0x14 User Account Control: %%2048 User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: - Security Audit Success 13826 2012-11-25 14:26:42 Microsoft-Windows-Security-Auditing 4732: A member was added to a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: - Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Additional Information: Privileges: - Security Audit Success 13826 2012-11-25 14:26:42 Microsoft-Windows-Security-Auditing 4733: A member was removed from a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: - Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Additional Information: Privileges: - Security Audit Success 13824 2012-11-25 14:26:43 Microsoft-Windows-Security-Auditing 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Changed Attributes: SAM Account Name: user Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x14 New UAC Value: 0x214 User Account Control: %%2089 User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: - Security Audit Success 13824 2012-11-25 14:26:44 Microsoft-Windows-Security-Auditing 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Changed Attributes: SAM Account Name: user Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: 11/25/2012 2:26:44 PM Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x214 New UAC Value: 0x214 User Account Control: - User Parameters: - SID History: - Logon Hours: %%1797 Additional Information: Privileges: - Security Audit Success 13824 2012-11-25 14:26:44 Microsoft-Windows-Security-Auditing 4724: An attempt was made to reset an account's password. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Security Audit Success 12544 2012-11-25 14:26:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x274 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-25 14:26:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-25 14:26:48 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x274 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-25 14:26:48 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-25 14:26:53 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2b66b Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-25 14:26:53 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x274 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-25 14:26:53 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-25 14:27:08 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-25 14:27:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x31a89 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: WIN-RS1TT250VHC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-25 14:27:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x31acc Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: WIN-RS1TT250VHC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-25 14:27:08 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x31a89 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-25 14:29:23 Microsoft-Windows-Security-Auditing 6406: McAfee Personal Firewall registered to Windows Firewall to control filtering for the following: BootTimeRuleCategory, FirewallRuleCategory. Security Audit Success 12544 2012-11-25 14:29:51 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x274 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-25 14:29:51 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-25 15:12:16 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x274 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-25 15:12:16 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-25 15:29:25 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x274 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-25 15:29:25 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-25 15:39:28 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x274 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-25 15:39:28 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x274 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-25 15:39:28 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-25 15:39:28 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-25 15:39:43 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x13dc Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x3bb3dc Security Audit Success 13568 2012-11-25 15:39:43 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x13dc Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x3bb3dc Security Audit Success 12544 2012-11-25 15:40:47 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x274 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-25 15:40:47 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13824 2012-11-25 17:28:25 Microsoft-Windows-Security-Auditing 4720: A user account was created. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x31a89 New Account: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Attributes: SAM Account Name: UpdatusUser Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 Allowed To Delegate To: - Old UAC Value: 0x0 New UAC Value: 0x15 User Account Control: %%2080 %%2082 %%2084 User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges - Security Audit Success 13824 2012-11-25 17:28:25 Microsoft-Windows-Security-Auditing 4722: A user account was enabled. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x31a89 Target Account: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Security Audit Success 13824 2012-11-25 17:28:25 Microsoft-Windows-Security-Auditing 4738: A user account was changed. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x31a89 Target Account: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Changed Attributes: SAM Account Name: UpdatusUser Display Name: UpdatusUser User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: 11/25/2012 5:28:25 PM Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x15 New UAC Value: 0x210 User Account Control: %%2048 %%2050 %%2089 User Parameters: - SID History: - Logon Hours: %%1797 Additional Information: Privileges: - Security Audit Success 13824 2012-11-25 17:28:25 Microsoft-Windows-Security-Auditing 4724: An attempt was made to reset an account's password. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x31a89 Target Account: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Security Audit Success 13826 2012-11-25 17:28:25 Microsoft-Windows-Security-Auditing 4728: A member was added to a security-enabled global group. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x31a89 Member: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: - Group: Security ID: S-1-5-21-2602235906-715977651-979350228-513 Group Name: None Group Domain: user-PC Additional Information: Privileges: - Security Audit Success 13569 2012-11-25 17:28:27 Microsoft-Windows-Security-Auditing 4717: System security access was granted to an account. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x31a89 Account Modified: Account Name: S-1-5-21-2602235906-715977651-979350228-1001 Access Granted: Access Right: SeServiceLogonRight Security Audit Success 13569 2012-11-25 17:28:27 Microsoft-Windows-Security-Auditing 4717: System security access was granted to an account. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x31a89 Account Modified: Account Name: S-1-5-21-2602235906-715977651-979350228-1001 Access Granted: Access Right: SeDenyInteractiveLogonRight Security Audit Success 12544 2012-11-25 17:28:29 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x31a89 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x490 Process Name: \Device\HarddiskVolume6\VGA_Nvidia_8.17.12.8590_Win7x64\setup.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-25 17:28:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x31a89 Logon Type: 5 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x445b39 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: \Device\HarddiskVolume6\VGA_Nvidia_8.17.12.8590_Win7x64\setup.exe Network Information: Workstation Name: WIN-RS1TT250VHC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-25 17:28:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x445b39 Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12545 2012-11-25 17:28:37 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x445b39 Logon Type: 5 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2012-11-25 17:28:39 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x274 Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-25 17:28:39 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x44837f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x274 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: WIN-RS1TT250VHC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-25 17:28:39 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x44837f Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12545 2012-11-25 17:29:14 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x31acc This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-25 17:29:15 Microsoft-Windows-Eventlog 1100: Security Audit Success 12288 2012-11-25 17:30:12 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2012-11-25 17:30:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-25 17:30:14 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-25 17:30:14 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-25 17:30:14 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xb333 Security Audit Success 12544 2012-11-25 17:30:15 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-25 17:30:15 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-25 17:30:15 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-25 17:30:15 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-25 17:30:16 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-25 17:30:16 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-25 17:30:16 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-25 17:30:16 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2012-11-25 17:30:19 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2012-11-25 17:30:24 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-25 17:30:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x180e2 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-25 17:30:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x18108 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-25 17:30:24 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x180e2 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-25 17:30:27 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-25 17:30:27 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-25 17:30:33 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2012-11-25 17:30:38 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-25 17:31:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-25 17:31:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-25 17:31:27 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-25 17:31:27 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-25 17:31:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-25 17:31:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-25 17:31:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x6dce2 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-25 17:32:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-25 17:32:07 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-25 17:32:27 Microsoft-Windows-Security-Auditing 6406: McAfee Personal Firewall registered to Windows Firewall to control filtering for the following: BootTimeRuleCategory, FirewallRuleCategory. Security Audit Success 12544 2012-11-25 17:33:51 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2ec Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-25 17:33:51 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x118050 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: USER-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-25 17:33:51 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x118050 Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-25 18:32:08 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-25 18:32:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 7 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a73ec Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-25 18:32:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 7 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a73fa Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2012-11-25 18:32:08 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a73fa Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2012-11-25 18:32:08 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a73ec Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12548 2012-11-25 18:32:08 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a73ec Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2012-11-25 18:40:44 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x18108 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-25 18:40:45 Microsoft-Windows-Eventlog 1100: Security Audit Success 104 2012-11-26 06:23:28 Microsoft-Windows-Eventlog 1102: Security Audit Success 13824 2012-11-26 06:23:33 Microsoft-Windows-Security-Auditing 4738: A user account was changed. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-500 Account Name: Administrator Account Domain: WIN-RS1TT250VHC Logon ID: 0x266c4 Target Account: Security ID: S-1-5-21-2602235906-715977651-979350228-500 Account Name: Administrator Account Domain: WIN-RS1TT250VHC Changed Attributes: SAM Account Name: - Display Name: - User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: 0x211 New UAC Value: 0x211 User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: - Security Audit Success 12544 2012-11-26 06:23:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-26 06:23:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-26 06:23:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-26 06:23:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-26 06:23:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-26 06:23:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2012-11-26 06:24:50 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-500 Account Name: Administrator Account Domain: WIN-RS1TT250VHC Logon ID: 0x266c4 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-26 06:24:51 Microsoft-Windows-Eventlog 1100: Security Audit Success 12288 2012-11-26 06:25:42 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2012-11-26 06:25:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-26 06:25:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x274 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-26 06:25:44 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-26 06:25:44 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xae07 Security Audit Success 12544 2012-11-26 06:25:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x274 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-26 06:25:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-26 06:25:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x274 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-26 06:25:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x274 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-26 06:25:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x274 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-26 06:25:57 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-26 06:25:57 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-26 06:25:57 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12290 2012-11-26 06:26:23 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12292 2012-11-26 06:26:29 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12544 2012-11-26 06:26:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x274 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-26 06:26:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-26 06:26:31 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 13824 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-544 Account Domain: Builtin Old Account Name: Administrators New Account Name: Administrators Additional Information: Privileges: - Security Audit Success 13824 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-545 Account Domain: Builtin Old Account Name: Users New Account Name: Users Additional Information: Privileges: - Security Audit Success 13824 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-546 Account Domain: Builtin Old Account Name: Guests New Account Name: Guests Additional Information: Privileges: - Security Audit Success 13824 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-558 Account Domain: Builtin Old Account Name: Performance Monitor Users New Account Name: Performance Monitor Users Additional Information: Privileges: - Security Audit Success 13824 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-559 Account Domain: Builtin Old Account Name: Performance Log Users New Account Name: Performance Log Users Additional Information: Privileges: - Security Audit Success 13824 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-562 Account Domain: Builtin Old Account Name: Distributed COM Users New Account Name: Distributed COM Users Additional Information: Privileges: - Security Audit Success 13824 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-568 Account Domain: Builtin Old Account Name: IIS_IUSRS New Account Name: IIS_IUSRS Additional Information: Privileges: - Security Audit Success 13824 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-573 Account Domain: Builtin Old Account Name: Event Log Readers New Account Name: Event Log Readers Additional Information: Privileges: - Security Audit Success 13824 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2602235906-715977651-979350228-500 Account Name: Administrator Account Domain: user-PC Changed Attributes: SAM Account Name: Administrator Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: 11/20/2010 7:57:24 PM Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x211 New UAC Value: 0x211 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: - Security Audit Success 13824 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2602235906-715977651-979350228-500 Account Name: Administrator Account Domain: user-PC Changed Attributes: SAM Account Name: Administrator Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: 11/20/2010 7:57:24 PM Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x211 New UAC Value: 0x211 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: - Security Audit Success 13824 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2602235906-715977651-979350228-501 Account Name: Guest Account Domain: user-PC Changed Attributes: SAM Account Name: Guest Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x215 New UAC Value: 0x215 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: - Security Audit Success 13824 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2602235906-715977651-979350228-501 Account Name: Guest Account Domain: user-PC Changed Attributes: SAM Account Name: Guest Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x215 New UAC Value: 0x215 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: - Security Audit Success 13826 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: - Security Audit Success 13826 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Changed Attributes: SAM Account Name: Administrators SID History: - Additional Information: Privileges: - Security Audit Success 13826 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: - Security Audit Success 13826 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Changed Attributes: SAM Account Name: Users SID History: - Additional Information: Privileges: - Security Audit Success 13826 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: - Security Audit Success 13826 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Changed Attributes: SAM Account Name: Guests SID History: - Additional Information: Privileges: - Security Audit Success 13826 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-558 Group Name: Performance Monitor Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: - Security Audit Success 13826 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-558 Group Name: Performance Monitor Users Group Domain: Builtin Changed Attributes: SAM Account Name: Performance Monitor Users SID History: - Additional Information: Privileges: - Security Audit Success 13826 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-559 Group Name: Performance Log Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: - Security Audit Success 13826 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-559 Group Name: Performance Log Users Group Domain: Builtin Changed Attributes: SAM Account Name: Performance Log Users SID History: - Additional Information: Privileges: - Security Audit Success 13826 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-562 Group Name: Distributed COM Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: - Security Audit Success 13826 