AIDA64 Engineer

 
Version  AIDA64 v5.30.3500
Benchmark Module  4.1.643-x64
Homepage  http://www.aida64.com/
Report Type  Quick Report
Computer  LAPTOP-5DNN8R19
Generator  galff
Operating System  Microsoft Windows 10 10.0.10240.16431 (Win10 RTM)
Date  2015-08-27
Time  17:52


Summary

 
Computer:
Computer Type  ACPI x64-based PC
Operating System  Microsoft Windows 10
OS Service Pack  -
Internet Explorer  11.0.10240.16431
Edge  20.10240.16384.0
DirectX  DirectX 12.0
Computer Name  LAPTOP-5DNN8R19
User Name  galff
Logon Domain  LAPTOP-5DNN8R19
Date / Time  2015-08-27 / 17:52
 
Motherboard:
CPU Type  QuadCore Intel Atom x5-Z8500, 2233 MHz (28 x 80)
Motherboard Name  ASUSTeK COMPUTER INC. T100HAN
Motherboard Chipset  Intel Cherry Trail
System Memory  1963 MB
BIOS Type  AMI (07/14/2015)
Communication Port  Communications Port (COM1)
 
Display:
Video Adapter  Intel(R) HD Graphics (1 GB)
Video Adapter  Intel(R) HD Graphics (1 GB)
Video Adapter  Intel(R) HD Graphics (1 GB)
Monitor  Generic PnP Monitor [NoDB] (12003)
Monitor  Intel AVStream Camera
 
Storage:
Storage Controller  Microsoft Storage Spaces Controller
Storage Controller  SD Storage Class Controller
Disk Drive  Samsung CGND3R (58 GB)
SMART Hard Disks Status  Unknown
 
Partitions:
C: (NTFS)  58862 MB (36827 MB free)
Total Size  57.5 GB (36.0 GB free)
 
Input:
Keyboard  HID Keyboard Device
Keyboard  HID Keyboard Device
Keyboard  HID Keyboard Device
Mouse  ASUS Touchpad
Mouse  HID-compliant mouse
 
Network:
Primary IP Address  192.168.1.112
Primary MAC Address  04-E6-76-43-62-CE
Network Adapter  Bluetooth Device (Personal Area Network)
Network Adapter  Broadcom 802.11abgn Wireless SDIO Adapter (192.168.1.112)
Network Adapter  Microsoft Wi-Fi Direct Virtual Adapter
 
Peripherals:
Printer  Fax
Printer  Microsoft Print to PDF
Printer  Microsoft XPS Document Writer
USB3 Controller  Intel Cherry Trail / Braswell SoC - USB 3.0 xHCI Controller
USB Device  Generic USB Hub
USB Device  USB Composite Device
USB Device  USB Input Device
USB Device  USB Input Device
USB Device  USB Input Device
USB Device  USB Input Device
Battery  Microsoft AC Adapter
Battery  Microsoft ACPI-Compliant Control Method Battery
 
DMI:
DMI BIOS Vendor  American Megatrends Inc.
DMI BIOS Version  T100HAN.204
DMI System Manufacturer  ASUSTeK COMPUTER INC.
DMI System Product  T100HAN
DMI System Version  1.0
DMI System Serial Number  F6NTCY00091925A
DMI System UUID  F0078270-EE26E581-269F04E6-764362CE
DMI Motherboard Manufacturer  ASUSTeK COMPUTER INC.
DMI Motherboard Product  T100HAN
DMI Motherboard Version  1.0
DMI Motherboard Serial Number  BSN12345678901234567
DMI Chassis Manufacturer  ASUSTeK COMPUTER INC.
DMI Chassis Version  1.0
DMI Chassis Serial Number  F6NTCY00091925A
DMI Chassis Asset Tag  ATN12345678901234567
DMI Chassis Type  Notebook


Computer Name

 
Type  Class  Computer Name
Computer Comment  Logical  
NetBIOS Name  Logical  LAPTOP-5DNN8R19
DNS Host Name  Logical  LAPTOP-5DNN8R19
DNS Domain Name  Logical  
Fully Qualified DNS Name  Logical  LAPTOP-5DNN8R19
NetBIOS Name  Physical  LAPTOP-5DNN8R19
DNS Host Name  Physical  LAPTOP-5DNN8R19
DNS Domain Name  Physical  
Fully Qualified DNS Name  Physical  LAPTOP-5DNN8R19


DMI

 
[ BIOS ]
 
BIOS Properties:
Vendor  American Megatrends Inc.
Version  T100HAN.204
Release Date  07/14/2015
Size  6 MB
System BIOS Version  5.6
Boot Devices  Floppy Disk, Hard Disk, CD-ROM
Capabilities  Flash BIOS, Shadow BIOS, Selectable Boot, EDD, BBS, Smart Battery
Supported Standards  DMI, ACPI, UEFI
Expansion Capabilities  PCI, USB
Virtual Machine  No
 
BIOS Manufacturer:
Company Name  American Megatrends Inc.
Product Information  http://www.ami.com/amibios
BIOS Upgrades  http://www.aida64.com/bios-updates
 
[ System ]
 
System Properties:
Manufacturer  ASUSTeK COMPUTER INC.
Product  T100HAN
Version  1.0
Serial Number  F6NTCY00091925A
SKU#  ASUS-TabletSKU
Family  T
Universal Unique ID  F0078270-EE26E581-269F04E6-764362CE
Wake-Up Type  Power Switch
 
[ Motherboard ]
 
Motherboard Properties:
Manufacturer  ASUSTeK COMPUTER INC.
Product  T100HAN
Version  1.0
Serial Number  BSN12345678901234567
Asset Tag  ATN12345678901234567
 
Motherboard Manufacturer:
Company Name  ASUSTeK Computer Inc.
Product Information  http://www.asus.com/Motherboards
BIOS Download  http://support.asus.com/download/download.aspx?SLanguage=en-us
Driver Update  http://www.aida64.com/driver-updates
BIOS Upgrades  http://www.aida64.com/bios-updates
 
[ Chassis ]
 
Chassis Properties:
Manufacturer  ASUSTeK COMPUTER INC.
Version  1.0
Serial Number  F6NTCY00091925A
Asset Tag  ATN12345678901234567
Chassis Type  Notebook
Boot-Up State  Safe
Power Supply State  Safe
Thermal State  Safe
Security Status  None
 
[ Processors / Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz ]
 
Processor Properties:
Manufacturer  Intel
Version  Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz
Asset Tag  Fill By OEM
Part Number  Fill By OEM
External Clock  80 MHz
Maximum Clock  2400 MHz
Current Clock  1440 MHz
Type  Central Processor
Voltage  1.2 V
Status  Enabled
Upgrade  Socket LGA1155
Socket Designation  SOCKET 0
HTT / CMP Units  1 / 4
Capabilities  64-bit
 
CPU Manufacturer:
Company Name  Intel Corporation
Product Information  http://ark.intel.com/search.aspx?q=Intel%20Atom%20x5-Z8500
Driver Update  http://www.aida64.com/driver-updates
 
[ Caches / CPU Internal L1 ]
 
Cache Properties:
Type  Internal
Status  Enabled
Operational Mode  Write-Back
Maximum Size  224 KB
Installed Size  224 KB
Error Correction  Single-bit ECC
Socket Designation  CPU Internal L1
 
[ Caches / CPU Internal L2 ]
 
Cache Properties:
Type  Unified
Status  Enabled
Operational Mode  Write-Back
Associativity  16-way Set-Associative
Maximum Size  2048 KB
Installed Size  2048 KB
Error Correction  Single-bit ECC
Socket Designation  CPU Internal L2
 
[ Memory Arrays / System Memory ]
 
Memory Array Properties:
Location  Motherboard
Memory Array Function  System Memory
Error Correction  Multi-bit ECC
Max. Memory Capacity  8 GB
Memory Devices  2
 
[ Memory Devices / A1_DIMM0 ]
 
Memory Device Properties:
Form Factor  DIMM
Type  DDR3
Size  1 GB
Max. Clock Speed  1600 MHz
Current Clock Speed  1600 MHz
Total Width  8-bit
Data Width  64-bit
Min. Voltage  1.500 V
Max. Voltage  1.500 V
Current Voltage  1.500 V
Device Locator  A1_DIMM0
Bank Locator  A1_BANK0
Manufacturer  A1_Manufacturer0
Serial Number  A1_SerNum0
Asset Tag  A1_AssetTagNum0
Part Number  Array1_PartNumber0
 
[ Memory Devices / A1_DIMM1 ]
 
Memory Device Properties:
Form Factor  DIMM
Type  DDR3
Size  1 GB
Max. Clock Speed  1600 MHz
Current Clock Speed  1600 MHz
Total Width  8-bit
Data Width  64-bit
Min. Voltage  1.500 V
Max. Voltage  1.500 V
Current Voltage  1.500 V
Device Locator  A1_DIMM1
Bank Locator  A1_BANK1
Manufacturer  A1_Manufacturer1
Serial Number  A1_SerNum1
Asset Tag  A1_AssetTagNum1
Part Number  Array1_PartNumber1
 
[ On-Board Devices / VGA ]
 
On-Board Device Properties:
Description  VGA
Type  Video
Status  Enabled
 
[ On-Board Devices / GLAN ]
 
On-Board Device Properties:
Description  GLAN
Type  Ethernet
Status  Enabled
 
[ On-Board Devices / WLAN ]
 
On-Board Device Properties:
Description  WLAN
Type  Ethernet
Status  Enabled
 
[ Miscellaneous ]
 
Miscellaneous:
OEM String  90NB074A-T00020


Overclock

 
CPU Properties:
CPU Type  QuadCore Intel Atom x5-Z8500
CPU Alias  Cherry Trail
CPU Stepping  C0
Engineering Sample  No
CPUID CPU Name  Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz
CPUID Revision  000406C3h
CPU VID  0.6000 V
 
CPU Speed:
CPU Clock  2238.2 MHz (original: 1440 MHz, overclock: 55%)
CPU Multiplier  28x
CPU FSB  79.9 MHz (original: 80 MHz)
Memory Bus  799.3 MHz
DRAM:FSB Ratio  30:3
 
CPU Cache:
L1 Code Cache  32 KB per core
L1 Data Cache  24 KB per core
L2 Cache  2x 1 MB (On-Die, ECC, Full-Speed)
 
Motherboard Properties:
Motherboard ID  <DMI>
Motherboard Name  ASUSTeK COMPUTER INC. T100HAN
 
Chipset Properties:
Motherboard Chipset  Intel Cherry Trail
Memory Timings  12-15-20-34 (CL-RCD-RP-RAS)
Command Rate (CR)  1T
 
BIOS Properties:
System BIOS Date  07/14/2015
Video BIOS Date  Unknown
DMI BIOS Version  T100HAN.204
 
Graphics Processor Properties:
Video Adapter  Intel Cherry Trail / Braswell SoC - Integrated Graphics Controller (16 EU)
GPU Code Name  Cherry Trail (Integrated 8086 / 22B0, Rev 20)
GPU Clock  600 MHz


Power Management

 
Power Management Properties:
Current Power Source  AC Line
Battery Status  31 % (Low Level, Charging)
Full Battery Lifetime  Unknown
Remaining Battery Lifetime  Unknown
 
Battery Properties:
Device Name  SR Real Battery
Manufacturer  Intel SR 1
Serial Number  123456789
Unique ID  123456789Intel SR 1SR Real Battery
Battery Type  Rechargeable Li-Ion
Designed Capacity  30000 mWh
Fully Charged Capacity  30199 mWh
Current Capacity  9428 mWh (31 %)
Battery Voltage  3.925 V
Charge-Discharge Cycle Count  6
Wear Level  0 %
Power State  AC Line, Charging
Charge Rate  6611 mW


Portable Computer

 
Centrino (Carmel) Platform Compliancy:
CPU: Intel Pentium M (Banias/Dothan)  No (Intel Atom x5-Z8500)
Chipset: Intel i855GM/PM  No (Intel Cherry Trail)
WLAN: Intel PRO/Wireless  No
System: Centrino Compliant  No
 
Centrino (Sonoma) Platform Compliancy:
CPU: Intel Pentium M (Dothan)  No (Intel Atom x5-Z8500)
Chipset: Intel i915GM/PM  No (Intel Cherry Trail)
WLAN: Intel PRO/Wireless 2200/2915  No
System: Centrino Compliant  No
 
Centrino (Napa) Platform Compliancy:
CPU: Intel Core (Yonah) / Core 2 (Merom)  No (Intel Atom x5-Z8500)
Chipset: Intel i945GM/PM  No (Intel Cherry Trail)
WLAN: Intel PRO/Wireless 3945/3965  No
System: Centrino Compliant  No
 
Centrino (Santa Rosa) Platform Compliancy:
CPU: Intel Core 2 (Merom/Penryn)  No (Intel Atom x5-Z8500)
Chipset: Intel GM965/PM965  No (Intel Cherry Trail)
WLAN: Intel Wireless WiFi Link 4965  No
System: Centrino Compliant  No
 
Centrino 2 (Montevina) Platform Compliancy:
CPU: Intel Core 2 (Penryn)  No (Intel Atom x5-Z8500)
Chipset: Mobile Intel 4 Series  No (Intel Cherry Trail)
WLAN: Intel WiFi Link 5000 Series  No
System: Centrino 2 Compliant  No
 
Centrino (Calpella) Platform Compliancy:
CPU: Intel Core i3/i5/i7 (Arrandale/Clarksfield)  No (Intel Atom x5-Z8500)
Chipset: Mobile Intel 5 Series  No (Intel Cherry Trail)
WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-N  No
System: Centrino Compliant  No
 
Centrino (Huron River) Platform Compliancy:
CPU: Intel Core i3/i5/i7 (Sandy Bridge-MB)  No (Intel Atom x5-Z8500)
Chipset: Mobile Intel 6 Series  No (Intel Cherry Trail)
WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-N  No
System: Centrino Compliant  No
 
Centrino (Chief River) Platform Compliancy:
CPU: Intel Core i3/i5/i7 (Ivy Bridge-MB)  No (Intel Atom x5-Z8500)
Chipset: Mobile Intel 7 Series  No (Intel Cherry Trail)
WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-N  No
System: Centrino Compliant  No
 
Centrino (Shark Bay-MB) Platform Compliancy:
CPU: Intel Core i3/i5/i7 (Haswell-MB)  No (Intel Atom x5-Z8500)
Chipset: Mobile Intel 8/9 Series  No (Intel Cherry Trail)
WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-N  No
System: Centrino Compliant  No


Sensor

 
Sensor Properties:
Sensor Type  Intel DPTF (ACPI)
 
Temperatures:
Motherboard  46 °C (115 °F)
CPU  46 °C (114 °F)
CPU GT Cores  53 °C (127 °F)
CPU #1 / Core #1  56 °C (133 °F)
CPU #1 / Core #2  52 °C (126 °F)
CPU #1 / Core #3  55 °C (131 °F)
CPU #1 / Core #4  50 °C (122 °F)
Temperature #1  46 °C (115 °F)
Temperature #2  62 °C (144 °F)
Temperature #3  46 °C (114 °F)
Temperature #4  54 °C (129 °F)
 
Voltage Values:
CPU Core  0.450 V
Battery  3.925 V
 
Power Values:
CPU Package  1.32 W
CPU IA Cores  0.39 W
CPU GT Cores  0.93 W
Battery Charge Rate  6.61 W


CPU

 
CPU Properties:
CPU Type  QuadCore Intel Atom x5-Z8500, 2233 MHz (28 x 80)
CPU Alias  Cherry Trail
CPU Stepping  C0
Instruction Set  x86, x86-64, MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, AES
Original Clock  1440 MHz
Engineering Sample  No
L1 Code Cache  32 KB per core
L1 Data Cache  24 KB per core
L2 Cache  2x 1 MB (On-Die, ECC, Full-Speed)
 
CPU Physical Info:
Package Type  1380 Ball FCBGA
Package Size  17 mm x 17 mm
Process Technology  14 nm, CMOS, Cu, High-K + Metal Gate
Die Size  71 mm2
 
CPU Manufacturer:
Company Name  Intel Corporation
Product Information  http://ark.intel.com/search.aspx?q=Intel%20Atom%20x5-Z8500
Driver Update  http://www.aida64.com/driver-updates
 
Multi CPU:
CPU #1  Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz, 1440 MHz
CPU #2  Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz, 1440 MHz
CPU #3  Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz, 1440 MHz
CPU #4  Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz, 1440 MHz
 
CPU Utilization:
CPU #1 / Core #1  0%
CPU #1 / Core #2  0%
CPU #1 / Core #3  0%
CPU #1 / Core #4  0%


CPUID

 
CPUID Properties:
CPUID Manufacturer  GenuineIntel
CPUID CPU Name  Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz
CPUID Revision  000406C3h
IA Brand ID  00h (Unknown)
Platform ID  37h / MC 01h (FCBGA1380)
Microcode Update Revision  34Dh
HTT / CMP Units  0 / 4
Tjmax Temperature  90 °C (194 °F)
CPU Power Limit 1 (Long Duration)  4.9 W / 1.00 sec (Unlocked)
CPU Power Limit 2 (Short Duration)  7.8 W / 10.00 sec (Unlocked)
Max Turbo Boost Multipliers  1C: 28x, 2C: 28x, 3C: 28x, 4C: 28x
 
Instruction Set:
64-bit x86 Extension (AMD64, Intel64)  Supported
AMD 3DNow!  Not Supported
AMD 3DNow! Professional  Not Supported
AMD 3DNowPrefetch  Supported
AMD Enhanced 3DNow!  Not Supported
AMD Extended MMX  Not Supported
AMD FMA4  Not Supported
AMD MisAligned SSE  Not Supported
AMD SSE4A  Not Supported
AMD XOP  Not Supported
Cyrix Extended MMX  Not Supported
Enhanced REP MOVSB/STOSB  Supported
Float-16 Conversion Instructions  Not Supported
IA-64  Not Supported
IA AES Extensions  Supported
IA AVX  Not Supported
IA AVX2  Not Supported
IA AVX-512 (AVX512F)  Not Supported
IA AVX-512 52-bit Integer Instructions (AVX512IFMA52)  Not Supported
IA AVX-512 Byte and Word Instructions (AVX512BW)  Not Supported
IA AVX-512 Conflict Detection Instructions (AVX512CD)  Not Supported
IA AVX-512 Doubleword and Quadword Instructions (AVX512DQ)  Not Supported
IA AVX-512 Exponential and Reciprocal Instructions (AVX512ER)  Not Supported
IA AVX-512 Prefetch Instructions (AVX512PF)  Not Supported
IA AVX-512 Vector Bit Manipulation Instructions (AVX512VBMI)  Not Supported
IA AVX-512 Vector Length Extensions (AVX512VL)  Not Supported
IA BMI1  Not Supported
IA BMI2  Not Supported
IA FMA  Not Supported
IA MMX  Supported
IA SHA Extensions  Not Supported
IA SSE  Supported
IA SSE2  Supported
IA SSE3  Supported
IA Supplemental SSE3  Supported
IA SSE4.1  Supported
IA SSE4.2  Supported
VIA Alternate Instruction Set  Not Supported
ADCX / ADOX Instruction  Not Supported
CLFLUSH Instruction  Supported
CLFLUSHOPT Instruction  Not Supported
CLWB Instruction  Not Supported
CMPXCHG8B Instruction  Supported
CMPXCHG16B Instruction  Supported
Conditional Move Instruction  Supported
INVPCID Instruction  Not Supported
LAHF / SAHF Instruction  Supported
LZCNT Instruction  Not Supported
MONITOR / MWAIT Instruction  Supported
MONITORX / MWAITX Instruction  Not Supported
MOVBE Instruction  Supported
PCLMULQDQ Instruction  Supported
PCOMMIT Instruction  Not Supported
POPCNT Instruction  Supported
PREFETCHWT1 Instruction  Not Supported
RDFSBASE / RDGSBASE / WRFSBASE / WRGSBASE Instruction  Not Supported
RDRAND Instruction  Supported
RDSEED Instruction  Not Supported
RDTSCP Instruction  Supported
SKINIT / STGI Instruction  Not Supported
SYSCALL / SYSRET Instruction  Not Supported
SYSENTER / SYSEXIT Instruction  Supported
Trailing Bit Manipulation Instructions  Not Supported
VIA FEMMS Instruction  Not Supported
 
Security Features:
Advanced Cryptography Engine (ACE)  Not Supported
Advanced Cryptography Engine 2 (ACE2)  Not Supported
Data Execution Prevention (DEP, NX, EDB)  Supported
Hardware Random Number Generator (RNG)  Not Supported
Hardware Random Number Generator 2 (RNG2)  Not Supported
Memory Protection Extensions (MPX)  Not Supported
PadLock Hash Engine (PHE)  Not Supported
PadLock Hash Engine 2 (PHE2)  Not Supported
PadLock Montgomery Multiplier (PMM)  Not Supported
PadLock Montgomery Multiplier 2 (PMM2)  Not Supported
Processor Serial Number (PSN)  Not Supported
Safer Mode Extensions (SMX)  Not Supported
Software Guard Extensions (SGX)  Not Supported
Supervisor Mode Access Prevention (SMAP)  Not Supported
Supervisor Mode Execution Protection (SMEP)  Supported
 
Power Management Features:
Application Power Management (APM)  Not Supported
Automatic Clock Control  Supported
Core C6 State (CC6)  Not Supported
Digital Thermometer  Supported
Dynamic FSB Frequency Switching  Not Supported
Enhanced Halt State (C1E)  Supported, Disabled
Enhanced SpeedStep Technology (EIST, ESS)  Supported, Enabled
Frequency ID Control  Not Supported
Hardware P-State Control  Not Supported
Hardware Thermal Control (HTC)  Not Supported
LongRun  Not Supported
LongRun Table Interface  Not Supported
Overstress  Not Supported
Package C6 State (PC6)  Not Supported
Parallax  Not Supported
PowerSaver 1.0  Not Supported
PowerSaver 2.0  Not Supported
PowerSaver 3.0  Not Supported
Processor Duty Cycle Control  Supported
Software Thermal Control  Not Supported
Temperature Sensing Diode  Not Supported
Thermal Monitor 1  Supported
Thermal Monitor 2  Supported
Thermal Monitor 3  Not Supported
Thermal Monitoring  Not Supported
Thermal Trip  Not Supported
Voltage ID Control  Not Supported
 
Virtualization Features:
Extended Page Table (EPT)  Supported
Hypervisor  Not Present
INVEPT Instruction  Supported
INVVPID Instruction  Supported
Nested Paging (NPT, RVI)  Not Supported
Secure Virtual Machine (SVM, Pacifica)  Not Supported
Virtual Machine Extensions (VMX, Vanderpool)  Supported
Virtual Processor ID (VPID)  Supported
 
CPUID Features:
1 GB Page Size  Not Supported
36-bit Page Size Extension  Supported
64-bit DS Area  Supported
Adaptive Overclocking  Not Supported
Address Region Registers (ARR)  Not Supported
Configurable TDP (cTDP)  Not Supported
Core Performance Boost (CPB)  Not Supported
Core Performance Counters  Not Supported
CPL Qualified Debug Store  Supported
Data Breakpoint Extension  Not Supported
Debug Trace Store  Supported
Debugging Extension  Supported
Deprecated FPU CS and FPU DS  Supported
Direct Cache Access  Not Supported
Dynamic Acceleration Technology (IDA)  Not Supported
Dynamic Configurable TDP (DcTDP)  Not Supported
Extended APIC Register Space  Not Supported
Fast Save & Restore  Supported
Hardware Lock Elision (HLE)  Not Supported
Hybrid Boost  Not Supported
Hyper-Threading Technology (HTT)  Not Supported
Instruction Based Sampling  Not Supported
Invariant Time Stamp Counter  Supported
L1 Context ID  Not Supported
L2I Performance Counters  Not Supported
Lightweight Profiling  Not Supported
Local APIC On Chip  Supported
Machine Check Architecture (MCA)  Supported
Machine Check Exception (MCE)  Supported
Memory Configuration Registers (MCR)  Not Supported
Memory Type Range Registers (MTRR)  Supported
Model Specific Registers (MSR)  Supported
NB Performance Counters  Not Supported
Page Attribute Table (PAT)  Supported
Page Global Extension  Supported
Page Size Extension (PSE)  Supported
Pending Break Event (PBE)  Supported
Performance Time Stamp Counter (PTSC)  Not Supported
Physical Address Extension (PAE)  Supported
Platform Quality of Service Enforcement (PQE)  Not Supported
Platform Quality of Service Monitoring (PQM)  Not Supported
Process Context Identifiers (PCID)  Not Supported
Processor Feedback Interface  Not Supported
Processor Trace (PT)  Not Supported
Restricted Transactional Memory (RTM)  Not Supported
Self-Snoop  Supported
Time Stamp Counter (TSC)  Supported
Turbo Boost  Supported, Enabled
Virtual Mode Extension  Supported
Watchdog Timer  Not Supported
x2APIC  Not Supported
XGETBV / XSETBV OS Enabled  Not Supported
XSAVE / XRSTOR / XSETBV / XGETBV Extended States  Not Supported
XSAVEOPT  Not Supported
 
CPUID Registers (CPU #1):
CPUID 00000000  0000000B-756E6547-6C65746E-49656E69 [GenuineIntel]
CPUID 00000001  000406C3-00100800-43D8E3BF-BFEBFBFF
CPUID 00000002  61B4A001-0000FFC2-00000000-00000000
CPUID 00000003  00000000-00000000-00000000-00000000
CPUID 00000004  1C000121-0140003F-0000003F-00000001 [SL 00]
CPUID 00000004  1C000122-01C0003F-0000003F-00000001 [SL 01]
CPUID 00000004  1C00C143-03C0003F-000003FF-00000001 [SL 02]
CPUID 00000005  00000040-00000040-00000003-33000020
CPUID 00000006  00000007-00000002-00000009-00000000
CPUID 00000007  00000000-00002282-00000000-00000000
CPUID 00000008  00000000-00000000-00000000-00000000
CPUID 00000009  00000000-00000000-00000000-00000000
CPUID 0000000A  07280203-00000000-00000000-00000503
CPUID 0000000B  00000001-00000001-00000100-00000000 [SL 00]
CPUID 0000000B  00000004-00000004-00000201-00000000 [SL 01]
CPUID 80000000  80000008-00000000-00000000-00000000
CPUID 80000001  00000000-00000000-00000101-28100000
CPUID 80000002  20202020-6E492020-286C6574-41202952 [ Intel(R) A]
CPUID 80000003  286D6F74-20294D54-5A2D3578-30303538 [tom(TM) x5-Z8500]
CPUID 80000004  50432020-20402055-34342E31-007A4847 [ CPU @ 1.44GHz]
CPUID 80000005  00000000-00000000-00000000-00000000
CPUID 80000006  00000000-00000000-04008040-00000000
CPUID 80000007  00000000-00000000-00000000-00000100
CPUID 80000008  00003024-00000000-00000000-00000000
 
CPUID Registers (CPU #2):
CPUID 00000000  0000000B-756E6547-6C65746E-49656E69 [GenuineIntel]
CPUID 00000001  000406C3-02100800-43D8E3BF-BFEBFBFF
CPUID 00000002  61B4A001-0000FFC2-00000000-00000000
CPUID 00000003  00000000-00000000-00000000-00000000
CPUID 00000004  1C000121-0140003F-0000003F-00000001 [SL 00]
CPUID 00000004  1C000122-01C0003F-0000003F-00000001 [SL 01]
CPUID 00000004  1C00C143-03C0003F-000003FF-00000001 [SL 02]
CPUID 00000005  00000040-00000040-00000003-33000020
CPUID 00000006  00000007-00000002-00000009-00000000
CPUID 00000007  00000000-00002282-00000000-00000000
CPUID 00000008  00000000-00000000-00000000-00000000
CPUID 00000009  00000000-00000000-00000000-00000000
CPUID 0000000A  07280203-00000000-00000000-00000503
CPUID 0000000B  00000001-00000001-00000100-00000002 [SL 00]
CPUID 0000000B  00000004-00000004-00000201-00000002 [SL 01]
CPUID 80000000  80000008-00000000-00000000-00000000
CPUID 80000001  00000000-00000000-00000101-28100000
CPUID 80000002  20202020-6E492020-286C6574-41202952 [ Intel(R) A]
CPUID 80000003  286D6F74-20294D54-5A2D3578-30303538 [tom(TM) x5-Z8500]
CPUID 80000004  50432020-20402055-34342E31-007A4847 [ CPU @ 1.44GHz]
CPUID 80000005  00000000-00000000-00000000-00000000
CPUID 80000006  00000000-00000000-04008040-00000000
CPUID 80000007  00000000-00000000-00000000-00000100
CPUID 80000008  00003024-00000000-00000000-00000000
 