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-562 Group Name: Distributed COM Users Group Domain: Builtin Changed Attributes: SAM Account Name: Distributed COM Users SID History: - Additional Information: Privileges: - Security Audit Success 13826 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-568 Group Name: IIS_IUSRS Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: - Security Audit Success 13826 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-568 Group Name: IIS_IUSRS Group Domain: Builtin Changed Attributes: SAM Account Name: IIS_IUSRS SID History: - Additional Information: Privileges: - Security Audit Success 13826 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-573 Group Name: Event Log Readers Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: - Security Audit Success 13826 2012-11-26 06:26:34 Microsoft-Windows-Security-Auditing 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-RS1TT250VHC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-573 Group Name: Event Log Readers Group Domain: Builtin Changed Attributes: SAM Account Name: Event Log Readers SID History: - Additional Information: Privileges: - Security Audit Success 12288 2012-11-28 21:33:55 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2012-11-28 21:33:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-28 21:33:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-28 21:33:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-28 21:33:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-28 21:33:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-28 21:33:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-28 21:33:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-28 21:33:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-28 21:33:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-28 21:33:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-28 21:33:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-28 21:33:55 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xb20d Security Audit Success 12290 2012-11-28 21:33:56 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2012-11-28 21:33:56 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x394 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-28 21:33:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a748 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x394 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-28 21:33:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a76e Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x394 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-28 21:33:56 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a748 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-28 21:33:57 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2012-11-28 21:33:57 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-28 21:33:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-28 21:33:57 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-28 21:34:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-28 21:34:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-28 21:34:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-28 21:34:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-28 21:34:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x38fdf Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-28 21:34:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-28 21:34:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-28 21:34:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-28 21:34:07 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-28 21:34:16 Microsoft-Windows-Security-Auditing 6406: McAfee Personal Firewall registered to Windows Firewall to control filtering for the following: BootTimeRuleCategory, FirewallRuleCategory. Security Audit Success 12545 2012-11-28 21:35:26 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a76e This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-28 21:35:28 Microsoft-Windows-Eventlog 1100: Security Audit Success 12288 2012-11-29 18:21:21 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2012-11-29 18:21:21 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 18:21:21 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 18:21:21 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 18:21:21 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 18:21:21 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 18:21:21 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 18:21:21 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 18:21:21 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 18:21:21 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 18:21:21 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 18:21:21 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-29 18:21:21 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xac76 Security Audit Success 12290 2012-11-29 18:21:22 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2012-11-29 18:21:22 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x384 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-29 18:21:22 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x187ba Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x384 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 18:21:22 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x187e0 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x384 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 18:21:22 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 18:21:22 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x187ba Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 18:21:22 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-29 18:21:23 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2012-11-29 18:21:23 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-29 18:21:25 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 18:21:25 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 18:21:25 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 18:21:25 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x39be1 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 18:21:25 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 18:21:25 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 18:21:25 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 18:21:35 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 18:21:35 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-29 18:21:38 Microsoft-Windows-Security-Auditing 6406: McAfee Personal Firewall registered to Windows Firewall to control filtering for the following: BootTimeRuleCategory, FirewallRuleCategory. Security Audit Success 12544 2012-11-29 18:23:40 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-29 18:23:40 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x10e53a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: USER-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 18:23:40 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x10e53a Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 18:30:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 18:30:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 18:47:05 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 18:47:05 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-29 18:47:17 Microsoft-Windows-Security-Auditing 6407: McAfee Personal Firewall unregistered from Windows Firewall. Windows Firewall is now controlling the filtering for BootTimeRuleCategory, FirewallRuleCategory. Security Audit Success 103 2012-11-29 18:49:57 Microsoft-Windows-Eventlog 1100: Security Audit Success 12545 2012-11-29 18:49:57 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x187e0 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 12288 2012-11-29 18:50:36 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2012-11-29 18:50:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 18:50:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x28c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 18:50:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x28c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 18:50:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x28c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 18:50:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x28c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 18:50:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 18:50:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 18:50:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 18:50:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-29 18:50:36 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xbfff Security Audit Success 12290 2012-11-29 18:50:37 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2012-11-29 18:50:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x28c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 18:50:37 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-29 18:50:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a2e0 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 18:50:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a31b Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 18:50:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 18:50:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a2e0 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 18:50:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x28c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 18:50:38 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-29 18:50:40 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2012-11-29 18:50:42 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-29 18:50:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3e96a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 18:50:48 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x28c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 18:50:48 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 18:51:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x28c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 18:51:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 18:52:44 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x28c Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-29 18:52:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x130f79 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x28c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: USER-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 18:52:44 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x130f79 Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 18:52:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x28c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 18:52:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 18:53:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x130f79 Logon Type: 9 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x150d3b Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x12c Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: Source Network Address: ::1 Source Port: 0 Detailed Authentication Information: Logon Process: seclogo Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 18:53:04 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x150d3b Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12545 2012-11-29 18:53:06 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x150d3b Logon Type: 9 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2012-11-29 18:53:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x28c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 18:53:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x28c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 18:53:58 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 18:53:58 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-29 18:54:17 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x5ec Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x20401f Security Audit Success 13568 2012-11-29 18:54:17 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x5ec Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x20401f Security Audit Success 12545 2012-11-29 19:01:42 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a31b This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-29 19:01:45 Microsoft-Windows-Eventlog 1100: Security Audit Success 12288 2012-11-29 19:02:26 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2012-11-29 19:02:26 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 13568 2012-11-29 19:02:26 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa7e9 Security Audit Success 12290 2012-11-29 19:02:34 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2012-11-29 19:02:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 19:02:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 19:02:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 19:02:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 19:02:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 19:02:34 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-29 19:02:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x18d02 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 19:02:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x18d28 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 19:02:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 19:02:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 19:02:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 19:02:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 19:02:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 19:02:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x18d02 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-29 19:02:35 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2012-11-29 19:02:35 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-29 19:02:35 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 19:02:35 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 19:02:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x279e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 19:02:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 19:02:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 19:02:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 19:02:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 19:04:37 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-29 19:04:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x11e049 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: USER-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 19:04:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x11e049 Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 19:04:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 19:04:38 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2012-11-29 19:06:49 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x18d28 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-29 19:06:50 Microsoft-Windows-Eventlog 1100: Security Audit Success 12288 2012-11-29 19:29:37 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2012-11-29 19:29:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 19:29:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 19:29:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 19:29:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 19:29:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 19:29:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 19:29:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 19:29:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 19:29:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 19:29:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 19:29:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-29 19:29:37 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xabd4 Security Audit Success 12290 2012-11-29 19:29:38 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2012-11-29 19:29:41 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3fc Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-29 19:29:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x17b0d Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3fc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 19:29:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x17b33 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3fc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 19:29:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 19:29:41 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x17b0d Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 19:29:41 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-29 19:29:42 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2012-11-29 19:29:42 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-29 19:29:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x24c63 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 19:29:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 19:29:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 19:31:43 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-29 19:31:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0xede81 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: USER-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 19:31:43 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0xede81 Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 19:31:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 19:31:44 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 20:05:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 20:05:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 20:05:51 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 20:05:51 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 20:05:52 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 20:05:52 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-29 20:06:12 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xbec Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x24ab68 Security Audit Success 13568 2012-11-29 20:06:12 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xbec Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x24ab68 Security Audit Success 13568 2012-11-29 20:07:09 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xbec Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x27d446 Security Audit Success 13568 2012-11-29 20:07:09 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xbec Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x27d446 Security Audit Success 12545 2012-11-29 20:08:48 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x17b33 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-29 20:08:50 Microsoft-Windows-Eventlog 1100: Security Audit Success 12288 2012-11-29 20:09:29 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2012-11-29 20:09:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 13568 2012-11-29 20:09:29 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa1c6 Security Audit Success 12544 2012-11-29 20:09:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 20:09:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2012-11-29 20:09:37 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2012-11-29 20:09:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 20:09:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 20:09:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 20:09:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 20:09:37 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-29 20:09:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x198ae Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 20:09:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x198d4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 20:09:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 20:09:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 20:09:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 20:09:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 20:09:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x198ae Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-29 20:09:38 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2012-11-29 20:09:38 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-29 20:09:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 20:09:38 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 20:09:39 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x24954 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 20:09:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 20:09:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 20:11:42 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-29 20:11:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x112627 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: USER-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 