CPUID Registers (CPU #3):
CPUID 00000000  0000000B-756E6547-6C65746E-49656E69 [GenuineIntel]
CPUID 00000001  000406C3-04100800-43D8E3BF-BFEBFBFF
CPUID 00000002  61B4A001-0000FFC2-00000000-00000000
CPUID 00000003  00000000-00000000-00000000-00000000
CPUID 00000004  1C000121-0140003F-0000003F-00000001 [SL 00]
CPUID 00000004  1C000122-01C0003F-0000003F-00000001 [SL 01]
CPUID 00000004  1C00C143-03C0003F-000003FF-00000001 [SL 02]
CPUID 00000005  00000040-00000040-00000003-33000020
CPUID 00000006  00000007-00000002-00000009-00000000
CPUID 00000007  00000000-00002282-00000000-00000000
CPUID 00000008  00000000-00000000-00000000-00000000
CPUID 00000009  00000000-00000000-00000000-00000000
CPUID 0000000A  07280203-00000000-00000000-00000503
CPUID 0000000B  00000001-00000001-00000100-00000004 [SL 00]
CPUID 0000000B  00000004-00000004-00000201-00000004 [SL 01]
CPUID 80000000  80000008-00000000-00000000-00000000
CPUID 80000001  00000000-00000000-00000101-28100000
CPUID 80000002  20202020-6E492020-286C6574-41202952 [ Intel(R) A]
CPUID 80000003  286D6F74-20294D54-5A2D3578-30303538 [tom(TM) x5-Z8500]
CPUID 80000004  50432020-20402055-34342E31-007A4847 [ CPU @ 1.44GHz]
CPUID 80000005  00000000-00000000-00000000-00000000
CPUID 80000006  00000000-00000000-04008040-00000000
CPUID 80000007  00000000-00000000-00000000-00000100
CPUID 80000008  00003024-00000000-00000000-00000000
 
CPUID Registers (CPU #4):
CPUID 00000000  0000000B-756E6547-6C65746E-49656E69 [GenuineIntel]
CPUID 00000001  000406C3-06100800-43D8E3BF-BFEBFBFF
CPUID 00000002  61B4A001-0000FFC2-00000000-00000000
CPUID 00000003  00000000-00000000-00000000-00000000
CPUID 00000004  1C000121-0140003F-0000003F-00000001 [SL 00]
CPUID 00000004  1C000122-01C0003F-0000003F-00000001 [SL 01]
CPUID 00000004  1C00C143-03C0003F-000003FF-00000001 [SL 02]
CPUID 00000005  00000040-00000040-00000003-33000020
CPUID 00000006  00000007-00000002-00000009-00000000
CPUID 00000007  00000000-00002282-00000000-00000000
CPUID 00000008  00000000-00000000-00000000-00000000
CPUID 00000009  00000000-00000000-00000000-00000000
CPUID 0000000A  07280203-00000000-00000000-00000503
CPUID 0000000B  00000001-00000001-00000100-00000006 [SL 00]
CPUID 0000000B  00000004-00000004-00000201-00000006 [SL 01]
CPUID 80000000  80000008-00000000-00000000-00000000
CPUID 80000001  00000000-00000000-00000101-28100000
CPUID 80000002  20202020-6E492020-286C6574-41202952 [ Intel(R) A]
CPUID 80000003  286D6F74-20294D54-5A2D3578-30303538 [tom(TM) x5-Z8500]
CPUID 80000004  50432020-20402055-34342E31-007A4847 [ CPU @ 1.44GHz]
CPUID 80000005  00000000-00000000-00000000-00000000
CPUID 80000006  00000000-00000000-04008040-00000000
CPUID 80000007  00000000-00000000-00000000-00000100
CPUID 80000008  00003024-00000000-00000000-00000000
 
MSR Registers:
MSR 00000017  0000-00F0-9004-1C5A [PlatID = 0]
MSR 0000001B  0000-0000-FEE0-0900
MSR 0000002A  0000-0000-4008-0000
MSR 00000035  < FAILED >
MSR 0000008B  0000-034D-0000-0000
MSR 000000CD  0000-0000-0000-0004
MSR 000000CE  0000-0600-0600-1200 [eD = 0]
MSR 000000E7  0000-021A-C0ED-A2B6 [S200]
MSR 000000E7  0000-021A-C301-E830 [S200]
MSR 000000E7  0000-021A-C80A-523A
MSR 000000E8  0000-018E-75DF-14FE [S200]
MSR 000000E8  0000-018E-7709-86B1 [S200]
MSR 000000E8  0000-018E-7790-E84F
MSR 000000EE  0000-0000-0238-0002
MSR 0000011E  0000-0000-7E28-010F
MSR 00000194  0000-0000-0000-0000
MSR 00000198  0000-7C00-0000-062D
MSR 00000198  0000-7C00-0000-062D [S200]
MSR 00000198  0000-7C00-0000-062D [S200]
MSR 00000199  0000-0000-0000-062D
MSR 0000019A  0000-0000-0000-0000
MSR 0000019B  0000-0000-0000-0000
MSR 0000019C  0000-0000-8827-000A [S200]
MSR 0000019C  0000-0000-882A-000A
MSR 0000019C  0000-0000-882A-000A [S200]
MSR 0000019D  0000-0000-0000-062D
MSR 000001A0  0000-0000-0085-0089
MSR 000001A2  0000-0000-035A-0000
MSR 000001A4  < FAILED >
MSR 000001AA  < FAILED >
MSR 000001AC  < FAILED >
MSR 000001AD  0000-0000-0000-0000
MSR 000001B0  0000-0000-0000-0006
MSR 000001B1  < FAILED >
MSR 000001B2  < FAILED >
MSR 000001FC  0000-0000-0000-0000
MSR 00000300  < FAILED >
MSR 00000480  00DA-0400-0000-0002
MSR 00000481  0000-007F-0000-0016
MSR 00000482  FFF9-FFFE-0401-E172
MSR 00000483  007F-FFFF-0003-6DFF
MSR 00000484  0000-FFFF-0000-11FF
MSR 00000485  0000-0000-0004-81E6
MSR 00000486  0000-0000-8000-0021
MSR 00000487  0000-0000-FFFF-FFFF
MSR 00000488  0000-0000-0000-2000
MSR 00000489  0000-0000-0010-27FF
MSR 0000048A  0000-0000-0000-002E
MSR 0000048B  0000-28EF-0000-0000
MSR 0000048C  0000-0F01-0611-4141
MSR 0000048D  0000-007F-0000-0016
MSR 0000048E  FFF9-FFFE-0400-6172
MSR 0000048F  007F-FFFF-0003-6DFB
MSR 00000490  0000-FFFF-0000-11FB
MSR 00000601  0000-0000-0000-0000
MSR 00000602  < FAILED >
MSR 00000603  < FAILED >
MSR 00000604  < FAILED >
MSR 00000606  0000-0000-0000-0505
MSR 0000060A  < FAILED >
MSR 0000060B  < FAILED >
MSR 0000060C  < FAILED >
MSR 0000060D  0000-0000-0000-0000
MSR 00000610  0014-80FA-0002-809C
MSR 00000611  0000-0000-0A90-5D01 [S200]
MSR 00000611  0000-0000-0A90-6FFE [S200]
MSR 00000611  0000-0000-0A90-82E9
MSR 00000613  < FAILED >
MSR 00000614  < FAILED >
MSR 00000618  < FAILED >
MSR 00000619  < FAILED >
MSR 0000061B  < FAILED >
MSR 0000061C  < FAILED >
MSR 00000638  0000-0000-0000-0000
MSR 00000639  0000-0000-031F-F74E [S200]
MSR 00000639  0000-0000-031F-F844 [S200]
MSR 00000639  0000-0000-031F-FB5A
MSR 0000063A  < FAILED >
MSR 0000063B  < FAILED >
MSR 00000640  < FAILED >
MSR 00000641  < FAILED >
MSR 00000642  < FAILED >
MSR 00000660  0000-0147-6599-5A36
MSR 00000661  0000-0000-0000-0000
MSR 00000662  0000-0000-0000-0000
MSR 00000663  0000-0000-0000-0000
MSR 00000664  0000-01B6-8DEA-B268
MSR 00000665  0000-0000-0000-0000
MSR 00000666  0000-0000-0000-0000
MSR 00000667  0000-0000-0000-001F
MSR 00000668  0000-0000-1313-0F0B
MSR 00000669  0000-0000-0304-000C
MSR 0000066A  0000-0000-0012-0602
MSR 0000066B  0000-0000-003E-2D2D
MSR 0000066C  0000-0000-1C1C-1C1C
MSR 0000066D  0000-0000-5A5A-5A5A
MSR 0000066E  0000-0000-0000-0000
MSR 0000066F  0000-0000-0000-0000
MSR 00000670  0000-0000-0000-0002
MSR 00000671  0000-0000-0000-200B
MSR 00000672  0000-0000-0000-0000
MSR 00000673  0000-0000-0000-0305
MSR 00000674  0000-0000-0405-500D
MSR 00000675  0000-0000-0000-0027
MSR 00000676  0000-0000-0000-0000
MSR 00000677  0000-0000-0000-0000


Motherboard

 
Motherboard Properties:
Motherboard ID  <DMI>
Motherboard Name  ASUSTeK COMPUTER INC. T100HAN
 
Front Side Bus Properties:
Bus Type  BCLK
Real Clock  80 MHz
Effective Clock  80 MHz
 
Memory Bus Properties:
Bus Type  Dual DDR3 SDRAM
Bus Width  128-bit
DRAM:FSB Ratio  30:3
Real Clock  798 MHz (DDR)
Effective Clock  1595 MHz
Bandwidth  25520 MB/s
 
Motherboard Manufacturer:
Company Name  ASUSTeK Computer Inc.
Product Information  http://www.asus.com/Motherboards
BIOS Download  http://support.asus.com/download/download.aspx?SLanguage=en-us
Driver Update  http://www.aida64.com/driver-updates
BIOS Upgrades  http://www.aida64.com/bios-updates


Memory

 
Physical Memory:
Total  1964 MB
Used  962 MB
Free  1001 MB
Utilization  49 %
 
Swap Space:
Total  3116 MB
Used  1476 MB
Free  1640 MB
Utilization  47 %
 
Virtual Memory:
Total  5080 MB
Used  2438 MB
Free  2642 MB
Utilization  48 %
 
Paging File:
Paging File  C:\pagefile.sys
Current Size  1152 MB
Current / Peak Usage  37 MB / 83 MB
Utilization  3 %
 
Physical Address Extension (PAE):
Supported by Operating System  Yes
Supported by CPU  Yes
Active  Yes


Chipset

 
[ North Bridge: Intel Cherry Trail IMC ]
 
North Bridge Properties:
North Bridge  Intel Cherry Trail IMC
Intel Platform  Cherry Trail
Supported Memory Types  DDR3-1600 SDRAM
Maximum Memory Amount  8 GB
Revision  20
Process Technology  14 nm
Debug Info  Reg00 = 008580A1h
Debug Info  Reg01/11 = 0390EA78h / 03006530h
Debug Info  Reg02/12 = 728F0903h / 29290301h
Debug Info  Reg03/13 = 30B58106h / 20938104h
Debug Info  Reg04/14 = 0630E505h / 06106305h
Debug Info  Reg05/15 = 34060400h / 23060400h
Debug Info  Reg08 = 00014D99h
Debug Info  Reg70 = 0000000Ah
Debug Info  RegP4-06 = 328F0010h / RegP4-B0 = 00000003h / RegP4-B1 = 00A0A6A5h / RegP4-D1 = 00000000h / RegP4-D3
 
Memory Controller:
Type  Dual Channel (128-bit)
Active Mode  Dual Channel (128-bit)
 
Memory Timings:
CAS Latency (CL)  12T
RAS To CAS Delay (tRCD)  15T
RAS Precharge (tRP)  20T
RAS Active Time (tRAS)  34T
Command Rate (CR)  1T
CAS To CAS Delay (tCCD)  4T
RAS To RAS Delay (tRRD)  8T
Write Recovery Time (tWR)  14T
Read To Read Delay (tRTR)  Different Rank: 8T
Read To Write Delay (tRTW)  Same Rank: 16T, Different Rank: 16T
Write To Read Delay (tWTR)  8T, Same Rank: 18T, Different Rank: 8T
Write To Write Delay (tWTW)  Different Rank: 5T
Read To Precharge Delay (tRTP)  7T
Write To Precharge Delay (tWTP)  24T
Four Activate Window Delay (tFAW)  40T
Write CAS Latency (tWCL)  6T
Refresh Period (tREF)  Disabled
Burst Length (BL)  8
 
Error Correction:
ECC  Not Supported
ChipKill ECC  Not Supported
RAID  Not Supported
ECC Scrubbing  Not Supported
 
Integrated Graphics Controller:
Graphics Controller Type  Intel HD Graphics
Graphics Controller Status  Enabled
 
Chipset Manufacturer:
Company Name  Intel Corporation
Product Information  http://www.intel.com/products/chipsets
Driver Download  http://support.intel.com/support/chipsets
BIOS Upgrades  http://www.aida64.com/bios-updates
Driver Update  http://www.aida64.com/driver-updates


BIOS

 
BIOS Properties:
BIOS Type  AMI
BIOS Version  T100HAN.204
System BIOS Date  07/14/2015
Video BIOS Date  Unknown
 
BIOS Manufacturer:
Company Name  American Megatrends Inc.
Product Information  http://www.ami.com/amibios
BIOS Upgrades  http://www.aida64.com/bios-updates


ACPI

 
[ APIC: Multiple APIC Description Table ]
 
ACPI Table Properties:
ACPI Signature  APIC
Table Description  Multiple APIC Description Table
Memory Address  7A733D90h
Table Length  132 bytes
OEM ID  _ASUS_
OEM Table ID  Notebook
OEM Revision  01072009h
Creator ID  AMI
Creator Revision  00010013h
Local APIC Address  FEE00000h
 