20:11:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x112627 Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 20:11:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 20:11:44 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 20:13:15 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 20:13:15 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 20:13:27 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 20:13:27 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 20:13:27 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 20:13:27 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-29 20:13:50 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1234 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x1a620a Security Audit Success 13568 2012-11-29 20:13:50 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1234 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x1a620a Security Audit Success 12544 2012-11-29 20:33:47 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 20:33:47 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 20:33:54 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 20:33:54 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 20:33:54 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 20:33:54 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-29 20:34:09 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xf0c Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x29279b Security Audit Success 13568 2012-11-29 20:34:09 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xf0c Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x29279b Security Audit Success 12544 2012-11-29 20:43:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 20:43:44 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2012-11-29 20:45:15 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x198d4 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-29 20:45:17 Microsoft-Windows-Eventlog 1100: Security Audit Success 12288 2012-11-29 20:45:57 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2012-11-29 20:45:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 13568 2012-11-29 20:45:57 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xae5f Security Audit Success 12290 2012-11-29 20:46:03 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2012-11-29 20:46:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x25c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 20:46:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x25c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 20:46:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x25c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 20:46:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x25c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 20:46:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x25c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 20:46:03 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-29 20:46:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a06f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 20:46:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a095 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 20:46:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 20:46:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 20:46:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 20:46:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 20:46:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 20:46:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a06f Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-29 20:46:06 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2012-11-29 20:46:06 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-29 20:46:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x25c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 20:46:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x34916 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 20:46:06 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 20:46:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x25c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 20:46:12 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 20:48:07 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x25c Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-29 20:48:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0xffc37 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x25c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: USER-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 20:48:07 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0xffc37 Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 20:48:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x25c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 20:48:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 20:50:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x25c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 20:50:41 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 21:05:48 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x25c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 21:05:48 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x25c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 21:05:48 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 21:05:48 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-29 21:06:18 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x4ec Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x29cf97 Security Audit Success 13568 2012-11-29 21:06:18 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x4ec Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x29cf97 Security Audit Success 12544 2012-11-29 21:07:32 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x25c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 21:07:32 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-29 21:07:52 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x4ec Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x2cf2be Security Audit Success 13568 2012-11-29 21:07:52 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x4ec Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x2cf2be Security Audit Success 12545 2012-11-29 21:20:27 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a095 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-29 21:20:28 Microsoft-Windows-Eventlog 1100: Security Audit Success 12288 2012-11-29 21:21:08 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2012-11-29 21:21:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 13568 2012-11-29 21:21:08 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa545 Security Audit Success 12290 2012-11-29 21:21:10 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2012-11-29 21:21:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 21:21:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 21:21:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 21:21:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 21:21:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 21:21:10 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-29 21:21:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x17f99 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 21:21:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x17fd0 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 21:21:10 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 21:21:10 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 21:21:10 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 21:21:10 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 21:21:10 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 21:21:10 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x17f99 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-29 21:21:11 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2012-11-29 21:21:11 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-29 21:21:11 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 21:21:11 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 21:21:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x29787 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 21:21:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 21:21:24 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 21:21:31 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 21:21:31 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 21:23:17 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-29 21:23:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x1142d4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: USER-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 21:23:17 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x1142d4 Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 21:23:19 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 21:23:19 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 21:23:40 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 21:23:40 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 21:23:47 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 21:23:47 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 21:23:48 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 21:23:48 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-29 21:24:13 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1368 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x194031 Security Audit Success 13568 2012-11-29 21:24:13 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1368 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x194031 Security Audit Success 13568 2012-11-29 21:27:05 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1368 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x58a2ca Security Audit Success 13568 2012-11-29 21:27:05 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1368 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x58a2ca Security Audit Success 12544 2012-11-29 21:28:13 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 21:28:13 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2012-11-29 21:33:37 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x17fd0 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-29 21:33:39 Microsoft-Windows-Eventlog 1100: Security Audit Success 12288 2012-11-29 21:34:20 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2012-11-29 21:34:20 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 13568 2012-11-29 21:34:20 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa6d5 Security Audit Success 12290 2012-11-29 21:34:21 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2012-11-29 21:34:21 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 21:34:21 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 21:34:21 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 21:34:21 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 21:34:21 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 21:34:21 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 21:34:21 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 21:34:21 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 21:34:21 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 21:34:21 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 21:34:22 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-29 21:34:22 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x186fb Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 21:34:22 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x18721 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 21:34:22 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x186fb Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-29 21:34:23 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2012-11-29 21:34:23 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-29 21:34:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 21:34:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 21:34:28 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x289cb Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 21:34:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 21:34:38 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 21:36:28 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-29 21:36:28 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x11ba6a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: USER-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 21:36:28 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x11ba6a Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 21:36:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 21:36:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2012-11-29 21:37:25 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x18721 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-29 21:37:28 Microsoft-Windows-Eventlog 1100: Security Audit Success 12288 2012-11-29 22:02:00 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2012-11-29 22:02:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 22:02:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 22:02:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 22:02:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 22:02:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 22:02:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:02:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 22:02:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 22:02:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 22:02:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 22:02:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-29 22:02:00 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xac34 Security Audit Success 12290 2012-11-29 22:02:01 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2012-11-29 22:02:01 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x7c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-29 22:02:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x17ea0 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x7c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 22:02:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x17ec6 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x7c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:02:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x17ea0 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-29 22:02:02 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2012-11-29 22:02:02 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-29 22:02:02 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:02:02 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 22:02:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2ae92 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 22:02:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:02:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 22:04:13 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-29 22:04:13 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x1057cb Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: USER-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:04:13 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x1057cb Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 22:04:14 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:04:14 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 22:05:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:05:44 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 22:07:32 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 22:07:32 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:07:32 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 22:07:32 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-29 22:07:49 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x660 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x19ea4e Security Audit Success 13568 2012-11-29 22:07:49 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x660 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x19ea4e Security Audit Success 12544 2012-11-29 22:11:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:11:44 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 22:14:18 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:14:18 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 22:14:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:14:41 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 22:18:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:18:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 22:19:53 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:19:53 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 22:22:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:22:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 22:24:05 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:24:05 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 22:26:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:26:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 22:39:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:39:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 22:39:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 22:39:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:39:07 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 22:39:07 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-29 22:39:21 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x4c4fcb Security Audit Success 13568 2012-11-29 22:39:21 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x4c4fcb Security Audit Success 12545 2012-11-29 22:42:30 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x17ec6 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-29 22:42:32 Microsoft-Windows-Eventlog 1100: Security Audit Success 12288 2012-11-29 22:43:19 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2012-11-29 22:43:19 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 13568 2012-11-29 22:43:19 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa2c4 Security Audit Success 12544 2012-11-29 22:43:32 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 22:43:32 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:43:32 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 22:43:32 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12290 2012-11-29 22:43:33 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2012-11-29 22:43:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 22:43:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 22:43:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:43:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 22:43:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 22:43:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-29 22:43:34 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2012-11-29 22:43:34 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-29 22:43:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 22:43:34 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-29 22:43:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a5bd Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 22:43:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a5fe Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2cc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:43:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 22:43:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a5bd Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 22:43:35 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x264d2 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 22:43:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:43:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 22:45:35 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-29 22:45:35 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0xe2d51 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: USER-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:45:35 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0xe2d51 Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 22:45:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:45:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 22:56:47 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 22:56:47 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:56:47 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 22:56:47 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2012-11-29 22:58:30 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a5fe This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-29 22:58:33 Microsoft-Windows-Eventlog 1100: Security Audit Success 12288 2012-11-29 22:59:11 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2012-11-29 22:59:11 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 22:59:11 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 22:59:11 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 22:59:11 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 22:59:11 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 22:59:11 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:59:11 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 22:59:11 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 22:59:11 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 22:59:11 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 22:59:11 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-29 22:59:11 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xb5a2 Security Audit Success 12290 2012-11-29 22:59:13 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2012-11-29 22:59:14 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 22:59:14 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3e8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-29 22:59:14 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1ab40 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3e8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 22:59:14 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1ab66 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3e8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:59:14 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 22:59:14 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1ab40 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-29 22:59:19 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2012-11-29 22:59:22 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-29 22:59:26 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2b395 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 22:59:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:59:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 22:59:52 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 22:59:52 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 23:01:27 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-29 23:01:27 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x11bebf Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: USER-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 23:01:27 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x11bebf Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 23:01:28 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 23:01:28 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 23:27:14 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3e8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-29 23:27:14 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 7 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x190b2a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3e8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 23:27:14 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 7 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x190b38 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3e8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2012-11-29 23:27:14 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x190b38 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2012-11-29 23:27:14 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x190b2a Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12548 2012-11-29 23:27:14 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x190b2a Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2012-11-29 23:28:27 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1ab66 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-29 23:28:29 Microsoft-Windows-Eventlog 1100: Security Audit Success 12288 2012-11-29 23:30:59 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12290 2012-11-29 23:30:59 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2012-11-29 23:30:59 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 23:30:59 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x240 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 23:30:59 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x240 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 23:30:59 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x240 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 23:30:59 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x240 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 23:30:59 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x240 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 23:30:59 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 23:30:59 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 23:30:59 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 23:30:59 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 23:30:59 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-29 23:30:59 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xcb7d Security Audit Success 12292 2012-11-29 23:31:00 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2012-11-29 23:31:00 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-29 23:31:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x240 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 23:31:00 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3e4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-29 23:31:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1c8ce Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3e4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 23:31:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1c925 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3e4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 23:31:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-29 23:31:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1c8ce Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-29 23:31:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2bdbc Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-29 23:31:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x240 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-29 23:31:07 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2012-11-29 23:31:40 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1c925 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-29 23:31:42 Microsoft-Windows-Eventlog 1100: Security Audit Success 12288 2012-11-30 09:07:25 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12290 2012-11-30 09:07:25 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2012-11-30 09:07:25 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:07:25 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:07:25 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:07:25 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:07:25 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:07:25 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:07:25 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 09:07:25 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 09:07:25 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 09:07:25 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 09:07:25 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-30 09:07:25 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xaca1 Security Audit Success 12292 2012-11-30 09:07:26 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2012-11-30 09:07:26 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-30 09:07:26 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:07:26 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x80 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-30 09:07:26 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x18faa Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x80 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:07:26 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x18ff1 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x80 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:07:26 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 09:07:26 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x18faa Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 09:07:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2a86e Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:07:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:07:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 09:09:34 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-30 09:09:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0xf5e01 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: USER-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:09:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0xf5e01 Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 09:09:35 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:09:35 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 09:18:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:18:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 09:18:40 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:18:40 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2012-11-30 09:21:42 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x18ff1 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-30 09:21:45 Microsoft-Windows-Eventlog 1100: Security Audit Success 12288 2012-11-30 09:22:23 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2012-11-30 09:22:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 13568 2012-11-30 09:22:23 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa2e1 Security Audit Success 12544 2012-11-30 09:22:32 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:22:32 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2012-11-30 09:22:33 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2012-11-30 09:22:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:22:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:22:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:22:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:22:33 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-30 09:22:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a46a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:22:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a4aa Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:22:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 09:22:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 09:22:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 09:22:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 09:22:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a46a Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-30 09:22:34 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2012-11-30 09:22:34 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-30 09:22:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:22:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 09:22:35 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x27951 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:22:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:22:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 09:24:35 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-30 09:24:35 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0xf6797 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: USER-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:24:35 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0xf6797 Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 09:24:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:24:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12288 2012-11-30 09:40:49 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2012-11-30 09:40:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:40:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:40:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-30 09:40:49 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa883 Security Audit Success 101 2012-11-30 09:40:50 Microsoft-Windows-Eventlog 1101: Security Audit Success 12544 2012-11-30 09:40:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:40:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:40:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:40:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:40:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 09:40:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 09:40:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 09:40:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2012-11-30 09:40:51 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12292 2012-11-30 09:40:52 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12544 2012-11-30 09:40:52 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:40:52 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x1f0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-30 09:40:52 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x19264 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:40:52 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x192bd Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:40:52 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 09:40:52 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x19264 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-30 09:40:53 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-30 09:40:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x240c4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:41:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:41:08 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 09:41:15 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:41:15 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2012-11-30 09:42:07 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x192bd This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-30 09:42:10 Microsoft-Windows-Eventlog 1100: Security Audit Success 12288 2012-11-30 09:43:51 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2012-11-30 09:43:51 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:43:51 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:43:51 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:43:51 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:43:51 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:43:51 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:43:51 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 09:43:51 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 09:43:51 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 09:43:51 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 09:43:51 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-30 09:43:51 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xac43 Security Audit Success 12290 2012-11-30 09:43:52 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2012-11-30 09:43:52 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3dc Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-30 09:43:52 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x186e2 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3dc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:43:52 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1870a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3dc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:43:52 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x186e2 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-30 09:43:53 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2012-11-30 09:43:53 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-30 09:43:53 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:43:53 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 09:43:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2a532 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 09:44:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:44:08 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 09:44:11 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:44:11 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 09:45:56 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-30 09:45:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0xfa854 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: USER-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:45:56 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0xfa854 Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 09:45:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:45:58 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 09:51:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 09:51:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2012-11-30 10:01:08 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1870a This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-30 10:01:10 Microsoft-Windows-Eventlog 1100: Security Audit Success 12288 2012-11-30 10:01:49 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2012-11-30 10:01:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 10:01:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 10:01:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 10:01:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 10:01:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 10:01:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 10:01:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 10:01:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 10:01:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 10:01:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 10:01:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-30 10:01:49 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xab7e Security Audit Success 12290 2012-11-30 10:01:50 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12292 2012-11-30 10:01:50 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12544 2012-11-30 10:01:50 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3c8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-30 10:01:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x18c0d Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3c8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 10:01:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x18c6c Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3c8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 10:01:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 10:01:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x18c0d Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 10:01:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-30 10:01:51 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-30 10:01:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x269ef Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 10:02:02 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 10:02:02 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 10:03:57 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-30 10:03:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x10fa42 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: USER-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 10:03:57 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x10fa42 Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 10:04:14 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 10:04:14 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2012-11-30 10:04:49 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x18c6c This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-30 10:04:52 Microsoft-Windows-Eventlog 1100: Security Audit Success 12288 2012-11-30 10:32:17 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2012-11-30 10:32:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 10:32:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 10:32:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 10:32:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 10:32:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 10:32:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 10:32:17 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 10:32:17 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 10:32:17 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 10:32:17 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 10:32:17 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-30 10:32:17 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xab5b Security Audit Success 12290 2012-11-30 10:32:18 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2012-11-30 10:32:18 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3e0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-30 10:32:18 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x190bf Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3e0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 10:32:18 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1913d Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3e0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 