Processor Local APIC:
ACPI Processor ID  01h
APIC ID  00h
Status  Enabled
 
Local APIC NMI:
ACPI Processor ID  01h
Local ACPI LINT#  01h
Polarity  Active High
Trigger Mode  Edge-Triggered
 
Processor Local APIC:
ACPI Processor ID  02h
APIC ID  02h
Status  Enabled
 
Local APIC NMI:
ACPI Processor ID  02h
Local ACPI LINT#  01h
Polarity  Active High
Trigger Mode  Edge-Triggered
 
Processor Local APIC:
ACPI Processor ID  03h
APIC ID  04h
Status  Enabled
 
Local APIC NMI:
ACPI Processor ID  03h
Local ACPI LINT#  01h
Polarity  Active High
Trigger Mode  Edge-Triggered
 
Processor Local APIC:
ACPI Processor ID  04h
APIC ID  06h
Status  Enabled
 
Local APIC NMI:
ACPI Processor ID  04h
Local ACPI LINT#  01h
Polarity  Active High
Trigger Mode  Edge-Triggered
 
I/O APIC:
I/O APIC ID  01h
I/O APIC Address  FEC00000h
Global System Interrupt Base  00000000h
 
Interrupt Source Override:
Bus  ISA
Source  IRQ0
Global System Interrupt  00000002h
Polarity  Conforms to the specifications of the bus
Trigger Mode  Conforms to the specifications of the bus
 
Interrupt Source Override:
Bus  ISA
Source  IRQ9
Global System Interrupt  00000009h
Polarity  Active High
Trigger Mode  Level-Triggered
 
[ BCFG: Unknown ]
 
ACPI Table Properties:
ACPI Signature  BCFG
Table Description  Unknown
Memory Address  7A739890h
Table Length  313 bytes
OEM ID  INTEL
OEM Table ID  BATTCONF
OEM Revision  00000001h
Creator ID  INTL
Creator Revision  00000000h
 
[ BGRT: Boot Graphics Resource Table ]
 
ACPI Table Properties:
ACPI Signature  BGRT
Table Description  Boot Graphics Resource Table
Memory Address  7A739A00h
Table Length  56 bytes
OEM ID  _ASUS_
OEM Table ID  Notebook
OEM Revision  01072009h
Creator ID  AMI
Creator Revision  00010013h
 
[ CSRT: Core System Resource Table ]
 
ACPI Table Properties:
ACPI Signature  CSRT
Table Description  Core System Resource Table
Memory Address  7A739A38h
Table Length  332 bytes
OEM ID  INTEL
OEM Table ID  LANFORDC
OEM Revision  00000005h
Creator ID  MSFT
Creator Revision  0100000Dh
 
[ DSDT: Differentiated System Description Table ]
 
ACPI Table Properties:
ACPI Signature  DSDT
Table Description  Differentiated System Description Table
Memory Address  7A719230h
Table Length  109135 bytes
OEM ID  _ASUS_
OEM Table ID  Notebook
OEM Revision  01072009h
Creator ID  INTL
Creator Revision  20120913h
 
nVIDIA SLI:
SLI Certification  Not Present
PCI 0-0-0-0 (Direct I/O)  8086-2280 (Intel)
PCI 0-0-0-0 (HAL)  8086-2280 (Intel)
 
Lucid Virtu:
Virtu Certification  Not Present
 
[ FACP: Fixed ACPI Description Table ]
 
ACPI Table Properties:
ACPI Signature  FACP
Table Description  Fixed ACPI Description Table
Memory Address  7A7191A8h
Table Length  132 bytes
OEM ID  _ASUS_
OEM Table ID  Notebook
OEM Revision  01072009h
Creator ID  AMI
Creator Revision  00010013h
FACS Address  7ADC8F40h
DSDT Address  7A719230h
SMI Command Port  000000B2h
PM Timer  00000408h
 
[ FACP: Fixed ACPI Description Table ]
 
ACPI Table Properties:
ACPI Signature  FACP
Table Description  Fixed ACPI Description Table
Memory Address  00000000-7A733C80h
Table Length  268 bytes
OEM ID  _ASUS_
OEM Table ID  Notebook
OEM Revision  01072009h
Creator ID  AMI
Creator Revision  00010013h
FACS Address  7ADC8F80h / 00000000-00000000h
DSDT Address  7A719230h / 00000000-7A719230h
SMI Command Port  000000B2h
PM Timer  00000408h
 
[ FACS: Firmware ACPI Control Structure ]
 
ACPI Table Properties:
ACPI Signature  FACS
Table Description  Firmware ACPI Control Structure
Memory Address  7ADC8F40h
Table Length  64 bytes
Hardware Signature  C8B9708Fh
Waking Vector  00000000h
Global Lock  00000000h
 
[ FBPT: Firmware Basic Boot Performance Table ]
 
ACPI Table Properties:
ACPI Signature  FBPT
Table Description  Firmware Basic Boot Performance Table
Memory Address  00000000-7B735F50h
Table Length  56 bytes
 
[ FIDT: Firmware ID Table ]
 
ACPI Table Properties:
ACPI Signature  FIDT
Table Description  Firmware ID Table
Memory Address  7A733E60h
Table Length  156 bytes
OEM ID  _ASUS_
OEM Table ID  Notebook
OEM Revision  01072009h
Creator ID  AMI
Creator Revision  00010013h
 
[ FPDT: Firmware Performance Data Table ]
 
ACPI Table Properties:
ACPI Signature  FPDT
Table Description  Firmware Performance Data Table
Memory Address  7A733E18h
Table Length  68 bytes
OEM ID  _ASUS_
OEM Table ID  Notebook
OEM Revision  01072009h
Creator ID  AMI
Creator Revision  00010013h
FBPT Address  00000000-7B735F50h
S3PT Address  00000000-7B735F30h
 
[ HPET: IA-PC High Precision Event Timer Table ]
 
ACPI Table Properties:
ACPI Signature  HPET
Table Description  IA-PC High Precision Event Timer Table
Memory Address  7A738760h
Table Length  56 bytes
OEM ID  _ASUS_
OEM Table ID  Notebook
OEM Revision  01072009h
Creator ID  AMI.
Creator Revision  00000005h
HPET Address  00000000-FED00000h
Vendor ID  8086h
Revision ID  01h
Number of Timers  3
Counter Size  64-bit
Minimum Clock Ticks  128
Page Protection  No Guarantee
OEM Attribute  0h
LegacyReplacement IRQ Routing  Supported
 
[ LPIT: Low-Power Idle Table ]
 
ACPI Table Properties:
ACPI Signature  LPIT
Table Description  Low-Power Idle Table
Memory Address  7A739788h
Table Length  260 bytes
OEM ID  _ASUS_
OEM Table ID  Notebook
OEM Revision  00000005h
Creator ID  MSFT
Creator Revision  0100000Dh
 
[ MCFG: Memory Mapped Configuration Space Base Address Description Table ]
 
ACPI Table Properties:
ACPI Signature  MCFG
Table Description  Memory Mapped Configuration Space Base Address Description Table
Memory Address  7A733F00h
Table Length  60 bytes
OEM ID  _ASUS_
OEM Table ID  Notebook
OEM Revision  01072009h
Creator ID  MSFT
Creator Revision  00000097h
Config Space Address  00000000-E0000000h
PCI Segment  0000h
Start Bus Number  00h
End Bus Number  FFh
 
[ MSDM: Microsoft Data Management Table ]
 
ACPI Table Properties:
ACPI Signature  MSDM
Table Description  Microsoft Data Management Table
Memory Address  7A529F18h
Table Length  85 bytes
OEM ID  _ASUS_
OEM Table ID  Notebook
OEM Revision  00000000h
Creator ID  ASUS
Creator Revision  00000001h
SLS Version  1
SLS Data Type  1
SLS Data Length  29
SLS Data  FWN3K-734X4-3P42K-HB7RM-G29HP
 
[ PRAM: Unknown ]
 
ACPI Table Properties:
ACPI Signature  PRAM
Table Description  Unknown
Memory Address  7A7399D0h
Table Length  48 bytes
OEM Revision  00000001h
Creator Revision  00000000h
 
[ RSD PTR: Root System Description Pointer ]
 
ACPI Table Properties:
ACPI Signature  RSD PTR
Table Description  Root System Description Pointer
Memory Address  000F0000h
Table Length  36 bytes
OEM ID  _ASUS_
RSDP Revision  2 (ACPI 2.0+)
RSDT Address  7A719028h
XSDT Address  00000000-7A7190B8h
 
[ RSDT: Root System Description Table ]
 
ACPI Table Properties:
ACPI Signature  RSDT
Table Description  Root System Description Table
Memory Address  7A719028h
Table Length  136 bytes
OEM ID  _ASUS_
OEM Table ID  Notebook
OEM Revision  01072009h
Creator ID  MSFT
Creator Revision  00010013h
RSDT Entry #0  7A7191A8h (FACP)
RSDT Entry #1  7A733D90h (APIC)
RSDT Entry #2  7A733E18h (FPDT)
RSDT Entry #3  7A733E60h (FIDT)
RSDT Entry #4  7A733F00h (MCFG)
RSDT Entry #5  7A733F40h (SSDT)
RSDT Entry #6  7A738040h (SSDT)
RSDT Entry #7  7A7386C0h (SSDT)
RSDT Entry #8  7A738718h (UEFI)
RSDT Entry #9  7A738760h (HPET)
RSDT Entry #10  7A738798h (SSDT)
RSDT Entry #11  7A738F00h (SSDT)
RSDT Entry #12  7A739190h (SSDT)
RSDT Entry #13  7A739310h (SSDT)
RSDT Entry #14  7A739750h (TPM2)
RSDT Entry #15  7A739788h (LPIT)
RSDT Entry #16  7A739890h (BCFG)
RSDT Entry #17  7A7399D0h (PRAM)
RSDT Entry #18  7A739A00h (BGRT)
RSDT Entry #19  7A739A38h (CSRT)
RSDT Entry #20  7A739B88h (WDAT)
RSDT Entry #21  7A739C90h (SSDT)
RSDT Entry #22  7A73DD90h (SSDT)
RSDT Entry #23  7A73E410h (SSDT)
RSDT Entry #24  7A529F18h (MSDM)
 
[ S3PT: S3 Performance Table ]
 
ACPI Table Properties:
ACPI Signature  S3PT
Table Description  S3 Performance Table
Memory Address  00000000-7B735F30h
Table Length  32 bytes
 
[ SSDT: Secondary System Description Table ]
 
ACPI Table Properties:
ACPI Signature  SSDT
Table Description  Secondary System Description Table
Memory Address  7A733F40h
Table Length  16636 bytes
OEM ID  DptfTb
OEM Table ID  DptfTab
OEM Revision  00001000h
Creator ID  INTL
Creator Revision  20120913h
 
[ SSDT: Secondary System Description Table ]
 
ACPI Table Properties:
ACPI Signature  SSDT
Table Description  Secondary System Description Table
Memory Address  7A738040h
Table Length  1661 bytes
OEM ID  CpuDpf
OEM Table ID  CpuDptf
OEM Revision  00001000h
Creator ID  INTL
Creator Revision  20120913h
 
[ SSDT: Secondary System Description Table ]
 
ACPI Table Properties:
ACPI Signature  SSDT
Table Description  Secondary System Description Table
Memory Address  7A7386C0h
Table Length  88 bytes
OEM ID  LowPM
OEM Table ID  LowPwrM
OEM Revision  00001000h
Creator ID  INTL
Creator Revision  20120913h
 
[ SSDT: Secondary System Description Table ]
 
ACPI Table Properties:
ACPI Signature  SSDT
Table Description  Secondary System Description Table
Memory Address  7A738798h
Table Length  1891 bytes
OEM ID  PmRef
OEM Table ID  CpuPm
OEM Revision  00003000h
Creator ID  INTL
Creator Revision  20120913h
 
[ SSDT: Secondary System Description Table ]
 
ACPI Table Properties:
ACPI Signature  SSDT
Table Description  Secondary System Description Table
Memory Address  7A738F00h
Table Length  656 bytes
OEM ID  PmRef
OEM Table ID  Cpu0Tst
OEM Revision  00003000h
Creator ID  INTL
Creator Revision  20120913h
 
[ SSDT: Secondary System Description Table ]
 
ACPI Table Properties:
ACPI Signature  SSDT
Table Description  Secondary System Description Table
Memory Address  7A739190h
Table Length  378 bytes
OEM ID  PmRef
OEM Table ID  ApTst
OEM Revision  00003000h
Creator ID  INTL
Creator Revision  20120913h
 
[ SSDT: Secondary System Description Table ]
 
ACPI Table Properties:
ACPI Signature  SSDT
Table Description  Secondary System Description Table
Memory Address  7A739310h
Table Length  1082 bytes
OEM ID  Intel_
OEM Table ID  Tpm2Tabl
OEM Revision  00001000h
Creator ID  INTL
Creator Revision  20120913h
 
[ SSDT: Secondary System Description Table ]
 
ACPI Table Properties:
ACPI Signature  SSDT
Table Description  Secondary System Description Table
Memory Address  7A739C90h
Table Length  16636 bytes
OEM ID  DptfTb
OEM Table ID  DptfTab
OEM Revision  00001000h
Creator ID  INTL
Creator Revision  20120913h
 
[ SSDT: Secondary System Description Table ]
 
ACPI Table Properties:
ACPI Signature  SSDT
Table Description  Secondary System Description Table
Memory Address  7A73DD90h
Table Length  1661 bytes
OEM ID  CpuDpf
OEM Table ID  CpuDptf
OEM Revision  00001000h
Creator ID  INTL
Creator Revision  20120913h
 
[ SSDT: Secondary System Description Table ]
 
ACPI Table Properties:
ACPI Signature  SSDT
Table Description  Secondary System Description Table
Memory Address  7A73E410h
Table Length  88 bytes
OEM ID  LowPM
OEM Table ID  LowPwrM
OEM Revision  00001000h
Creator ID  INTL
Creator Revision  20120913h
 
[ TPM2: TPM 2.0 Hardware Interface Table ]
 
ACPI Table Properties:
ACPI Signature  TPM2
Table Description  TPM 2.0 Hardware Interface Table
Memory Address  7A739750h
Table Length  52 bytes
OEM Revision  00000000h
Creator Revision  00000000h
 
[ UEFI: UEFI ACPI Boot Optimization Table ]
 