10:32:18 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x190bf Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-30 10:32:19 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2012-11-30 10:32:19 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-30 10:32:19 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 10:32:19 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 10:32:26 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2b4cf Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 10:32:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 10:32:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 10:34:26 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-30 10:34:26 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x101c85 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: USER-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 10:34:26 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x101c85 Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 10:34:27 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 10:34:27 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 10:37:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 10:37:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 10:38:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 10:38:44 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 10:39:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 10:39:44 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2012-11-30 11:03:36 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1913d This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-30 11:03:39 Microsoft-Windows-Eventlog 1100: Security Audit Success 12288 2012-11-30 11:04:22 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2012-11-30 11:04:22 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 13568 2012-11-30 11:04:22 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xabc9 Security Audit Success 12290 2012-11-30 11:04:29 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2012-11-30 11:04:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:04:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:04:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:04:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:04:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:04:29 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-30 11:04:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x19f04 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:04:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x19f6c Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:04:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 11:04:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 11:04:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 11:04:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 11:04:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 11:04:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x19f04 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-30 11:04:30 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2012-11-30 11:04:30 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-30 11:04:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:04:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 11:04:32 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x29740 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:04:48 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:04:48 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 11:06:32 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-30 11:06:32 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x12423a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: USER-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:06:32 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x12423a Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 11:06:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:06:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2012-11-30 11:07:06 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x19f6c This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-30 11:07:10 Microsoft-Windows-Eventlog 1100: Security Audit Success 12288 2012-11-30 11:34:24 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2012-11-30 11:34:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:34:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:34:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:34:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:34:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:34:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:34:24 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 11:34:24 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 11:34:24 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 11:34:24 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 11:34:24 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-30 11:34:24 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xad07 Security Audit Success 12290 2012-11-30 11:34:25 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12292 2012-11-30 11:34:29 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12544 2012-11-30 11:34:29 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3e0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-30 11:34:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1c9f4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3e0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:34:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1ca24 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3e0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:34:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:34:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1c9f4 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 11:34:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-30 11:34:30 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-30 11:34:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x4813c Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:34:40 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:34:40 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 11:34:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:34:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 11:36:36 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-30 11:36:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x12af14 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: USER-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:36:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x12af14 Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 11:36:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:36:38 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 11:38:28 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:38:28 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2012-11-30 11:46:26 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1ca24 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-30 11:46:28 Microsoft-Windows-Eventlog 1100: Security Audit Success 12288 2012-11-30 11:47:12 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2012-11-30 11:47:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:47:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:47:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:47:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:47:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:47:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:47:12 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 11:47:12 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 11:47:12 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 11:47:12 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 11:47:12 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-30 11:47:12 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xb124 Security Audit Success 12290 2012-11-30 11:47:13 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12292 2012-11-30 11:47:13 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12544 2012-11-30 11:47:13 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x340 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-30 11:47:13 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a0d1 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x340 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:47:13 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a0f7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x340 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:47:13 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:47:13 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a0d1 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 11:47:13 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-30 11:47:14 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-30 11:47:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5acd3 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:47:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:47:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 11:49:34 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-30 11:49:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x121188 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: USER-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:49:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x121188 Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 11:49:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:49:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2012-11-30 11:52:32 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a0f7 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-30 11:52:35 Microsoft-Windows-Eventlog 1100: Security Audit Success 12288 2012-11-30 11:53:15 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12290 2012-11-30 11:53:15 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2012-11-30 11:53:15 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:53:15 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:53:15 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:53:15 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:53:15 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:53:15 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:53:15 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 11:53:15 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 11:53:15 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 11:53:15 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 11:53:15 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-30 11:53:15 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xac19 Security Audit Success 12544 2012-11-30 11:53:16 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3dc Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-30 11:53:16 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a1dd Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3dc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:53:16 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a203 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3dc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:53:16 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a1dd Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-30 11:53:17 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12544 2012-11-30 11:53:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:53:17 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-30 11:53:18 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-30 11:53:39 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x35078 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 11:53:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:53:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 11:53:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:53:56 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 11:55:40 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-30 11:55:40 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0xeaf26 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: USER-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:55:40 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0xeaf26 Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 11:55:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:55:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 11:57:05 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 11:57:05 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2012-11-30 11:57:27 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a203 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-30 11:57:29 Microsoft-Windows-Eventlog 1100: Security Audit Success 12288 2012-11-30 12:24:45 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2012-11-30 12:24:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 12:24:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 12:24:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 12:24:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 12:24:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 12:24:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 12:24:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 12:24:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 12:24:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 12:24:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 12:24:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-30 12:24:45 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xabd5 Security Audit Success 12290 2012-11-30 12:24:46 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2012-11-30 12:24:46 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x344 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-30 12:24:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a0db Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x344 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 12:24:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a101 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x344 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 12:24:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a0db Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-30 12:24:47 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2012-11-30 12:24:47 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-30 12:24:47 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 12:24:47 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 12:24:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x47064 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 12:24:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 12:24:57 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 12:25:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 12:25:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2012-11-30 12:26:28 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1a101 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2012-11-30 12:26:31 Microsoft-Windows-Eventlog 1100: Security Audit Success 12288 2012-11-30 15:21:02 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2012-11-30 15:21:02 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 15:21:02 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 15:21:02 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 15:21:02 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 15:21:02 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 15:21:02 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 15:21:02 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 15:21:02 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 15:21:02 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 15:21:02 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2012-11-30 15:21:02 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2012-11-30 15:21:02 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xb71e Security Audit Success 12290 2012-11-30 15:21:03 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2012-11-30 15:21:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 15:21:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-30 15:21:04 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12544 2012-11-30 15:21:04 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-30 15:21:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1b2e9 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 15:21:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1b30f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: USER-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 15:21:04 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1000 Account Name: user Account Domain: user-PC Logon ID: 0x1b2e9 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2012-11-30 15:21:05 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2012-11-30 15:21:26 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x65c75 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2012-11-30 15:21:26 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 15:21:26 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 15:21:27 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 15:21:27 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 15:23:27 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: user-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2012-11-30 15:23:27 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x117ca0 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: USER-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 15:23:27 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2602235906-715977651-979350228-1001 Account Name: UpdatusUser Account Domain: user-PC Logon ID: 0x117ca0 Privileges: SeAssignPrimaryTokenPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeImpersonatePrivilege Security Audit Success 12544 2012-11-30 15:23:28 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: USER-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2012-11-30 15:23:28 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege System Error None 2012-11-25 14:30:45 DCOM System Warning None 2012-11-25 17:29:17 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Warning None 2012-11-25 17:30:05 k57nd60a 4: System Warning 256 2012-11-25 17:40:19 mfehidk System Warning None 2012-11-25 18:40:45 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Error None 2012-11-26 06:23:54 Service Control Manager 7032: System Warning None 2012-11-26 06:24:52 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Warning None 2012-11-26 06:25:34 k57nd60a 4: System Warning None 2012-11-28 21:33:52 k57nd60a 4: System Warning None 2012-11-28 21:34:05 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. System Warning None 2012-11-28 21:35:29 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Warning None 2012-11-29 18:21:18 k57nd60a 4: System Warning None 2012-11-29 18:21:31 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. System Warning 256 2012-11-29 18:29:39 mfehidk System Warning None 2012-11-29 18:42:51 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name wpad.lan timed out after none of the configured DNS servers responded. System Warning None 2012-11-29 18:43:07 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name wpad.lan timed out after none of the configured DNS servers responded. System Warning None 2012-11-29 18:43:31 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name wpad.lan timed out after none of the configured DNS servers responded. System Warning None 2012-11-29 18:49:58 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Warning None 2012-11-29 18:50:46 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. System Warning None 2012-11-29 19:01:45 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Warning None 2012-11-29 19:02:36 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. System Warning None 2012-11-29 19:06:51 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Warning None 2012-11-29 19:29:47 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. System Warning None 2012-11-29 20:08:50 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Warning None 2012-11-29 20:09:39 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. System Warning None 2012-11-29 20:45:17 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Warning None 2012-11-29 20:46:07 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. System Warning None 2012-11-29 21:20:29 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Warning None 2012-11-29 21:21:18 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. System Error None 2012-11-29 21:27:56 Service Control Manager 7030: System Error None 2012-11-29 21:27:57 Service Control Manager 7030: System Warning None 2012-11-29 21:33:39 