ACPI Table Properties:
ACPI Signature  UEFI
Table Description  UEFI ACPI Boot Optimization Table
Memory Address  7A738718h
Table Length  66 bytes
OEM ID  _ASUS_
OEM Table ID  Notebook
OEM Revision  00000000h
Creator Revision  00000000h
 
[ WDAT: Watchdog Action Table ]
 
ACPI Table Properties:
ACPI Signature  WDAT
Table Description  Watchdog Action Table
Memory Address  7A739B88h
Table Length  260 bytes
OEM Revision  00000000h
Creator Revision  00000000h
 
[ XSDT: Extended System Description Table ]
 
ACPI Table Properties:
ACPI Signature  XSDT
Table Description  Extended System Description Table
Memory Address  00000000-7A7190B8h
Table Length  236 bytes
OEM ID  _ASUS_
OEM Table ID  Notebook
OEM Revision  01072009h
Creator ID  AMI
Creator Revision  00010013h
XSDT Entry #0  00000000-7A733C80h (FACP)
XSDT Entry #1  00000000-7A733D90h (APIC)
XSDT Entry #2  00000000-7A733E18h (FPDT)
XSDT Entry #3  00000000-7A733E60h (FIDT)
XSDT Entry #4  00000000-7A733F00h (MCFG)
XSDT Entry #5  00000000-7A733F40h (SSDT)
XSDT Entry #6  00000000-7A738040h (SSDT)
XSDT Entry #7  00000000-7A7386C0h (SSDT)
XSDT Entry #8  00000000-7A738718h (UEFI)
XSDT Entry #9  00000000-7A738760h (HPET)
XSDT Entry #10  00000000-7A738798h (SSDT)
XSDT Entry #11  00000000-7A738F00h (SSDT)
XSDT Entry #12  00000000-7A739190h (SSDT)
XSDT Entry #13  00000000-7A739310h (SSDT)
XSDT Entry #14  00000000-7A739750h (TPM2)
XSDT Entry #15  00000000-7A739788h (LPIT)
XSDT Entry #16  00000000-7A739890h (BCFG)
XSDT Entry #17  00000000-7A7399D0h (PRAM)
XSDT Entry #18  00000000-7A739A00h (BGRT)
XSDT Entry #19  00000000-7A739A38h (CSRT)
XSDT Entry #20  00000000-7A739B88h (WDAT)
XSDT Entry #21  00000000-7A739C90h (SSDT)
XSDT Entry #22  00000000-7A73DD90h (SSDT)
XSDT Entry #23  00000000-7A73E410h (SSDT)
XSDT Entry #24  00000000-7A529F18h (MSDM)


Operating System

 
Operating System Properties:
OS Name  Microsoft Windows 10
OS Language  English (United States)
OS Installer Language  English (United States)
OS Kernel Type  Multiprocessor Free (64-bit)
OS Version  10.0.10240.16431 (Win10 RTM)
OS Service Pack  -
OS Installation Date  20/08/2015
OS Root  C:\Windows
 
License Information:
Registered Owner  galffycsaba@gmail.com
Registered Organization  Microsoft
Product ID  00325-80000-00000-AAOEM
Product Key  37GNV-YCQVD-38XP9-T848R-FC2HD
Product Activation (WPA)  Required
 
Current Session:
Computer Name  LAPTOP-5DNN8R19
User Name  galff
Logon Domain  LAPTOP-5DNN8R19
UpTime  4224 sec (0 days, 1 hours, 10 min, 24 sec)
 
Components Version:
Common Controls  6.16
Windows Mail  10.0.10240.16384 (th1.150709-1700)
Windows Media Player  12.0.10240.16384 (th1.150709-1700)
Windows Messenger  -
MSN Messenger  -
Internet Information Services (IIS)  -
.NET Framework  4.6.79.0 built by: NETFXREL2
Novell Client  -
DirectX  DirectX 12.0
OpenGL  10.0.10240.16384 (th1.150709-1700)
ASPI  -
 
Operating System Features:
Debug Version  No
DBCS Version  No
Domain Controller  No
Security Present  No
Network Present  Yes
Remote Session  No
Safe Mode  No
Slow Processor  No
Terminal Services  Yes


Processes

 
Process Name  Process File Name  Type  Used Memory  Used Swap
ACMON.exe  C:\Program Files (x86)\ASUS\Splendid\ACMON.exe  32-bit  296 KB  1 KB
aida64.exe  C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe  32-bit  37696 KB  66 KB
ApplicationFrameHost.exe  C:\Windows\system32\ApplicationFrameHost.exe  64-bit  11632 KB  5 KB
AsHidSrv.exe  C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe  32-bit  516 KB  1 KB
AsLdrSrv.exe  C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe  32-bit  456 KB  1 KB
AsPatchTouchPanel64.exe  C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe  64-bit  284 KB  1 KB
ASUSScreenAdjustService.exe  C:\Program Files\ASUS\ASUS T100HAN DisplayControl\ASUSScreenAdjustService.exe  32-bit  828 KB  7 KB
AsusTPCenter.exe  C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe  64-bit  2964 KB  2 KB
AsusTPHelper.exe  C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe  64-bit  1356 KB  1 KB
AsusTPLoader.exe  C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe  64-bit  2320 KB  1 KB
ATKOSD2.exe  C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe  32-bit  560 KB  1 KB
audiodg.exe  C:\Windows\system32\AUDIODG.EXE  64-bit  25104 KB  19 KB
conhost.exe  C:\Windows\system32\conhost.exe  64-bit  172 KB  0 KB
ContinuumAdjust.exe  C:\Program Files\ASUS\ASUS T100HAN DisplayControl\ContinuumAdjust.exe  32-bit  3636 KB  12 KB
csrss.exe    64-bit  1388 KB  1 KB
csrss.exe    64-bit  1772 KB  1 KB
dasHost.exe  C:\Windows\system32\dashost.exe  32-bit  2216 KB  0 KB
dllhost.exe  C:\Windows\system32\DllHost.exe  32-bit  1992 KB  1 KB
DMedia.exe  C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe  32-bit  504 KB  1 KB
DptfParticipantProcessorService.exe  C:\Windows\system32\DptfParticipantProcessorService.exe  64-bit  352 KB  0 KB
DptfPolicyCriticalService.exe  C:\Windows\system32\DptfPolicyCriticalService.exe  64-bit  344 KB  0 KB
DptfPolicyLpmService.exe  C:\Windows\system32\DptfPolicyLpmService.exe  64-bit  344 KB  0 KB
DptfPolicyLpmServiceHelper.exe  C:\Windows\System32\DptfPolicyLpmServiceHelper.exe  64-bit  196 KB  0 KB
dwm.exe  C:\Windows\system32\dwm.exe  64-bit  32156 KB  39 KB
explorer.exe  C:\Windows\Explorer.EXE  64-bit  45268 KB  39 KB
GFNEXSrv.exe  C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe  32-bit  360 KB  0 KB
HControl.exe  C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe  32-bit  1840 KB  1 KB
igfxCUIService.exe  C:\Windows\system32\igfxCUIService.exe  64-bit  1468 KB  1 KB
igfxEM.exe  C:\Windows\system32\igfxEM.exe  64-bit  4864 KB  3 KB
igfxHK.exe  C:\Windows\system32\igfxHK.exe  64-bit  1512 KB  1 KB
igfxTray.exe  C:\Windows\system32\igfxTray.exe  64-bit  2124 KB  3 KB
isa.exe  C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe  32-bit  8268 KB  16 KB
isa.exe  C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe  32-bit  8404 KB  15 KB
jhi_service.exe  C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe  32-bit  460 KB  1 KB
LiveUpdate.exe  C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe  32-bit  11056 KB  61 KB
LockAppHost.exe  C:\Windows\System32\LockAppHost.exe  64-bit  21008 KB  3 KB
LogonDisplayControl.exe  C:\Program Files\ASUS\ASUS T100HAN DisplayControl\LogonDisplayControl.exe  64-bit  2324 KB  18 KB
lsass.exe  C:\Windows\system32\lsass.exe  64-bit  7264 KB  5 KB
MsMpEng.exe    64-bit  97 MB  112 KB
NetworkUXBroker.exe  C:\Windows\System32\NetworkUXBroker.exe  64-bit  6616 KB  4 KB
NisSrv.exe    64-bit  2324 KB  3 KB
OneDrive.exe  C:\Users\galff\AppData\Local\Microsoft\OneDrive\OneDrive.exe  32-bit  5448 KB  10 KB
PresentationFontCache.exe  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe  64-bit  944 KB  23 KB
RtkNGUI64.exe  C:\Program Files\Realtek\Audio\AP\RtkNGUI64.exe  64-bit  1508 KB  3 KB
RuntimeBroker.exe  C:\Windows\System32\RuntimeBroker.exe  64-bit  27960 KB  23 KB
SearchFilterHost.exe  C:\Windows\system32\SearchFilterHost.exe  64-bit  6976 KB  1 KB
SearchIndexer.exe  C:\Windows\system32\SearchIndexer.exe  64-bit  18736 KB  27 KB
SearchProtocolHost.exe  C:\Windows\system32\SearchProtocolHost.exe  64-bit  10616 KB  1 KB
SearchProtocolHost.exe  C:\Windows\system32\SearchProtocolHost.exe  64-bit  6712 KB  1 KB
SearchUI.exe  C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe  64-bit  1464 KB  63 KB
services.exe    64-bit  3860 KB  2 KB
SettingSyncHost.exe  C:\Windows\system32\SettingSyncHost.exe  64-bit  4668 KB  11 KB
ShellExperienceHost.exe  C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe  64-bit  1648 KB  28 KB
sihost.exe  C:\Windows\system32\sihost.exe  64-bit  15324 KB  4 KB
smss.exe    64-bit  216 KB  0 KB
splwow64.exe  C:\Windows\splwow64.exe  64-bit  6124 KB  1 KB
spoolsv.exe  C:\Windows\System32\spoolsv.exe  64-bit  4828 KB  5 KB
sppsvc.exe    64-bit  16596 KB  6 KB
svchost.exe  C:\Windows\system32\svchost.exe  64-bit  15480 KB  9 KB
svchost.exe  C:\Windows\system32\svchost.exe  64-bit  4800 KB  3 KB
svchost.exe  C:\Windows\system32\svchost.exe  64-bit  15476 KB  18 KB
svchost.exe  C:\Windows\System32\svchost.exe  64-bit  8760 KB  6 KB
svchost.exe  C:\Windows\system32\svchost.exe  64-bit  15668 KB  12 KB
svchost.exe  C:\Windows\system32\svchost.exe  64-bit  8128 KB  4 KB
svchost.exe  C:\Windows\System32\svchost.exe  64-bit  11316 KB  6 KB
svchost.exe  C:\Windows\system32\svchost.exe  64-bit  7244 KB  24 KB
svchost.exe  C:\Windows\system32\svchost.exe  64-bit  26440 KB  21 KB
svchost.exe  C:\Windows\system32\svchost.exe  64-bit  3504 KB  5 KB
svchost.exe  C:\Windows\System32\svchost.exe  64-bit  6092 KB  1 KB
svchost.exe  C:\Windows\system32\svchost.exe  64-bit  9844 KB  5 KB
svchost.exe  C:\Windows\system32\svchost.exe  64-bit  6412 KB  4 KB
svchost.exe  C:\Windows\system32\svchost.exe  64-bit  13016 KB  10 KB
System Idle Process      4 KB  0 KB
System    64-bit  35244 KB  0 KB
SystemSettingsBroker.exe  C:\Windows\System32\SystemSettingsBroker.exe  64-bit  4844 KB  3 KB
T100DisplayControl.exe  C:\Program Files\ASUS\ASUS T100HAN DisplayControl\T100DisplayControl.exe  64-bit  280 KB  1 KB
TabTip.exe  C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe  64-bit  2432 KB  2 KB
TabTip32.exe  C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe  32-bit  252 KB  1 KB
taskhostw.exe  C:\Windows\system32\taskhostw.exe  64-bit  11496 KB  10 KB
Taskmgr.exe  C:\Windows\system32\taskmgr.exe  64-bit  23416 KB  15 KB
wininit.exe    64-bit  104 KB  0 KB
winlogon.exe  C:\Windows\system32\winlogon.exe  64-bit  3244 KB  1 KB
wlanext.exe  C:\Windows\system32\WLANExt.exe  64-bit  1604 KB  1 KB
WmiPrvSE.exe  C:\Windows\system32\wbem\wmiprvse.exe  64-bit  7384 KB  1 KB
WmiPrvSE.exe  C:\Windows\system32\wbem\wmiprvse.exe  64-bit  8104 KB  2 KB
WmiPrvSE.exe  C:\Windows\sysWOW64\wbem\wmiprvse.exe  64-bit  8596 KB  3 KB
WUDFHost.exe  C:\Windows\System32\WUDFHost.exe  64-bit  4516 KB  37 KB