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Warning None 2012-11-29 21:34:30 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. System Warning None 2012-11-29 21:37:28 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Warning None 2012-11-29 22:02:10 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. System Warning None 2012-11-29 22:05:03 k57nd60a 4: System Warning None 2012-11-29 22:12:23 k57nd60a 4: System Warning None 2012-11-29 22:42:33 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Warning None 2012-11-29 22:43:12 k57nd60a 4: System Warning None 2012-11-29 22:43:29 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. System Warning None 2012-11-29 22:58:33 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Warning None 2012-11-29 22:59:21 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. System Warning None 2012-11-29 23:28:29 k57nd60a 4: System Warning None 2012-11-29 23:28:30 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Error 2 2012-11-29 23:30:27 Ntfs 55: System Warning None 2012-11-29 23:30:41 k57nd60a 4: System Warning None 2012-11-29 23:31:09 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. System Error None 2012-11-29 23:31:41 Service Control Manager 7024: System Warning None 2012-11-29 23:31:42 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Warning None 2012-11-30 09:07:35 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. System Warning None 2012-11-30 09:21:45 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Warning None 2012-11-30 09:22:33 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. System Error None 2012-11-30 09:40:50 EventLog 6008: The previous system shutdown at 9:33:13 AM on ?30/?11/?2012 was unexpected. System Warning None 2012-11-30 09:40:59 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. System Warning None 2012-11-30 09:42:10 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Warning None 2012-11-30 09:44:01 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. System Warning None 2012-11-30 10:01:10 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Warning None 2012-11-30 10:01:59 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. System Warning None 2012-11-30 10:04:53 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Warning None 2012-11-30 10:32:27 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. System Warning None 2012-11-30 11:03:40 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Warning None 2012-11-30 11:04:32 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. System Warning None 2012-11-30 11:07:10 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Warning None 2012-11-30 11:34:34 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. System Warning None 2012-11-30 11:36:15 k57nd60a 4: System Warning None 2012-11-30 11:46:29 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Warning None 2012-11-30 11:47:05 k57nd60a 4: System Warning None 2012-11-30 11:47:22 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. System Warning None 2012-11-30 11:52:35 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Warning None 2012-11-30 11:53:25 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. System Warning None 2012-11-30 11:57:30 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Warning None 2012-11-30 12:24:55 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. System Warning None 2012-11-30 12:26:31 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: System Warning None 2012-11-30 15:21:12 SYSTEM Microsoft-Windows-Wininit 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. --------[ Database Software ]------------------------------------------------------------------------------------------- Database Drivers: Borland Database Engine - Borland InterBase Client - Easysoft ODBC-InterBase 6 - Easysoft ODBC-InterBase 7 - Firebird Client - Jet Engine 4.00.9756.0 MDAC 6.1.7601.17514 (win7sp1_rtm.101119-1850) ODBC 6.1.7601.17514 (win7sp1_rtm.101119-1850) MySQL Connector/ODBC - Oracle Client - PsqlODBC - Sybase ASE ODBC - Database Servers: Borland InterBase Server - Firebird Server - Microsoft SQL Server - Microsoft SQL Server Compact Edition 3.00.5300.0 Microsoft SQL Server Express Edition - MySQL Server - Oracle Server - PostgreSQL Server - Sybase SQL Server - --------[ ODBC Drivers ]------------------------------------------------------------------------------------------------ Driver da Microsoft para arquivos texto (*.txt; *.csv) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.,*.asc,*.csv,*.tab,*.txt,*.csv Driver do Microsoft Access (*.mdb) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.mdb Driver do Microsoft dBase (*.dbf) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.dbf,*.ndx,*.mdx Driver do Microsoft Excel(*.xls) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.xls Driver do Microsoft Paradox (*.db ) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.db Driver para o Microsoft Visual FoxPro vfpodbc.dll 1.0.2.0 *.dbf,*.cdx,*.idx,*.fpt Microsoft Access dBASE Driver (*.dbf, *.ndx, *.mdx) aceodbc.dll 12.0.6423.1000 *.dbf, *.ndx, *.mdx Microsoft Access Driver (*.mdb) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.mdb Microsoft Access Driver (*.mdb, *.accdb) aceodbc.dll 12.0.6423.1000 *.mdb,*.accdb Microsoft Access Paradox Driver (*.db) aceodbc.dll 12.0.6423.1000 *.mdb,*.accdb Microsoft Access Text Driver (*.txt, *.csv) aceodbc.dll 12.0.6423.1000 *.txt, *.csv Microsoft Access-Treiber (*.mdb) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.mdb Microsoft dBase Driver (*.dbf) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.dbf,*.ndx,*.mdx Microsoft dBase VFP Driver (*.dbf) vfpodbc.dll 1.0.2.0 *.dbf,*.cdx,*.idx,*.fpt Microsoft dBase-Treiber (*.dbf) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.dbf,*.ndx,*.mdx Microsoft Excel Driver (*.xls) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.xls Microsoft Excel Driver (*.xls, *.xlsx, *.xlsm, *.xlsb) aceodbc.dll 12.0.6423.1000 *.xls,*.xlsx, *.xlsb Microsoft Excel-Treiber (*.xls) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.xls Microsoft FoxPro VFP Driver (*.dbf) vfpodbc.dll 1.0.2.0 *.dbf,*.cdx,*.idx,*.fpt Microsoft ODBC for Oracle msorcl32.dll 6.1.7601.17514 (win7sp1_rtm.101119-1850) Microsoft Paradox Driver (*.db ) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.db Microsoft Paradox-Treiber (*.db ) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.db Microsoft Text Driver (*.txt; *.csv) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.,*.asc,*.csv,*.tab,*.txt,*.csv Microsoft Text-Treiber (*.txt; *.csv) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.,*.asc,*.csv,*.tab,*.txt,*.csv Microsoft Visual FoxPro Driver vfpodbc.dll 1.0.2.0 *.dbf,*.cdx,*.idx,*.fpt Microsoft Visual FoxPro-Treiber vfpodbc.dll 1.0.2.0 *.dbf,*.cdx,*.idx,*.fpt SQL Server sqlsrv32.dll 6.1.7601.17514 (win7sp1_rtm.101119-1850) SQL Server sqlsrv32.dll 6.1.7601.17514 (win7sp1_rtm.101119-1850) --------[ ODBC Data Sources ]------------------------------------------------------------------------------------------- dBASE Files Microsoft Access dBASE Driver (*.dbf, *.ndx, *.mdx) User aceodbc.dll Excel Files Microsoft Excel Driver (*.xls, *.xlsx, *.xlsm, *.xlsb) User aceodbc.dll MS Access Database Microsoft Access Driver (*.mdb, *.accdb) User aceodbc.dll --------[ Memory Read ]------------------------------------------------------------------------------------------------- Core i7-3960X Extreme 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 16788 MB/s Core i7-2600 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 16252 MB/s Core i5-2450M 2900 MHz Acer Aspire 4752 HM65 Int. Dual DDR3-1333 9-9-9-24 CR1 15523 MB/s FX-6100 3300 MHz Asus Sabertooth 990FX AMD990FX Dual DDR3-1866 9-9-9-24 CR1 14202 MB/s Core i7-990X Extreme 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 14174 MB/s Core i7-965 Extreme 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 13899 MB/s Xeon X5550 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 12400 MB/s Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 11481 MB/s Core i5-650 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 9117 MB/s Sempron 140 2700 MHz Asus Sabertooth 990FX AMD990FX Unganged Dual DDR3-1333 9-9-9-24 CR1 9084 MB/s Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 8862 MB/s Pentium EE 955 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 7990 MB/s A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 7980 MB/s Phenom II X6 1055T 2800 MHz Gigabyte GA-790FXTA-UD5 AMD790FX Unganged Dual DDR3-1333 9-9-9-24 CR1 7891 MB/s P4EE 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 7870 MB/s Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 7437 MB/s Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 7134 MB/s Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 7002 MB/s Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 6686 MB/s Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 6347 MB/s Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 6181 MB/s Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 5934 MB/s Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 5646 MB/s Celeron 420 1600 MHz Intel DQ965CO Q965 Int. Dual DDR2-667 5-5-5-15 5375 MB/s Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 5276 MB/s Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 5141 MB/s Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 4920 MB/s Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 4852 MB/s Xeon 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 4569 MB/s Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 4353 MB/s Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 4158 MB/s Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 3966 MB/s Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 3909 MB/s E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 3887 MB/s Atom 230 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 3547 MB/s Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 3515 MB/s Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 3352 MB/s Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 3238 MB/s Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 3140 MB/s Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 2894 MB/s Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 2826 MB/s --------[ Memory Write ]------------------------------------------------------------------------------------------------ Core i7-2600 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 18438 MB/s Core i7-3960X Extreme 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 15095 MB/s Core i5-2450M 3100 MHz Acer Aspire 4752 HM65 Int. Dual DDR3-1333 9-9-9-24 CR1 15013 MB/s Core i7-990X Extreme 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 12544 MB/s Core i7-965 Extreme 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 12064 MB/s FX-6100 3300 MHz Asus Sabertooth 990FX AMD990FX Dual DDR3-1866 9-9-9-24 CR1 9928 MB/s Core i5-650 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 9555 MB/s Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 9417 MB/s Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 8836 MB/s Sempron 140 2700 MHz Asus Sabertooth 990FX AMD990FX Unganged Dual DDR3-1333 9-9-9-24 CR1 7506 MB/s Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 7052 MB/s Phenom II X6 1055T 2800 MHz Gigabyte GA-790FXTA-UD5 AMD790FX Unganged Dual DDR3-1333 9-9-9-24 CR1 6895 MB/s Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 6711 MB/s A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 6387 MB/s Xeon X5550 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 6341 MB/s Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 5828 MB/s Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 5711 MB/s Pentium EE 955 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 5608 MB/s P4EE 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 5592 MB/s Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 5362 MB/s Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 4853 MB/s Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 4838 MB/s Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 4685 MB/s Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 4452 MB/s Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 4232 MB/s Xeon 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 4177 MB/s Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 4106 MB/s Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 3800 MB/s Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 3785 MB/s Celeron 420 1600 MHz Intel DQ965CO Q965 Int. Dual DDR2-667 5-5-5-15 3629 MB/s Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 3581 MB/s Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 3259 MB/s Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 3157 MB/s Atom 230 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 2816 MB/s Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 2770 MB/s Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 2491 MB/s Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 2443 MB/s Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 2342 MB/s Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 2322 MB/s Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 2038 MB/s E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 1661 MB/s --------[ Memory Copy ]------------------------------------------------------------------------------------------------- FX-6100 3300 MHz Asus Sabertooth 990FX AMD990FX Dual DDR3-1866 9-9-9-24 CR1 17951 MB/s Core i7-2600 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 16382 MB/s Core i7-3960X Extreme 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 15998 MB/s Core i5-2450M 2900 MHz Acer Aspire 4752 HM65 Int. Dual DDR3-1333 9-9-9-24 CR1 15625 MB/s Core i7-965 Extreme 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 14937 MB/s Core i7-990X Extreme 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 12610 MB/s Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 11211 MB/s Phenom II X6 1055T 2800 MHz Gigabyte GA-790FXTA-UD5 AMD790FX Unganged Dual DDR3-1333 9-9-9-24 CR1 10807 MB/s A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 10641 MB/s Sempron 140 2700 MHz Asus Sabertooth 990FX AMD990FX Unganged Dual DDR3-1333 9-9-9-24 CR1 10557 MB/s Core i5-650 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 9534 MB/s Xeon X5550 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 9391 MB/s Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 8321 MB/s Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 7094 MB/s Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 6770 MB/s Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 6663 MB/s Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 6458 MB/s Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 6200 MB/s Pentium EE 955 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 6040 MB/s P4EE 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 5951 MB/s Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 5426 MB/s Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 5421 MB/s Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 4988 MB/s Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 4764 MB/s Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 4615 MB/s Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 4585 MB/s Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 4283 MB/s Celeron 420 1600 MHz Intel DQ965CO Q965 Int. Dual DDR2-667 5-5-5-15 4223 MB/s Xeon 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 4052 MB/s Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 3890 MB/s Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 3668 MB/s Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 3268 MB/s Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 3146 MB/s Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 3080 MB/s Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 2966 MB/s Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 2891 MB/s Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 2759 MB/s Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 2582 MB/s Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 2518 MB/s E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 2488 MB/s Atom 230 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 2375 MB/s --------[ Memory Latency ]---------------------------------------------------------------------------------------------- Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 47.5 ns FX-6100 3300 MHz Asus Sabertooth 990FX AMD990FX Dual DDR3-1866 9-9-9-24 CR1 50.6 ns Core i7-2600 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 53.8 ns Sempron 140 2700 MHz Asus Sabertooth 990FX AMD990FX Unganged Dual DDR3-1333 9-9-9-24 CR1 54.5 ns Core i7-3960X Extreme 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 54.9 ns Core i5-2450M 2900 MHz Acer Aspire 4752 HM65 Int. Dual DDR3-1333 9-9-9-24 CR1 55.4 ns Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 55.7 ns Phenom II X6 1055T 2800 MHz Gigabyte GA-790FXTA-UD5 AMD790FX Unganged Dual DDR3-1333 9-9-9-24 CR1 55.8 ns Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 57.6 ns Core i7-965 Extreme 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 59.9 ns Core i7-990X Extreme 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 60.6 ns Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 60.7 ns Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 62.0 ns A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 62.6 ns Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 62.8 ns Xeon X5550 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 68.4 ns Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 68.6 ns Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 71.9 ns Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 74.9 ns Pentium EE 955 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 80.7 ns Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 81.4 ns Core i5-650 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 82.4 ns Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 82.6 ns Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 84.1 ns E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 86.3 ns P4EE 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 86.4 ns Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 87.6 ns Celeron 420 1600 MHz Intel DQ965CO Q965 Int. Dual DDR2-667 5-5-5-15 88.1 ns Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 89.1 ns Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 97.9 ns Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 102.0 ns Atom 230 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 103.2 ns Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 110.1 ns Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 110.9 ns Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 111.3 ns Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 117.3 ns Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 127.0 ns Xeon 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 146.2 ns Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 149.1 ns Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 156.7 ns Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 226.4 ns --------[ CPU Queen ]--------------------------------------------------------------------------------------------------- 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 62174 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 56780 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 53499 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 43971 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 42524 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 41694 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 37793 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 30782 6x Phenom II X6 1055T 2800 MHz Gigabyte GA-790FXTA-UD5 AMD790FX Unganged Dual DDR3-1333 9-9-9-24 CR1 27770 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 26972 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 25500 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 22158 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 21994 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 21978 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 21891 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 21441 6x FX-6100 3300 MHz Asus Sabertooth 990FX AMD990FX Dual DDR3-1866 9-9-9-24 CR1 21414 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 21223 2x Core i5-2450M HT 2900 MHz Acer Aspire 4752 HM65 Int. Dual DDR3-1333 9-9-9-24 CR1 20286 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 19169 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 16092 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 12581 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 12129 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 11234 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 9597 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 7451 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 7301 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 7273 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 5903 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 5169 Sempron 140 2700 MHz Asus Sabertooth 990FX AMD990FX Unganged Dual DDR3-1333 9-9-9-24 CR1 4981 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 4877 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 4084 P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 4023 Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 3852 Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 3790 Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 3513 Celeron 420 1600 MHz Intel DQ965CO Q965 Int. Dual DDR2-667 5-5-5-15 3298 Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 2812 Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 2580 Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 1836 --------[ CPU PhotoWorxx ]---------------------------------------------------------------------------------------------- 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 94910 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 60355 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 48755 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 47638 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 47066 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 46595 6x FX-6100 3300 MHz Asus Sabertooth 990FX AMD990FX Dual DDR3-1866 9-9-9-24 CR1 40418 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 34806 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 31119 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 27165 6x Phenom II X6 1055T 2800 MHz Gigabyte GA-790FXTA-UD5 AMD790FX Unganged Dual DDR3-1333 9-9-9-24 CR1 24462 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 22012 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 20352 2x Core i5-2450M HT 2900 MHz Acer Aspire 4752 HM65 Int. Dual DDR3-1333 9-9-9-24 CR1 20197 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 19947 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 19207 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 14576 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 12294 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 9478 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 9335 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 8641 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 8395 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 8384 Sempron 140 2700 MHz Asus Sabertooth 990FX AMD990FX Unganged Dual DDR3-1333 9-9-9-24 CR1 7609 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 7353 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 6975 P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 5530 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 5388 Celeron 420 1600 MHz Intel DQ965CO Q965 Int. Dual DDR2-667 5-5-5-15 5086 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 4976 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 4912 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 4817 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 4430 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 4375 Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 4249 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 3841 Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 3767 Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 3212 Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 2514 Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 2493 Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 2346 --------[ CPU ZLib ]---------------------------------------------------------------------------------------------------- 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 418.4 MB/s 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 348.9 MB/s 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 343.9 MB/s 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 340.9 MB/s 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 275.9 MB/s 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 269.0 MB/s 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 232.8 MB/s 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 214.2 MB/s 6x Phenom II X6 1055T 2800 MHz Gigabyte GA-790FXTA-UD5 AMD790FX Unganged Dual DDR3-1333 9-9-9-24 CR1 208.2 MB/s 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 180.5 MB/s 6x FX-6100 3300 MHz Asus Sabertooth 990FX AMD990FX Dual DDR3-1866 9-9-9-24 CR1 176.3 MB/s 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 166.3 MB/s 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 147.6 MB/s 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 146.0 MB/s 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 145.3 MB/s 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 129.8 MB/s 2x Core i5-2450M HT 2900 MHz Acer Aspire 4752 HM65 Int. Dual DDR3-1333 9-9-9-24 CR1 116.9 MB/s 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 112.2 MB/s 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 107.3 MB/s 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 103.5 MB/s 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 101.1 MB/s 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 79.1 MB/s 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 71.5 MB/s 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 70.3 MB/s 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 56.8 MB/s 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 54.9 MB/s 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 54.8 MB/s 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 45.1 MB/s 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 39.5 MB/s Sempron 140 2700 MHz Asus Sabertooth 990FX AMD990FX Unganged Dual DDR3-1333 9-9-9-24 CR1 33.2 MB/s 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 31.0 MB/s P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 30.8 MB/s 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 30.0 MB/s 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 29.4 MB/s Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 23.2 MB/s Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 21.9 MB/s Celeron 420 1600 MHz Intel DQ965CO Q965 Int. Dual DDR2-667 5-5-5-15 19.4 MB/s Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 17.7 MB/s Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 16.5 MB/s Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 15.6 MB/s Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 14.7 MB/s --------[ CPU AES ]----------------------------------------------------------------------------------------------------- 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 699740 6x FX-6100 3300 MHz Asus Sabertooth 990FX AMD990FX Dual DDR3-1866 9-9-9-24 CR1 356995 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 352227 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 325450 2x Core i5-2450M HT 3100 MHz Acer Aspire 4752 HM65 Int. Dual DDR3-1333 9-9-9-24 CR1 306616 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 207915 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 78761 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 65697 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 61006 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 53016 6x Phenom II X6 1055T 2800 MHz Gigabyte GA-790FXTA-UD5 AMD790FX Unganged Dual DDR3-1333 9-9-9-24 CR1 46894 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 41013 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 40639 Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 40002 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 35903 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 32973 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 32934 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 32609 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 29287 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 27679 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 25455 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 23408 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 18744 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 16738 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 16170 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 12357 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 10926 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 10810 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 10643 Sempron 140 2700 MHz Asus Sabertooth 990FX AMD990FX Unganged Dual DDR3-1333 9-9-9-24 CR1 7552 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 7445 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 7123 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 6526 P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 5848 Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 5659 Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 5241 Celeron 420 1600 MHz Intel DQ965CO Q965 Int. Dual DDR2-667 5-5-5-15 4397 Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 4193 Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 3355 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 2824 Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 1973 --------[ CPU Hash ]---------------------------------------------------------------------------------------------------- 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 4784 MB/s 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 3925 MB/s 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 3609 MB/s 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 3188 MB/s 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 3132 MB/s 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 3095 MB/s 6x Phenom II X6 1055T 2800 MHz Gigabyte GA-790FXTA-UD5 AMD790FX Unganged Dual DDR3-1333 9-9-9-24 CR1 2806 MB/s 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 2553 MB/s 6x FX-6100 3300 MHz Asus Sabertooth 990FX AMD990FX Dual DDR3-1866 9-9-9-24 CR1 2469 MB/s 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 2347 MB/s 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 2242 MB/s 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 1989 MB/s 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 1942 MB/s 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 1941 MB/s 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 1914 MB/s 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 1681 MB/s 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 1656 MB/s 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 1465 MB/s 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 1441 MB/s 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 1101 MB/s 2x Core i5-2450M HT 3100 MHz Acer Aspire 4752 HM65 Int. Dual DDR3-1333 9-9-9-24 CR1 1055 MB/s 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 980 MB/s 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 968 MB/s 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 925 MB/s 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 828 MB/s 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 808 MB/s 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 728 MB/s 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 638 MB/s 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 549 MB/s Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 493 MB/s Sempron 140 2700 MHz Asus Sabertooth 990FX AMD990FX Unganged Dual DDR3-1333 9-9-9-24 CR1 448 MB/s P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 442 MB/s 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 427 MB/s 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 350 MB/s Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 336 MB/s 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 326 MB/s Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 306 MB/s Celeron 420 1600 MHz Intel DQ965CO Q965 Int. Dual DDR2-667 5-5-5-15 251 MB/s Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 247 MB/s Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 245 MB/s Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 162 MB/s --------[ FPU VP8 ]----------------------------------------------------------------------------------------------------- 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 4258 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 3683 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 3459 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 3304 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 3005 6x Phenom II X6 1055T 2800 MHz Gigabyte GA-790FXTA-UD5 AMD790FX Unganged Dual DDR3-1333 9-9-9-24 CR1 2894 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 2790 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 2772 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 2768 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 2288 6x FX-6100 3300 MHz Asus Sabertooth 990FX AMD990FX Dual DDR3-1866 9-9-9-24 CR1 2256 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 2190 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 2073 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 2069 2x Core i5-2450M HT 2900 MHz Acer Aspire 4752 HM65 Int. Dual DDR3-1333 9-9-9-24 CR1 1823 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 1803 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 1798 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 1772 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 1733 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 1532 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 1457 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 1127 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 1107 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 1007 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 888 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 744 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 693 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 652 Sempron 140 2700 MHz Asus Sabertooth 990FX AMD990FX Unganged Dual DDR3-1333 9-9-9-24 CR1 632 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 556 Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 518 P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 471 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 457 Celeron 420 1600 MHz Intel DQ965CO Q965 Int. Dual DDR2-667 5-5-5-15 451 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 444 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 413 Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 413 Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 401 Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 393 Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 318 Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 310 --------[ FPU Julia ]--------------------------------------------------------------------------------------------------- 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 26900 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 18505 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 18308 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 17997 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 17671 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 15287 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 12204 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 11131 6x Phenom II X6 1055T 2800 MHz Gigabyte GA-790FXTA-UD5 AMD790FX Unganged Dual DDR3-1333 9-9-9-24 CR1 10731 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 8954 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 8678 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 8201 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 8070 6x FX-6100 3300 MHz Asus Sabertooth 990FX AMD990FX Dual DDR3-1866 9-9-9-24 CR1 7959 2x Core i5-2450M HT 3100 MHz Acer Aspire 4752 HM65 Int. Dual DDR3-1333 9-9-9-24 CR1 7619 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 7606 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 7433 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 6416 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 5596 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 5578 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 5549 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 3533 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 3077 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 2449 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 2385 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 2308 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 2052 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 1988 Sempron 140 2700 MHz Asus Sabertooth 990FX AMD990FX Unganged Dual DDR3-1333 9-9-9-24 CR1 1703 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 1340 P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 1307 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 1115 Celeron 420 1600 MHz Intel DQ965CO Q965 Int. Dual DDR2-667 5-5-5-15 960 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 914 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 896 Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 892 Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 795 Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 702 Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 640 Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 589 Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 513 --------[ FPU Mandel ]-------------------------------------------------------------------------------------------------- 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 14256 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 9822 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 9318 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 8672 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 8614 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 8067 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 6212 6x Phenom II X6 1055T 2800 MHz Gigabyte GA-790FXTA-UD5 AMD790FX Unganged Dual DDR3-1333 9-9-9-24 CR1 5465 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 5397 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 4626 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 4418 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 4332 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 4180 6x FX-6100 3300 MHz Asus Sabertooth 990FX AMD990FX Dual DDR3-1866 9-9-9-24 CR1 4071 2x Core i5-2450M HT 3100 MHz Acer Aspire 4752 HM65 Int. Dual DDR3-1333 9-9-9-24 CR1 4047 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 3968 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 3874 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 3313 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 2889 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 2840 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 2675 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 1823 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 1626 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 1482 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 1449 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 1182 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 1062 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 1051 Sempron 140 2700 MHz Asus Sabertooth 990FX AMD990FX Unganged Dual DDR3-1333 9-9-9-24 CR1 871 P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 794 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 683 Celeron 420 1600 MHz Intel DQ965CO Q965 Int. Dual DDR2-667 5-5-5-15 495 Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 476 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 458 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 428 Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 407 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 399 Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 360 Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 328 Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 263 Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 193 --------[ FPU SinJulia ]------------------------------------------------------------------------------------------------ 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 7473 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 7213 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 6993 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 4695 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 4658 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 4590 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 4138 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 3101 6x Phenom II X6 1055T 2800 MHz Gigabyte GA-790FXTA-UD5 AMD790FX Unganged Dual DDR3-1333 9-9-9-24 CR1 2728 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 2590 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 2306 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 2266 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 2222 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 2210 