System Drivers

 
Driver Name  Driver Description  File Name  Version  Type  State
1394ohci  1394 OHCI Compliant Host Controller  1394ohci.sys  10.0.10240.16384  Kernel Driver  Stopped
3ware  3ware  3ware.sys  5.1.0.51  Kernel Driver  Stopped
ACPI  Microsoft ACPI Driver  ACPI.sys  10.0.10240.16397  Kernel Driver  Running
acpiex  Microsoft ACPIEx Driver  acpiex.sys  10.0.10240.16384  Kernel Driver  Running
acpipagr  ACPI Processor Aggregator Driver  acpipagr.sys  10.0.10240.16384  Kernel Driver  Running
AcpiPmi  ACPI Power Meter Driver  acpipmi.sys  10.0.10240.16384  Kernel Driver  Stopped
acpitime  ACPI Wake Alarm Driver  acpitime.sys  10.0.10240.16384  Kernel Driver  Stopped
ADP80XX  ADP80XX  ADP80XX.SYS  1.3.0.10769  Kernel Driver  Stopped
AFD  Ancillary Function Driver for Winsock  afd.sys  10.0.10240.16384  Kernel Driver  Running
agp440  Intel AGP Bus Filter  agp440.sys  10.0.10240.16384  Kernel Driver  Stopped
ahcache  Application Compatibility Cache  ahcache.sys  10.0.10240.16384  Kernel Driver  Running
AIDA64Driver  FinalWire AIDA64 Kernel Driver  kerneld.x64    Kernel Driver  Running
AmdK8  AMD K8 Processor Driver  amdk8.sys  10.0.10240.16384  Kernel Driver  Stopped
AmdPPM  AMD Processor Driver  amdppm.sys  10.0.10240.16384  Kernel Driver  Stopped
amdsata  amdsata  amdsata.sys  1.1.3.277  Kernel Driver  Stopped
amdsbs  amdsbs  amdsbs.sys  3.7.1540.43  Kernel Driver  Stopped
amdxata  amdxata  amdxata.sys  1.1.3.277  Kernel Driver  Stopped
AppID  AppID Driver  appid.sys  10.0.10240.16384  Kernel Driver  Stopped
arcsas  Adaptec SAS/SATA-II RAID Storport's Miniport Driver  arcsas.sys  7.5.0.32048  Kernel Driver  Stopped
ASMMAP64  ASMMAP64  ASMMAP64.sys  1.0.9.1  Kernel Driver  Running
AsusSGDrv  ASUS Touch Service  AsusSGDrv.sys  8.1.0.16  Kernel Driver  Running
AsyncMac  RAS Asynchronous Media Driver  asyncmac.sys  10.0.10240.16384  Kernel Driver  Stopped
atapi  IDE Channel  atapi.sys  10.0.10240.16384  Kernel Driver  Stopped
ATKWMIACPIIO  ATKWMIACPI Driver  atkwmiacpi64.sys  1.0.6.1  Kernel Driver  Running
b06bdrv  Broadcom NetXtreme II VBD  bxvbda.sys  7.4.14.0  Kernel Driver  Stopped
BasicDisplay  BasicDisplay  BasicDisplay.sys  10.0.10240.16384  Kernel Driver  Running
BasicRender  BasicRender  BasicRender.sys  10.0.10240.16384  Kernel Driver  Running
bcmfn2  bcmfn2 Service  bcmfn2.sys  6.3.9391.6  Kernel Driver  Running
BCMSDH43XX  Broadcom 802.11 SDIO Network Adapter Driver  bcmdhd63.sys  5.93.102.19  Kernel Driver  Running
Beep  Beep      Kernel Driver  Running
bowser  Browser Support Driver  bowser.sys  10.0.10240.16384  File System Driver  Running
BthAvrcpTg  Bluetooth Audio/Video Remote Control HID  BthAvrcpTg.sys  10.0.10240.16384  Kernel Driver  Stopped
BthEnum  Bluetooth Enumerator Service  BthEnum.sys  10.0.10240.16384  Kernel Driver  Running
BthHFEnum  Bluetooth Hands-Free Audio and Call Control HID Enumerator  bthhfenum.sys  10.0.10240.16412  Kernel Driver  Stopped
bthhfhid  Bluetooth Hands-Free Call Control HID  BthHFHid.sys  10.0.10240.16384  Kernel Driver  Stopped
BthLEEnum  Bluetooth Low Energy Driver  BthLEEnum.sys  10.0.10240.16384  Kernel Driver  Running
BthMini  Bluetooth Radio Driver  BTHMINI.sys  10.0.10240.16384  Kernel Driver  Running
BTHMODEM  Bluetooth Serial Communications Driver  bthmodem.sys  10.0.10240.16384  Kernel Driver  Stopped
BthPan  Bluetooth Device (Personal Area Network)  bthpan.sys  10.0.10240.16384  Kernel Driver  Running
BTHPORT  Bluetooth Port Driver  BTHport.sys  10.0.10240.16384  Kernel Driver  Stopped
btwampfl  btwampfl  btwampfl.sys  12.0.1.410  Kernel Driver  Stopped
BtwSerialBus  Broadcom Serial Bus Driver over UART Bus Enumerator  BtwSerialBus.sys  12.0.1.590  Kernel Driver  Running
buttonconverter  Service for Portable Device Control devices  buttonconverter.sys  10.0.10240.16384  Kernel Driver  Running
camera  Intel(R) AVStream Camera  iacamera64.sys  1.0.0.1  Kernel Driver  Running
CapImg  HID driver for CapImg touch screen  capimg.sys  10.0.10240.16384  Kernel Driver  Stopped
cdfs  CD/DVD File System Reader  cdfs.sys  10.0.10240.16384  File System Driver  Stopped
cdrom  CD-ROM Driver  cdrom.sys  10.0.10240.16384  Kernel Driver  Stopped
circlass  Consumer IR Devices  circlass.sys  10.0.10240.16384  Kernel Driver  Stopped
CLFS  Common Log (CLFS)  CLFS.sys  10.0.10240.16384  Kernel Driver  Running
CmBatt  Microsoft ACPI Control Method Battery Driver  CmBatt.sys  10.0.10240.16384  Kernel Driver  Running
CNG  CNG  cng.sys  10.0.10240.16392  Kernel Driver  Running
cnghwassist  CNG Hardware Assist algorithm provider  cnghwassist.sys  10.0.10240.16384  Kernel Driver  Stopped
CompositeBus  Composite Bus Enumerator Driver  CompositeBus.sys  6.2.10240.16384  Kernel Driver  Running
condrv  Console Driver  condrv.sys  10.0.10240.16384  Kernel Driver  Running
dam  Desktop Activity Moderator Driver  dam.sys  10.0.10240.16391  Kernel Driver  Running
Dfsc  DFS Namespace Client Driver  dfsc.sys  10.0.10240.16384  File System Driver  Running
disk  Disk Driver  disk.sys  10.0.10240.16384  Kernel Driver  Running
dmvsc  dmvsc  dmvsc.sys  10.0.10240.16384  Kernel Driver  Stopped
DptfDevAmbient  DptfDevAmbient  DptfDevAmbient.sys  604.10146.2651.1559  Kernel Driver  Stopped
DptfDevDBPT  DptfDevDBPT  DptfDevPower.sys  604.10146.2651.1559  Kernel Driver  Stopped
DptfDevDisplay  DptfDevDisplay  DptfDevDisplay.sys  604.10146.2651.1559  Kernel Driver  Running
DptfDevGen  DptfDevGen  DptfDevGen.sys  604.10146.2651.1559  Kernel Driver  Running
DptfDevProc  DptfDevProc  DptfDevProc.sys  604.10146.2651.1559  Kernel Driver  Running
DptfDevWireless  DptfDevWireless  DptfDevWireless.sys  604.10146.2651.1559  Kernel Driver  Stopped
DptfManager  DptfManager  DptfManager.sys  604.10146.2651.1559  Kernel Driver  Running
drmkaud  Microsoft Trusted Audio Drivers  drmkaud.sys  10.0.10240.16384  Kernel Driver  Stopped
DXGKrnl  LDDM Graphics Subsystem  dxgkrnl.sys  10.0.10240.16425  Kernel Driver  Running
ebdrv  QLogic 10 Gigabit Ethernet Adapter VBD  evbda.sys  7.12.2.3  Kernel Driver  Stopped
EhStorClass  Enhanced Storage Filter Driver  EhStorClass.sys  10.0.10240.16384  Kernel Driver  Running
EhStorTcgDrv  Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols  EhStorTcgDrv.sys  10.0.10240.16384  Kernel Driver  Stopped
ErrDev  Microsoft Hardware Error Device Driver  errdev.sys  10.0.10240.16384  Kernel Driver  Stopped
exfat  exFAT File System Driver      File System Driver  Stopped
fastfat  FAT12/16/32 File System Driver      File System Driver  Running
fcvsc  fcvsc  fcvsc.sys  10.0.10240.16384  Kernel Driver  Stopped
fdc  Floppy Disk Controller Driver  fdc.sys  10.0.10240.16384  Kernel Driver  Stopped
FileCrypt  FileCrypt  filecrypt.sys  10.0.10240.16384  File System Driver  Running
FileInfo  File Information FS MiniFilter  fileinfo.sys  10.0.10240.16384  File System Driver  Running
Filetrace  Filetrace  filetrace.sys  10.0.10240.16384  File System Driver  Stopped
flpydisk  Floppy Disk Driver  flpydisk.sys  10.0.10240.16384  Kernel Driver  Stopped
FltMgr  FltMgr  fltmgr.sys  10.0.10240.16384  File System Driver  Running
FsDepends  File System Dependency Minifilter  FsDepends.sys  10.0.10240.16384  File System Driver  Stopped
fvevol  BitLocker Drive Encryption Filter Driver  fvevol.sys  10.0.10240.16384  Kernel Driver  Running
gagp30kx  Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms  gagp30kx.sys  10.0.10240.16384  Kernel Driver  Stopped
gencounter  Microsoft Hyper-V Generation Counter  vmgencounter.sys  10.0.10240.16384  Kernel Driver  Stopped
genericusbfn  Generic USB Function Class  genericusbfn.sys  10.0.10240.16384  Kernel Driver  Stopped
GPIOClx0101  Microsoft GPIO Class Extension Driver  msgpioclx.sys  10.0.10240.16384  Kernel Driver  Running
GpuEnergyDrv  GPU Energy Driver  gpuenergydrv.sys  10.0.10240.16384  Kernel Driver  Running
HDAudBus  Microsoft UAA Bus Driver for High Definition Audio  HDAudBus.sys  10.0.10240.16384  Kernel Driver  Stopped
HID_PCI  HID PCI Minidriver for ISS  HID_PCI.sys  2.0.0.3012  Kernel Driver  Running
HidBatt  HID UPS Battery Driver  HidBatt.sys  10.0.10240.16384  Kernel Driver  Stopped
HidBth  Microsoft Bluetooth HID Miniport  hidbth.sys  10.0.10240.16384  Kernel Driver  Stopped
HidEventFilter  Intel(R) HID Event Filter  HidEventFilter.sys  604.10146.2708.64268  Kernel Driver  Running
hidi2c  Microsoft I2C HID Miniport Driver  hidi2c.sys  10.0.10240.16384  Kernel Driver  Running
hidinterrupt  Common Driver for HID Buttons implemented with interrupts  hidinterrupt.sys  10.0.10240.16384  Kernel Driver  Running
HidIr  Microsoft Infrared HID Driver  hidir.sys  10.0.10240.16384  Kernel Driver  Stopped
HidUsb  Microsoft HID Class Driver  hidusb.sys  10.0.10240.16384  Kernel Driver  Running
HpSAMD  HpSAMD  HpSAMD.sys  8.0.4.0  Kernel Driver  Stopped
HTTP  HTTP Service  HTTP.sys  10.0.10240.16384  Kernel Driver  Running
hwpolicy  Hardware Policy Driver  hwpolicy.sys  10.0.10240.16384  Kernel Driver  Stopped
hyperkbd  hyperkbd  hyperkbd.sys  10.0.10240.16384  Kernel Driver  Stopped
i8042prt  PS/2 Keyboard and Mouse Port Driver  i8042prt.sys  10.0.10240.16384  Kernel Driver  Stopped
iagpioe  Intel Serial IO GPIO Controller Driver  iagpioe.sys  604.10146.2652.361  Kernel Driver  Running
iai2ce  Intel(R) Serial IO I2C Host Controller  iai2ce.sys  604.10146.2654.2819  Kernel Driver  Running
iaisp  Intel(R) Imaging Signal Processor 2401  iaisp64.sys  1.0.0.1  Kernel Driver  Running
iaLPSSi_GPIO  Intel(R) Serial IO GPIO Controller Driver  iaLPSSi_GPIO.sys  1.1.250.0  Kernel Driver  Stopped
iaLPSSi_I2C  Intel(R) Serial IO I2C Controller Driver  iaLPSSi_I2C.sys  1.1.250.0  Kernel Driver  Stopped
iaspie  Intel(R) Serial IO SPI Controller Service  iaspie.sys  604.10146.2657.947  Kernel Driver  Running
iaStorAV  Intel(R) SATA RAID Controller Windows  iaStorAV.sys  13.2.0.1022  Kernel Driver  Stopped
iaStorV  Intel RAID Controller Windows 7  iaStorV.sys  8.6.2.1019  Kernel Driver  Stopped
iauarte  Intel(R) Serial IO UART Controller  iauarte.sys  604.10146.2653.391  Kernel Driver  Running
ibbus  Mellanox InfiniBand Bus/AL (Filter Driver)  ibbus.sys  4.91.10726.0  Kernel Driver  Stopped
igfxLP  igfxLP  igdkmd64lp.sys  10.18.15.4256  Kernel Driver  Running
intelide  intelide  intelide.sys  10.0.10240.16384  Kernel Driver  Stopped
intelpep  Intel(R) Power Engine Plug-in Driver  intelpep.sys  10.0.10240.16384  Kernel Driver  Running
intelppm  Intel Processor Driver  intelppm.sys  10.0.10240.16384  Kernel Driver  Running
IntelSST  Intel SST Audio Device (WDM)  isstrtc.sys  604.10135.6766.2749  Kernel Driver  Running
IoQos  IoQos  ioqos.sys  10.0.10240.16384  File System Driver  Stopped
IpFilterDriver  IP Traffic Filter Driver  ipfltdrv.sys  10.0.10240.16384  Kernel Driver  Stopped
IPMIDRV  IPMIDRV  IPMIDrv.sys  10.0.10240.16384  Kernel Driver  Stopped
IPNAT  IP Network Address Translator  ipnat.sys  10.0.10240.16384  Kernel Driver  Stopped
IRENUM  IR Bus Enumerator  irenum.sys  10.0.10240.16384  Kernel Driver  Stopped
isapnp  isapnp  isapnp.sys  10.0.10240.16384  Kernel Driver  Stopped
iScsiPrt  iScsiPort Driver  msiscsi.sys  10.0.10240.16384  Kernel Driver  Stopped
ISH_BusDriver   ISS Bus Enumerator  ISH_BusDriver.sys  2.0.0.3012  Kernel Driver  Running
ISH  Intel(R) Integrated Sensor Solution   ISH.sys  2.0.0.3012  Kernel Driver  Running
kbdclass  Keyboard Class Driver  kbdclass.sys  10.0.10240.16384  Kernel Driver  Running
kbdhid  Keyboard HID Driver  kbdhid.sys  10.0.10240.16384  Kernel Driver  Running
kdnic  Microsoft Kernel Debug Network Miniport (NDIS 6.20)  kdnic.sys  6.1.0.0  Kernel Driver  Running
KSecDD  KSecDD  ksecdd.sys  10.0.10240.16384  Kernel Driver  Running
KSecPkg  KSecPkg  ksecpkg.sys  10.0.10240.16384  Kernel Driver  Running
ksthunk  Kernel Streaming Thunks  ksthunk.sys  10.0.10240.16384  Kernel Driver  Running
lltdio  Link-Layer Topology Discovery Mapper I/O Driver  lltdio.sys  10.0.10240.16384  Kernel Driver  Running
LSI_SAS  LSI_SAS  lsi_sas.sys  1.34.3.83  Kernel Driver  Stopped
LSI_SAS2i  LSI_SAS2i  lsi_sas2i.sys  2.0.76.80  Kernel Driver  Stopped
LSI_SAS3i  LSI_SAS3i  lsi_sas3i.sys  2.50.96.80  Kernel Driver  Stopped
LSI_SSS  LSI_SSS  lsi_sss.sys  2.10.61.81  Kernel Driver  Stopped
luafv  UAC File Virtualization  luafv.sys  10.0.10240.16384  File System Driver  Running
MBI  Intel(R) Sideband Fabric Device Service  MBI.sys  604.10146.2655.573  Kernel Driver  Running
megasas  megasas  megasas.sys  6.706.6.0  Kernel Driver  Stopped
megasr  megasr  megasr.sys  15.2.2013.129  Kernel Driver  Stopped
mlx4_bus  Mellanox ConnectX Bus Enumerator  mlx4_bus.sys  4.91.10726.0  Kernel Driver  Stopped
MMCSS  Multimedia Class Scheduler  mmcss.sys  10.0.10240.16384  Kernel Driver  Running
Modem  Modem  modem.sys  10.0.10240.16384  Kernel Driver  Stopped
monitor  Microsoft Monitor Class Function Driver Service  monitor.sys  10.0.10240.16384  Kernel Driver  Running
mouclass  Mouse Class Driver  mouclass.sys  10.0.10240.16384  Kernel Driver  Running
mouhid  Mouse HID Driver  mouhid.sys  10.0.10240.16384  Kernel Driver  Running
mountmgr  Mount Point Manager  mountmgr.sys  10.0.10240.16426  Kernel Driver  Running
mpsdrv  Windows Firewall Authorization Driver  mpsdrv.sys  10.0.10240.16384  Kernel Driver  Running
MRxDAV  WebDav Client Redirector Driver  mrxdav.sys  10.0.10240.16384  File System Driver  Stopped
mrxsmb  SMB MiniRedirector Wrapper and Engine  mrxsmb.sys  10.0.10240.16384  File System Driver  Running
mrxsmb10  SMB 1.x MiniRedirector  mrxsmb10.sys  10.0.10240.16384  File System Driver  Running
mrxsmb20  SMB 2.0 MiniRedirector  mrxsmb20.sys  10.0.10240.16384  File System Driver  Running
MsBridge  Microsoft MAC Bridge  bridge.sys  10.0.10240.16384  Kernel Driver  Stopped
Msfs  Msfs      File System Driver  Running
msgpiowin32  Common Driver for Buttons, DockMode and Laptop/Slate Indicator  msgpiowin32.sys  10.0.10240.16425  Kernel Driver  Running
mshidkmdf  Pass-through HID to KMDF Filter Driver  mshidkmdf.sys  10.0.10240.16384  Kernel Driver  Running
mshidumdf  Pass-through HID to UMDF Driver  mshidumdf.sys  10.0.10240.16384  Kernel Driver  Stopped
msisadrv  msisadrv  msisadrv.sys  10.0.10240.16384  Kernel Driver  Running
MSKSSRV  Microsoft Streaming Service Proxy  MSKSSRV.sys  10.0.10240.16384  Kernel Driver  Stopped
MsLldp  Microsoft Link-Layer Discovery Protocol  mslldp.sys  10.0.10240.16384  Kernel Driver  Running
MSPCLOCK  Microsoft Streaming Clock Proxy  MSPCLOCK.sys  10.0.10240.16384  Kernel Driver  Stopped
MSPQM  Microsoft Streaming Quality Manager Proxy  MSPQM.sys  10.0.10240.16384  Kernel Driver  Stopped
MsRPC  MsRPC      Kernel Driver  Stopped
mssmbios  Microsoft System Management BIOS Driver  mssmbios.sys  10.0.10240.16384  Kernel Driver  Running
MSTEE  Microsoft Streaming Tee/Sink-to-Sink Converter  MSTEE.sys  10.0.10240.16384  Kernel Driver  Stopped
MTConfig  Microsoft Input Configuration Driver  MTConfig.sys  10.0.10240.16384  Kernel Driver  Stopped
Mup  Mup  mup.sys  10.0.10240.16384  File System Driver  Running
mvumis  mvumis  mvumis.sys  1.0.5.1016  Kernel Driver  Stopped
NativeWifiP  NativeWiFi Filter  nwifi.sys  10.0.10240.16384  Kernel Driver  Running
ndfltr  NetworkDirect Service  ndfltr.sys  4.91.10726.0  Kernel Driver  Stopped
NDIS  NDIS System Driver  ndis.sys  10.0.10240.16394  Kernel Driver  Running
NdisCap  Microsoft NDIS Capture  ndiscap.sys  10.0.10240.16384  Kernel Driver  Stopped
NdisImPlatform  Microsoft Network Adapter Multiplexor Protocol  NdisImPlatform.sys  10.0.10240.16384  Kernel Driver  Stopped
NdisTapi  Remote Access NDIS TAPI Driver  ndistapi.sys  10.0.10240.16384  Kernel Driver  Stopped
Ndisuio  NDIS Usermode I/O Protocol  ndisuio.sys  10.0.10240.16384  Kernel Driver  Running
NdisVirtualBus  Microsoft Virtual Network Adapter Enumerator  NdisVirtualBus.sys  10.0.10240.16384  Kernel Driver  Running
NdisWan  Remote Access NDIS WAN Driver  ndiswan.sys  10.0.10240.16384  Kernel Driver  Stopped
ndiswanlegacy  Remote Access LEGACY NDIS WAN Driver  ndiswan.sys  10.0.10240.16384  Kernel Driver  Stopped
ndproxy  @%SystemRoot%\system32\drivers\todo.sys,-101;NDIS Proxy  NDProxy.sys  10.0.10240.16384  Kernel Driver  Stopped
Ndu  Windows Network Data Usage Monitoring Driver  Ndu.sys  10.0.10240.16384  Kernel Driver  Running
NetBIOS  NetBIOS Interface  netbios.sys  10.0.10240.16384  File System Driver  Running
NetBT  NetBT  netbt.sys  10.0.10240.16384  Kernel Driver  Running
Npfs  Npfs      File System Driver  Running
npsvctrig  Named pipe service trigger provider  npsvctrig.sys  10.0.10240.16384  Kernel Driver  Running
nsiproxy  NSI Proxy Service Driver  nsiproxy.sys  10.0.10240.16384  Kernel Driver  Running
NTFS  NTFS      File System Driver  Running
Null  Null      Kernel Driver  Running
nv_agp  NVIDIA nForce AGP Bus Filter  nv_agp.sys  10.0.10240.16384  Kernel Driver  Stopped
nvraid  nvraid  nvraid.sys  10.6.0.23  Kernel Driver  Stopped
nvstor  nvstor  nvstor.sys  10.6.0.23  Kernel Driver  Stopped
ov5670  Camera Sensor ov5670  ov5670.sys  10.0.10011.0  Kernel Driver  Running
Parport  Parallel port driver  parport.sys  10.0.10240.16384  Kernel Driver  Stopped
partmgr  Partition Manager  partmgr.sys  10.0.10240.16384  Kernel Driver  Running
pci  PCI Bus Driver  pci.sys  10.0.10240.16390  Kernel Driver  Running
pciide  pciide  pciide.sys  10.0.10240.16384  Kernel Driver  Stopped
pcmcia  pcmcia  pcmcia.sys  10.0.10240.16384  Kernel Driver  Stopped
pcw  Performance Counters for Windows Driver  pcw.sys  10.0.10240.16384  Kernel Driver  Running
pdc  pdc  pdc.sys  10.0.10240.16384  Kernel Driver  Running
PEAUTH  PEAUTH  peauth.sys  10.0.10240.16384  Kernel Driver  Running
percsas2i  percsas2i  percsas2i.sys  6.803.21.0  Kernel Driver  Stopped
percsas3i  percsas3i  percsas3i.sys  6.602.12.0  Kernel Driver  Stopped
PMIC  Intel(R) Power Management IC Device Service  PMIC.sys  604.10146.2656.541  Kernel Driver  Running
PptpMiniport  WAN Miniport (PPTP)  raspptp.sys  10.0.10240.16384  Kernel Driver  Stopped
Processor  Processor Driver  processr.sys  10.0.10240.16384  Kernel Driver  Stopped
Psched  QoS Packet Scheduler  pacer.sys  10.0.10240.16384  Kernel Driver  Running
QWAVEdrv  QWAVE driver  qwavedrv.sys  10.0.10240.16384  Kernel Driver  Stopped
RasAcd  Remote Access Auto Connection Driver  rasacd.sys  10.0.10240.16384  Kernel Driver  Stopped
RasAgileVpn  WAN Miniport (IKEv2)  AgileVpn.sys  10.0.10240.16384  Kernel Driver  Stopped
Rasl2tp  WAN Miniport (L2TP)  rasl2tp.sys  10.0.10240.16384  Kernel Driver  Stopped
RasPppoe  Remote Access PPPOE Driver  raspppoe.sys  10.0.10240.16384  Kernel Driver  Stopped
RasSstp  WAN Miniport (SSTP)  rassstp.sys  10.0.10240.16384  Kernel Driver  Stopped
rdbss  Redirected Buffering Sub System  rdbss.sys  10.0.10240.16384  File System Driver  Running
rdpbus  Remote Desktop Device Redirector Bus Driver  rdpbus.sys  10.0.10240.16384  Kernel Driver  Running
RDPDR  Remote Desktop Device Redirector Driver  rdpdr.sys  10.0.10240.16384  Kernel Driver  Stopped
RdpVideoMiniport  Remote Desktop Video Miniport Driver  rdpvideominiport.sys  10.0.10240.16384  Kernel Driver  Stopped
rdyboost  ReadyBoost  rdyboost.sys  10.0.10240.16428  Kernel Driver  Running
ReFSv1  ReFSv1      File System Driver  Stopped
RFCOMM  Bluetooth Device (RFCOMM Protocol TDI)  rfcomm.sys  10.0.10240.16384  Kernel Driver  Running
rspndr  Link-Layer Topology Discovery Responder  rspndr.sys  10.0.10240.16384  Kernel Driver  Running
rtii2sac64  Realtek I2S Audio Codec Device Driver  rtii2sac.sys  6.4.10147.4290  Kernel Driver  Running
s3cap  s3cap  vms3cap.sys  10.0.10240.16384  Kernel Driver  Stopped
sbp2port  SBP-2 Transport/Protocol Bus Driver  sbp2port.sys  10.0.10240.16384  Kernel Driver  Stopped
scfilter  Smart card PnP Class Filter Driver  scfilter.sys  10.0.10240.16384  Kernel Driver  Stopped
sdbus  sdbus  sdbus.sys  10.0.10240.16384  Kernel Driver  Running
sdstor  SD Storage Port Driver  sdstor.sys  10.0.10240.16384  Kernel Driver  Running
SensorsHIDClassDriver  UMDF Reflector service for Sensors HID Class Driver  WUDFRd.sys  10.0.10240.16384  Kernel Driver  Running
SerCx  Serial UART Support Library  SerCx.sys  10.0.10240.16384  Kernel Driver  Stopped
SerCx2  Serial UART Support Library  SerCx2.sys  10.0.10240.16384  Kernel Driver  Running
Serenum  Serenum Filter Driver  serenum.sys  10.0.10240.16384  Kernel Driver  Running
Serial  Serial port driver  serial.sys  10.0.10240.16384  Kernel Driver  Running
sermouse  Serial Mouse Driver  sermouse.sys  10.0.10240.16384  Kernel Driver  Stopped
sfloppy  High-Capacity Floppy Disk Drive  sfloppy.sys  10.0.10240.16384  Kernel Driver  Stopped
SiSRaid2  SiSRaid2  SiSRaid2.sys  5.1.1039.2600  Kernel Driver  Stopped
SiSRaid4  SiSRaid4  sisraid4.sys  5.1.1039.3600  Kernel Driver  Stopped
spaceport  Storage Spaces Driver  spaceport.sys  10.0.10240.16384  Kernel Driver  Running
SpbCx  Simple Peripheral Bus Support Library  SpbCx.sys  10.0.10240.16384  Kernel Driver  Running
srv  Server SMB 1.xxx Driver  srv.sys  10.0.10240.16384  File System Driver  Running
srv2  Server SMB 2.xxx Driver  srv2.sys  10.0.10240.16384  File System Driver  Running
srvnet  srvnet  srvnet.sys  10.0.10240.16384  File System Driver  Running
stexstor  stexstor  stexstor.sys  5.1.0.10  Kernel Driver  Stopped
storahci  Microsoft Standard SATA AHCI Driver  storahci.sys  10.0.10240.16384  Kernel Driver  Stopped
storflt  Microsoft Hyper-V Storage Accelerator  vmstorfl.sys  10.0.10240.16384  Kernel Driver  Stopped
stornvme  Microsoft Standard NVM Express Driver  stornvme.sys  10.0.10240.16431  Kernel Driver  Stopped
storqosflt  Storage QoS Filter Driver  storqosflt.sys  10.0.10240.16384  File System Driver  Running
storufs  Microsoft Universal Flash Storage (UFS) Driver  storufs.sys  10.0.10240.16384  Kernel Driver  Stopped
storvsc  storvsc  storvsc.sys  10.0.10240.16384  Kernel Driver  Stopped
swenum  Software Bus Driver  swenum.sys  6.2.10240.16384  Kernel Driver  Running
Synth3dVsc  Synth3dVsc  Synth3dVsc.sys  10.0.10240.16384  Kernel Driver  Stopped
Tcpip  TCP/IP Protocol Driver  tcpip.sys  10.0.10240.16384  Kernel Driver  Running
Tcpip6  @todo.dll,-100;Microsoft IPv6 Protocol Driver  tcpip.sys  10.0.10240.16384  Kernel Driver  Stopped
tcpipreg  TCP/IP Registry Compatibility  tcpipreg.sys  10.0.10240.16384  Kernel Driver  Running
tdx  NetIO Legacy TDI Support Driver  tdx.sys  10.0.10240.16384  Kernel Driver  Running
terminpt  Microsoft Remote Desktop Input Driver  terminpt.sys  10.0.10240.16384  Kernel Driver  Stopped
TPM  TPM  tpm.sys  10.0.10240.16384  Kernel Driver  Running
TsUsbFlt  Remote Desktop USB Hub Class Filter Driver  TsUsbFlt.sys  10.0.10240.16384  Kernel Driver  Stopped
TsUsbGD  Remote Desktop Generic USB Device  TsUsbGD.sys  10.0.10240.16384  Kernel Driver  Stopped
tunnel  Microsoft Tunnel Miniport Adapter Driver  tunnel.sys  10.0.10240.16412  Kernel Driver  Running
TXEIx64  Intel(R) Trusted Execution Engine Interface   TXEIx64.sys  2.0.0.1067  Kernel Driver  Running
uagp35  Microsoft AGPv3.5 Filter  uagp35.sys  10.0.10240.16384  Kernel Driver  Stopped
UASPStor  USB Attached SCSI (UAS) Driver  uaspstor.sys  10.0.10240.16384  Kernel Driver  Stopped
UcmCx0101  USB Connector Manager KMDF Class Extension  UcmCx.sys  10.0.10240.16384  Kernel Driver  Stopped
UcmUcsi  USB Connector Manager UCSI Client  UcmUcsi.sys  10.0.10240.16389  Kernel Driver  Stopped
Ucx01000  USB Host Support Library  ucx01000.sys  10.0.10240.16384  Kernel Driver  Running
UdeCx  USB Device Emulation Support Library  udecx.sys    Kernel Driver  Stopped
udfs  udfs  udfs.sys  10.0.10240.16384  File System Driver  Stopped
UEFI  Microsoft UEFI Driver  UEFI.sys  10.0.10240.16384  Kernel Driver  Running
Ufx01000  USB Function Class Extension  ufx01000.sys  10.0.10240.16384  Kernel Driver  Stopped
UfxChipidea  USB Chipidea Controller  UfxChipidea.sys  10.0.10240.16384  Kernel Driver  Stopped
ufxsynopsys  USB Synopsys Controller  ufxsynopsys.sys  10.0.10240.16384  Kernel Driver  Stopped
uliagpkx  Uli AGP Bus Filter  uliagpkx.sys  10.0.10240.16384  Kernel Driver  Stopped
umbus  UMBus Enumerator Driver  umbus.sys  10.0.10240.16384  Kernel Driver  Running
UmPass  Microsoft UMPass Driver  umpass.sys  10.0.10240.16384  Kernel Driver  Stopped
unicam  Camera Sensor UNICAM  hm2051.sys  1.0.0.1  Kernel Driver  Running
UrsChipidea  Chipidea USB Role-Switch Driver  urschipidea.sys  10.0.10240.16384  Kernel Driver  Stopped
UrsCx01000  USB Role-Switch Support Library  urscx01000.sys  10.0.10240.16384  Kernel Driver  Stopped
UrsSynopsys  Synopsys USB Role-Switch Driver  urssynopsys.sys  10.0.10240.16384  Kernel Driver  Stopped
usbccgp  Microsoft USB Generic Parent Driver  usbccgp.sys  10.0.10240.16384  Kernel Driver  Running
usbcir  eHome Infrared Receiver (USBCIR)  usbcir.sys  10.0.10240.16384  Kernel Driver  Stopped
usbehci  Microsoft USB 2.0 Enhanced Host Controller Miniport Driver  usbehci.sys  10.0.10240.16384  Kernel Driver  Stopped
usbhub  Microsoft USB Standard Hub Driver  usbhub.sys  10.0.10240.16401  Kernel Driver  Stopped
USBHUB3  SuperSpeed Hub  UsbHub3.sys  10.0.10240.16425  Kernel Driver  Running
usbohci  Microsoft USB Open Host Controller Miniport Driver  usbohci.sys  10.0.10240.16384  Kernel Driver  Stopped
usbprint  Microsoft USB PRINTER Class  usbprint.sys  10.0.10240.16384  Kernel Driver  Stopped
usbser  Microsoft USB Serial Driver  usbser.sys  10.0.10240.16401  Kernel Driver  Stopped
USBSTOR  USB Mass Storage Driver  USBSTOR.SYS  10.0.10240.16384  Kernel Driver  Stopped
usbuhci  Microsoft USB Universal Host Controller Miniport Driver  usbuhci.sys  10.0.10240.16384  Kernel Driver  Stopped
USBXHCI  USB xHCI Compliant Host Controller  USBXHCI.SYS  10.0.10240.16384  Kernel Driver  Running
vdrvroot  Microsoft Virtual Drive Enumerator  vdrvroot.sys  10.0.10240.16384  Kernel Driver  Running
VerifierExt  VerifierExt  VerifierExt.sys  10.0.10240.16384  Kernel Driver  Stopped
vhdmp  vhdmp  vhdmp.sys  10.0.10240.16384  Kernel Driver  Stopped
vhf  Virtual HID Framework (VHF) Driver  vhf.sys  10.0.10240.16384  Kernel Driver  Stopped
vmbus  Virtual Machine Bus  vmbus.sys  10.0.10240.16384  Kernel Driver  Stopped
VMBusHID  VMBusHID  VMBusHID.sys  10.0.10240.16384  Kernel Driver  Stopped
volmgr  Volume Manager Driver  volmgr.sys  10.0.10240.16384  Kernel Driver  Running
volmgrx  Dynamic Volume Manager  volmgrx.sys  10.0.10240.16384  Kernel Driver  Running
volsnap  Storage volumes  volsnap.sys  10.0.10240.16384  Kernel Driver  Running
vpci  Microsoft Hyper-V Virtual PCI Bus  vpci.sys  10.0.10240.16384  Kernel Driver  Stopped
vsmraid  vsmraid  vsmraid.sys  7.0.9600.6352  Kernel Driver  Stopped
VSTXRAID  VIA StorX Storage RAID Controller Windows Driver  vstxraid.sys  8.0.9200.8110  Kernel Driver  Stopped
vwifibus  Virtual WiFi Bus Driver  vwifibus.sys  10.0.10240.16384  Kernel Driver  Running
vwififlt  Virtual WiFi Filter Driver  vwififlt.sys  10.0.10240.16384  Kernel Driver  Running
vwifimp  Virtual WiFi Miniport Service  vwifimp.sys  10.0.10240.16384  Kernel Driver  Running
WacomPen  Wacom Serial Pen HID Driver  wacompen.sys  10.0.10240.16384  Kernel Driver  Stopped
wanarp  Remote Access IP ARP Driver  wanarp.sys  10.0.10240.16384  Kernel Driver  Stopped
wanarpv6  Remote Access IPv6 ARP Driver  wanarp.sys  10.0.10240.16384  Kernel Driver  Stopped
WdBoot  Windows Defender Boot Driver  WdBoot.sys  4.8.10240.16384  Kernel Driver  Stopped
Wdf01000  Kernel Mode Driver Frameworks service  Wdf01000.sys  1.15.10240.16384  Kernel Driver  Running
WdFilter  Windows Defender Mini-Filter Driver  WdFilter.sys  4.8.10240.16384  File System Driver  Running
wdiwifi  WDI Driver Framework  wdiwifi.sys  10.0.10240.16428  Kernel Driver  Stopped
WdNisDrv  Windows Defender Network Inspection System Driver  WdNisDrv.sys  4.8.10240.16384  Kernel Driver  Running
wfpcapture  Microsoft WFP Message Capture  wfpcapture.sys    Kernel Driver  Stopped
WFPLWFS  Microsoft Windows Filtering Platform  wfplwfs.sys  10.0.10240.16384  Kernel Driver  Running
WIMMount  WIMMount  wimmount.sys  10.0.10240.16384  File System Driver  Stopped
WindowsTrustedRT  Windows Trusted Execution Environment Class Extension  WindowsTrustedRT.sys  10.0.10240.16384  Kernel Driver  Running
WindowsTrustedRTProxy  Microsoft Windows Trusted Runtime Secure Service  WindowsTrustedRTProxy.sys  10.0.10240.16384  Kernel Driver  Running
WinMad  WinMad Service  winmad.sys  4.91.10726.0  Kernel Driver  Stopped
WINUSB  WinUsb Driver  WinUSB.SYS  10.0.10240.16384  Kernel Driver  Stopped
WinVerbs  WinVerbs Service  winverbs.sys  4.91.10726.0  Kernel Driver  Stopped
WmiAcpi  Microsoft Windows Management Interface for ACPI  wmiacpi.sys  10.0.10240.16384  Kernel Driver  Running
Wof  Windows Overlay File System Filter Driver      File System Driver  Running
wpcfltr  Family Safety Filter Driver  wpcfltr.sys  10.0.10240.16425  Kernel Driver  Stopped
WpdUpFltr  WPD Upper Class Filter Driver  WpdUpFltr.sys  10.0.10240.16384  Kernel Driver  Stopped
ws2ifsl  Winsock IFS Driver  ws2ifsl.sys  10.0.10240.16384  Kernel Driver  Stopped
WudfPf  User Mode Driver Frameworks Platform Driver  WudfPf.sys  10.0.10240.16384  Kernel Driver  Running
WUDFRd  Windows Driver Foundation - User-mode Driver Framework Reflector  WUDFRd.sys  10.0.10240.16384  Kernel Driver  Running
xboxgip  Xbox Game Input Protocol Driver  xboxgip.sys  10.0.10240.16384  Kernel Driver  Stopped
xinputhid  XINPUT HID Filter Driver  xinputhid.sys  10.0.10240.16384  Kernel Driver  Stopped