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 1934 2x Core i5-2450M HT 3100 MHz Acer Aspire 4752 HM65 Int. Dual DDR3-1333 9-9-9-24 CR1 1931 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 1871 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 1855 6x FX-6100 3300 MHz Asus Sabertooth 990FX AMD990FX Dual DDR3-1866 9-9-9-24 CR1 1741 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 1618 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 1421 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 1178 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 1049 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 1021 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 960 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 942 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 835 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 682 P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 516 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 506 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 457 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 452 Sempron 140 2700 MHz Asus Sabertooth 990FX AMD990FX Unganged Dual DDR3-1333 9-9-9-24 CR1 435 Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 359 Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 327 Celeron 420 1600 MHz Intel DQ965CO Q965 Int. Dual DDR2-667 5-5-5-15 277 Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 262 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 261 Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 205 Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 203 Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 132 --------[ Debug - PCI ]------------------------------------------------------------------------------------------------- B00 D00 F00: Intel Sandy Bridge-MB - Host Bridge/DRAM Controller Offset 000: 86 80 04 01 06 00 90 20 09 00 00 06 00 00 00 00 Offset 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 25 10 06 05 Offset 030: 00 00 00 00 E0 00 00 00 00 00 00 00 00 00 00 00 Offset 040: 01 90 D1 FE 00 00 00 00 01 00 D1 FE 00 00 00 00 Offset 050: 21 02 00 00 19 00 00 00 0F 00 90 CF 01 00 00 C7 Offset 060: 05 00 00 F8 00 00 00 00 01 80 D1 FE 00 00 00 00 Offset 070: 00 00 80 FF 00 00 00 00 00 0C 80 FF 7F 00 00 00 Offset 080: 30 33 33 33 33 33 33 00 1A 00 00 00 00 00 00 00 Offset 090: 01 00 00 00 01 00 00 00 01 00 D0 2F 01 00 00 00 Offset 0A0: 01 00 00 00 01 00 00 00 01 00 E0 2F 01 00 00 00 Offset 0B0: 01 00 A0 C7 01 00 80 C7 01 00 00 C7 01 00 A0 CF Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 09 00 0C 01 9E 61 80 E2 90 00 00 14 00 00 00 00 Offset 0F0: 00 00 00 01 00 00 00 00 B8 0F 06 00 00 00 00 00 B00 D01 F00: Intel Sandy Bridge-DT - PCI Express Graphics Root Port Offset 000: 86 80 01 01 07 00 10 00 09 00 04 06 10 00 81 00 Offset 010: 00 00 00 00 00 00 00 00 00 01 01 00 20 20 00 20 Offset 020: 00 F2 00 F3 01 E0 F1 F1 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 88 00 00 00 00 00 00 00 10 01 00 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0A Offset 080: 01 90 03 C8 08 00 00 00 0D 80 00 00 25 10 06 05 Offset 090: 05 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 10 00 42 01 00 80 00 00 00 00 00 00 02 2D 21 02 Offset 0B0: 53 00 01 11 80 25 0C 00 00 00 48 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 10 00 B00 D02 F00: Intel Sandy Bridge-MB - Integrated Graphics Controller (MB GT2 1.3GHz+) Offset 000: 86 80 26 01 07 04 90 00 09 00 00 03 00 00 00 00 Offset 010: 04 00 40 F3 00 00 00 00 0C 00 00 D0 00 00 00 00 Offset 020: 01 30 00 00 00 00 00 00 00 00 00 00 25 10 07 05 Offset 030: 00 00 00 00 90 00 00 00 00 00 00 00 00 01 00 00 Offset 040: 09 00 0C 01 9E 61 80 E2 90 00 00 14 00 00 00 00 Offset 050: 21 02 00 00 19 00 00 00 00 00 00 00 01 00 A0 C7 Offset 060: 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 05 D0 01 00 0C F0 E0 FE 62 49 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 13 00 06 03 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 01 A4 22 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 80 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 06 00 18 50 EF C6 B00 D16 F00: Intel Cougar Point PCH - Manageability Engine Interface 1 [B-2] Offset 000: 86 80 3A 1C 06 00 10 00 04 00 80 07 00 00 80 00 Offset 010: 04 50 B0 F3 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 25 10 06 05 Offset 030: 00 00 00 00 50 00 00 00 00 00 00 00 10 01 00 00 Offset 040: 45 02 00 1E 08 00 01 80 06 00 00 60 F8 0F 00 10 Offset 050: 01 8C 03 C8 08 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 05 00 80 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 C0 Offset 0C0: 25 C2 8F B6 CC 82 51 8D 0B 10 99 AC 11 10 81 48 Offset 0D0: 7C D5 F8 E1 1E 56 AC CD E4 E2 F4 77 A6 E8 8C 7E Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B00 D1A F00: Intel Cougar Point PCH - USB EHCI #2 Controller [B-2] Offset 000: 86 80 2D 1C 06 00 90 02 04 20 03 0C 00 00 00 00 Offset 010: 00 90 B0 F3 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 25 10 06 05 Offset 030: 00 00 00 00 50 00 00 00 00 00 00 00 10 01 00 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 01 58 C2 C9 00 00 00 00 0A 98 A0 20 00 00 00 00 Offset 060: 20 20 81 07 00 00 00 00 01 00 00 01 00 20 00 C0 Offset 070: 00 00 DF 3F 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 80 00 11 88 0C 93 30 0D 00 24 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 13 00 06 03 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 AA FF 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 04 A0 63 C4 Offset 0F0: 00 00 00 00 88 85 80 00 87 0F 06 08 08 17 5B 20 B00 D1B F00: Intel Cougar Point PCH - High Definition Audio Controller [B-2] Offset 000: 86 80 20 1C 06 00 10 00 04 00 03 04 10 00 00 00 Offset 010: 04 00 B0 F3 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 25 10 06 05 Offset 030: 00 00 00 00 50 00 00 00 00 00 00 00 16 01 00 00 Offset 040: 01 00 00 45 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 01 60 42 C8 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 05 70 80 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 10 00 91 00 00 00 00 10 00 08 10 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 04 00 01 02 24 00 40 00 0C A3 82 10 00 33 02 Offset 0D0: 00 0C A3 02 10 00 33 02 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00 B00 D1C F00: Intel Cougar Point PCH - PCI Express Port 1 [B-2] Offset 000: 86 80 10 1C 04 00 10 00 B4 00 04 06 10 00 81 00 Offset 010: 00 00 00 00 00 00 00 00 00 02 02 00 F0 00 00 20 Offset 020: F0 FF 00 00 F1 FF 01 00 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 40 00 00 00 00 00 00 00 10 01 00 00 Offset 040: 10 80 42 01 00 80 00 00 00 00 10 00 12 4C 12 01 Offset 050: 02 00 01 10 00 B2 04 00 00 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 05 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 0D A0 00 00 25 10 06 05 00 00 00 00 00 00 00 00 Offset 0A0: 01 00 02 C8 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 01 02 0B 00 00 00 80 11 81 00 00 00 00 Offset 0E0: 00 3F 00 00 00 00 00 00 01 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00 B00 D1C F01: Intel Cougar Point PCH - PCI Express Port 2 [B-2] Offset 000: 86 80 12 1C 06 00 10 00 B4 00 04 06 10 00 81 00 Offset 010: 00 00 00 00 00 00 00 00 00 03 03 00 F0 00 00 00 Offset 020: A0 F3 A0 F3 F1 FF 01 00 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 40 00 00 00 00 00 00 00 11 02 00 00 Offset 040: 10 80 42 01 00 80 00 00 00 00 10 00 12 3C 12 02 Offset 050: 42 00 11 70 00 B2 0C 00 00 00 40 01 00 00 00 00 Offset 060: 00 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 05 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 0D A0 00 00 25 10 06 05 00 00 00 00 00 00 00 00 Offset 0A0: 01 00 02 C8 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 01 02 0B 00 00 00 80 11 81 00 00 00 00 Offset 0E0: 00 03 00 00 00 00 00 00 01 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00 B00 D1C F03: Intel Cougar Point PCH - PCI Express Port 4 [B-2] Offset 000: 86 80 16 1C 06 00 10 00 B4 00 04 06 10 00 81 00 Offset 010: 00 00 00 00 00 00 00 00 00 04 04 00 F0 00 00 20 Offset 020: F0 FF 00 00 81 F3 81 F3 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 40 00 00 00 00 00 00 00 13 04 00 00 Offset 040: 10 80 42 01 00 80 00 00 00 00 10 00 12 3C 12 04 Offset 050: 42 00 11 70 00 B2 1C 00 00 00 40 01 00 00 00 00 Offset 060: 00 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 05 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 0D A0 00 00 25 10 06 05 00 00 00 00 00 00 00 00 Offset 0A0: 01 00 02 C8 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 01 02 0B 00 00 00 80 11 81 00 00 00 00 Offset 0E0: 00 03 00 00 00 00 00 00 01 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00 B00 D1C F04: Intel Cougar Point PCH - PCI Express Port 5 [B-2] Offset 000: 86 80 18 1C 06 00 10 00 B4 00 04 06 10 00 81 00 Offset 010: 00 00 00 00 00 00 00 00 00 05 05 00 F0 00 00 00 Offset 020: 90 F3 90 F3 F1 FF 01 00 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 40 00 00 00 00 00 00 00 10 01 00 00 Offset 040: 10 80 42 01 00 80 00 00 00 00 10 00 12 3C 12 05 Offset 050: 42 00 12 70 00 B2 24 00 00 00 40 01 00 00 00 00 Offset 060: 00 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 05 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 0D A0 00 00 25 10 06 05 00 00 00 00 00 00 00 00 Offset 0A0: 01 00 02 C8 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 01 02 0B 00 00 00 80 11 81 00 00 00 00 Offset 0E0: 00 3F 00 00 00 00 00 00 01 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00 B00 D1D F00: Intel Cougar Point PCH - USB EHCI #1 Controller [B-2] Offset 000: 86 80 26 1C 06 00 90 02 04 20 03 0C 00 00 00 00 Offset 010: 00 80 B0 F3 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 25 10 06 05 Offset 030: 00 00 00 00 50 00 00 00 00 00 00 00 17 01 00 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 01 58 C2 C9 00 00 00 00 0A 98 A0 20 00 00 00 00 Offset 060: 20 20 01 06 00 00 00 00 01 00 00 01 00 20 00 C0 Offset 070: 00 00 DF 3F 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 80 00 11 88 0C 93 30 0D 00 24 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 13 00 06 03 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 AA FF 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 02 08 20 00 04 00 40 00 04 50 2E C4 Offset 0F0: 00 00 00 00 88 85 80 00 87 0F 06 08 08 17 5B 20 B00 D1F F00: Intel HM65 PCH - LPC Interface Controller [B-2] Offset 000: 86 80 49 1C 07 00 10 02 04 00 01 06 00 00 80 00 Offset 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 25 10 06 05 Offset 030: 00 00 00 00 E0 00 00 00 00 00 00 00 00 00 00 00 Offset 040: 01 04 00 00 80 00 00 00 01 05 00 00 10 00 00 00 Offset 050: F8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 8B 8A 8B 89 D0 00 00 00 8A 80 89 8B F8 F0 00 00 Offset 070: 78 00 79 00 7A 00 7B 00 7C 00 7D 00 7E 00 7F 00 Offset 080: 10 00 0F 3F 69 00 04 00 00 00 00 00 00 00 00 00 Offset 090: A1 06 0C 00 00 0F 00 00 01 00 80 FE 00 00 00 00 Offset 0A0: 14 0E 80 00 39 18 06 00 00 47 00 00 00 00 00 80 Offset 0B0: 00 00 00 00 00 00 00 00 04 81 80 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 0F 00 00 00 67 45 00 00 00 FF 00 00 08 00 00 00 Offset 0E0: 09 00 0C 10 00 00 00 00 13 06 64 0E 00 00 00 00 Offset 0F0: 01 C0 D1 FE 00 00 00 00 87 0F 06 08 00 00 00 00 B00 D1F F02: Intel Cougar Point-M PCH - SATA Controller [B-2] Offset 000: 86 80 01 1C 05 00 B0 02 04 8F 01 01 00 00 00 00 Offset 010: B9 30 00 00 CD 30 00 00 B1 30 00 00 C9 30 00 00 Offset 020: 91 30 00 00 81 30 00 00 00 00 00 00 25 10 06 05 Offset 030: 00 00 00 00 70 00 00 00 00 00 00 00 13 02 00 00 Offset 040: 07 E3 03 E3 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 01 B0 03 00 08 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 05 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 1C 03 83 83 01 00 1C 08 42 5C 01 00 00 00 00 Offset 0A0: E0 00 00 00 39 00 39 00 00 00 00 00 00 00 00 00 Offset 0B0: 13 00 06 03 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00 B00 D1F F03: Intel Cougar Point PCH - SMBus Controller [B-2] Offset 000: 86 80 22 1C 03 00 80 02 04 00 05 0C 00 00 00 00 Offset 010: 04 40 B0 F3 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: A1 EF 00 00 00 00 00 00 00 00 00 00 25 10 06 05 Offset 030: 00 00 00 00 00 00 00 00 00 00 00 00 0B 03 00 00 Offset 040: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 03 04 04 00 00 00 08 08 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00 B00 D1F F05: Intel Cougar Point-M PCH - SATA 2-Port Controller [B-2] Offset 000: 86 80 09 1C 05 00 B0 02 04 85 01 01 00 00 00 00 Offset 010: A9 30 00 00 C5 30 00 00 A1 30 00 00 C1 30 00 00 Offset 020: 71 30 00 00 61 30 00 00 00 00 00 00 25 10 06 05 Offset 030: 00 00 00 00 70 00 00 00 00 00 00 00 13 02 00 00 Offset 040: 00 80 00 80 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 01 B0 03 00 08 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 13 00 06 03 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00 B00 D1F F06: Intel Cougar Point PCH - Thermal Management Controller [B-2] Offset 000: 86 80 24 1C 00 00 10 00 04 00 80 11 00 00 00 00 Offset 010: 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 25 10 06 05 Offset 030: 00 00 00 00 50 00 00 00 00 00 00 00 FF 03 00 00 Offset 040: 05 80 D0 FE 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 01 00 23 00 08 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00 B03 D00 F00: Atheros AR9287 Wireless Network Adapter Offset 000: 8C 16 2E 00 46 01 10 00 01 00 80 02 10 00 00 00 Offset 010: 04 00 A0 F3 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 5B 10 34 E0 Offset 030: 00 00 00 00 40 00 00 00 00 00 00 00 11 01 00 00 Offset 040: 01 50 C3 5B 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 05 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 10 00 12 00 C0 8C 90 05 10 20 09 00 11 3C 03 00 Offset 070: 42 00 11 10 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B04 D00 F00: Broadcom NetLink BCM57785 PCI-E Gigabit Ethernet Controller Offset 000: E4 14 B5 16 06 04 10 00 10 00 00 02 10 00 80 00 Offset 010: 0C 00 80 F3 00 00 00 00 0C 00 81 F3 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 25 10 00 05 Offset 030: 00 00 00 00 48 00 00 00 00 00 00 00 00 01 00 00 Offset 040: 00 00 00 00 00 00 00 C9 01 58 03 C8 08 20 00 08 Offset 050: 03 00 00 00 00 00 00 00 05 A0 86 00 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 98 02 00 F1 50 00 D8 01 Offset 070: 92 10 00 00 00 00 00 00 2C 00 00 00 F0 0D 00 00 Offset 080: 25 10 00 05 00 00 00 00 00 00 00 00 FA 00 00 00 Offset 090: 00 00 00 00 89 01 00 00 00 00 00 00 B7 01 00 00 Offset 0A0: 11 AC 04 80 02 00 00 00 22 01 00 00 10 00 02 00 Offset 0B0: 80 8D 90 05 00 50 19 00 11 5C 07 00 42 01 11 10 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 1F 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 51 78 57 B04 D00 F01: Broadcom SD Card Reader Offset 000: E4 14 BC 16 06 00 10 00 10 01 05 08 10 00 80 00 Offset 010: 0C 00 82 F3 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 25 10 00 05 Offset 030: 00 00 00 00 48 00 00 00 00 00 00 00 10 02 00 00 Offset 040: 00 00 00 00 00 00 00 00 01 58 03 C8 08 20 00 00 Offset 050: 03 00 00 00 00 00 00 00 05 AC 80 00 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 11 00 05 00 02 00 00 00 22 01 00 00 10 00 02 00 Offset 0B0: 80 8D 90 05 10 5C 19 00 11 CC 04 00 42 01 11 10 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 1F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 51 78 57 B04 D00 F02: Broadcom Memory Stick Card Reader Offset 000: E4 14 BE 16 06 00 10 00 10 00 80 08 10 00 80 00 Offset 010: 0C 00 83 F3 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 25 10 00 05 Offset 030: 00 00 00 00 48 00 00 00 00 00 00 00 10 02 00 00 Offset 040: 00 00 00 00 00 00 00 00 01 58 03 C8 08 20 00 00 Offset 050: 03 00 00 00 00 00 00 00 05 AC 80 00 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 11 00 05 00 02 00 00 00 22 01 00 00 10 00 02 00 Offset 0B0: 80 8D 90 05 10 5C 19 00 11 CC 04 00 42 01 11 10 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 1F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 51 78 57 B04 D00 F03: Broadcom xD Card Reader Offset 000: E4 14 BF 16 06 00 10 00 10 00 80 08 10 00 80 00 Offset 010: 0C 00 84 F3 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 25 10 00 05 Offset 030: 00 00 00 00 48 00 00 00 00 00 00 00 10 02 00 00 Offset 040: 00 00 00 00 00 00 00 00 01 58 03 C8 08 20 00 00 Offset 050: 03 00 00 00 00 00 00 00 05 AC 80 00 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 11 00 05 00 02 00 00 00 22 01 00 00 10 00 02 00 Offset 0B0: 80 8D 90 05 10 5C 19 00 11 CC 04 00 42 01 11 10 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 1F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 51 78 57 B05 D00 F00: NEC uPD720200 USB 3.0 Host Controller Offset 000: 33 10 94 01 06 04 10 00 04 30 03 0C 10 00 00 00 Offset 010: 04 00 90 F3 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 25 10 07 05 Offset 030: 00 00 00 00 50 00 00 00 00 00 00 00 00 01 00 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 01 70 C3 C9 08 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 30 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 05 90 86 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 11 A0 07 80 00 10 00 00 80 10 00 00 00 00 00 00 Offset 0A0: 10 00 02 00 C0 8F 00 00 00 28 19 00 12 EC 07 00 Offset 0B0: 42 01 12 10 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 10 08 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: FC 1F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 08 14 60 00 00 00 00 00 00 00 00 00 00 00 00 00 PCI-8086-0104: Intel Sandy Bridge MCHBAR Offset 4000: 99 79 18 00 54 54 14 0A 20 32 02 0A 90 56 00 00 Offset 4010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCI-8086-0104: Intel Sandy Bridge MCHBAR Offset 4280: 00 00 00 00 00 00 0C 00 00 00 00 00 44 00 00 00 Offset 4290: 80 40 00 00 0F 98 00 00 50 14 6B 5A 10 02 00 00 PCI-8086-0104: Intel Sandy Bridge MCHBAR Offset 4400: 99 79 18 00 54 54 14 0A 20 42 02 0A 90 56 00 00 Offset 4410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCI-8086-0104: Intel Sandy Bridge MCHBAR Offset 4680: 00 00 00 00 00 00 0C 00 00 00 00 00 44 00 00 00 Offset 4690: 80 40 00 00 0F 98 00 00 50 14 6B 5A 50 02 00 00 PCI-8086-0104: Intel Sandy Bridge MCHBAR Offset 4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 4810: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCI-8086-0104: Intel Sandy Bridge MCHBAR Offset 4A80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 4A90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCI-8086-0104: Intel Sandy Bridge MCHBAR Offset 5000: 24 00 00 00 08 00 60 00 08 00 60 00 00 00 60 00 Offset 5010: 00 00 00 00 00 00 10 08 00 00 00 00 00 00 00 00 PCI-8086-0104: Intel Sandy Bridge MCHBAR Offset 5940: 79 38 1B 00 5C AA 0F 00 0B 0D 00 00 00 00 00 00 Offset 5950: 00 00 00 00 00 00 10 00 00 19 01 60 00 08 00 00 Offset 5960: CE 23 67 03 58 AD F8 30 55 C8 AE EB B0 BA 8D DF Offset 5970: D6 89 02 10 D4 89 02 10 44 00 00 00 44 00 00 00 Offset 5980: 44 00 00 00 EF 5D 03 3C 00 00 00 00 00 00 00 00 Offset 5990: FF 00 00 00 FF 00 00 00 1A 0D 0D 00 00 0E 64 00 PCI-8086-0104: Intel Sandy Bridge MCHBAR Offset 5E00: 05 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 Offset 5E10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCI-8086-1C24: Intel 5/6/7/8-series PCH TBARB Offset 00: 01 BA 00 E7 2B 3A 00 00 06 00 06 00 00 00 40 00 Offset 10: 00 00 00 19 87 DE 8C 80 00 00 F0 10 00 00 00 00 Offset 20: 00 00 C7 04 00 00 00 00 00 00 00 00 00 00 00 00 Offset 30: 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 40: 00 02 00 FF 00 00 00 00 00 00 00 00 00 00 00 00 Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 20 1B 16 05 Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 80: 00 00 00 00 68 68 00 FF 00 00 00 00 00 00 00 00 Offset 90: E2 4D 16 0D 00 00 00 00 00 00 00 00 00 00 00 00 Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset C0: 00 00 00 00 00 00 00 FF 00 00 00 00 00 00 00 00 Offset D0: 00 00 00 00 00 00 00 00 39 00 D4 00 00 00 00 00 Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 --------[ Debug - Video BIOS ]------------------------------------------------------------------------------------------ C000:0000 U.y.D.000000000000.#.1".@...00IBM VGA Compatible BIOS. .f.v..... C000:0040 PCIR............................&...f........................... C000:0080 ../............................................DH.....DH.....DH. C000:00C0 ...0DH.....DI.....DI.....DJ.....DJ....0DJ.....DI....0DI.....DJ.. C000:0100 ...DK.....DK.....DK....0.L......L......L....0.L......M......M... C000:0140 ..0.<..2.`..4....8....:....<....A.<..C.`..E....I....K....M....P C000:0180 <..R `..T ...X ...Z ...\ ...`....a....b ...c....d....e ...f....g C000:01C0 ....h ...i....j....k ...l.-..m.-..n -..o.G..p.G..q G..}....~.... C000:0200  ........ .-..`............ .1..l...........rQ.. n(U...!....... C000:0240 ....`"........... ....@.......... .1X. (.........V. .1X. .P.... C000:0280 ....d..@A.&0..6.......... A. 0.`........0*..Q.*@0p.........4..Q. C000:02C0 *@..........H?@0b.2@@.........h[..r.