Services

 
Service Name  Service Description  File Name  Version  Type  State  Account
AJRouter  AllJoyn Router Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
ALG  Application Layer Gateway Service  alg.exe  10.0.10240.16384  Own Process  Stopped  NT AUTHORITY\LocalService
AppIDSvc  Application Identity  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT Authority\LocalService
Appinfo  Application Information  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
AppReadiness  App Readiness  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
AppXSvc  AppX Deployment Service (AppXSVC)  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
AsHidService  ASUS HID Access Service  AsHidSrv.exe  1.0.87.1  Own Process  Running  LocalSystem
ASLDRService  ASLDR Service  AsLdrSrv.exe  1.0.87.2  Own Process  Running  LocalSystem
ASUSScreenAdjustService  ASUSScreenAdjustService  ASUSScreenAdjustService.exe  1.0.15.7081  Own Process  Running  LocalSystem
ATKGFNEXSrv  ATKGFNEX Service  GFNEXSrv.exe  1.0.12.2  Own Process  Running  LocalSystem
AudioEndpointBuilder  Windows Audio Endpoint Builder  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
Audiosrv  Windows Audio  svchost.exe  6.2.10240.16384  Share Process  Running  NT AUTHORITY\LocalService
AxInstSV  ActiveX Installer (AxInstSV)  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
BcmBtRSupport  Bluetooth Driver Management Service  BtwRSupportService.exe  12.0.0.8048  Own Process  Stopped  LocalSystem
BDESVC  BitLocker Drive Encryption Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  localSystem
BFE  Base Filtering Engine  svchost.exe  6.2.10240.16384  Share Process  Running  NT AUTHORITY\LocalService
BITS  Background Intelligent Transfer Service  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
BrokerInfrastructure  Background Tasks Infrastructure Service  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
Browser  Computer Browser  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
BthHFSrv  Bluetooth Handsfree Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
bthserv  Bluetooth Support Service  svchost.exe  6.2.10240.16384  Share Process  Running  NT AUTHORITY\LocalService
CDPSvc  CDPSvc  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
CertPropSvc  Certificate Propagation  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
ClipSVC  Client License Service (ClipSVC)  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
COMSysApp  COM+ System Application  dllhost.exe  6.2.10240.16384  Own Process  Stopped  LocalSystem
CoreMessagingRegistrar  CoreMessaging  svchost.exe  6.2.10240.16384  Share Process  Running  NT AUTHORITY\LocalService
cphs  Intel(R) Content Protection HECI Service  IntelCpHeciSvc.exe  9.0.31.9000  Own Process  Stopped  LocalSystem
CryptSvc  Cryptographic Services  svchost.exe  6.2.10240.16384  Share Process  Running  NT Authority\NetworkService
DcomLaunch  DCOM Server Process Launcher  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
DcpSvc  DataCollectionPublishingService  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
defragsvc  Optimize drives  svchost.exe  6.2.10240.16384  Own Process  Stopped  localSystem
DeviceAssociationService  Device Association Service  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
DeviceInstall  Device Install Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
DevQueryBroker  DevQuery Background Discovery Broker  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
Dhcp  DHCP Client  svchost.exe  6.2.10240.16384  Share Process  Running  NT Authority\LocalService
diagnosticshub.standardcollector.service  Microsoft (R) Diagnostics Hub Standard Collector Service  DiagnosticsHub.StandardCollector.Service.exe  11.0.10240.16384  Own Process  Stopped  LocalSystem
DiagTrack  Diagnostics Tracking Service  svchost.exe  6.2.10240.16384  Own Process  Running  LocalSystem
DmEnrollmentSvc  Device Management Enrollment Service  svchost.exe  6.2.10240.16384  Own Process  Stopped  LocalSystem
dmwappushservice  dmwappushsvc  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
Dnscache  DNS Client  svchost.exe  6.2.10240.16384  Share Process  Running  NT AUTHORITY\NetworkService
DoSvc  Delivery Optimization  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
dot3svc  Wired AutoConfig  svchost.exe  6.2.10240.16384  Share Process  Stopped  localSystem
DPS  Diagnostic Policy Service  svchost.exe  6.2.10240.16384  Share Process  Running  NT AUTHORITY\LocalService
DptfParticipantProcessorService  Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application  DptfParticipantProcessorService.exe  604.10146.2651.1559  Own Process  Running  LocalSystem
DptfParticipantWirelessService  Intel(R) Dynamic Platform & Thermal Framework Wireless Participant Service Application  DptfParticipantWirelessService.exe  604.10146.2651.1559  Own Process  Stopped  LocalSystem
DptfPolicyCriticalService  Intel(R) Dynamic Platform & Thermal Framework Critical Service Application  DptfPolicyCriticalService.exe  604.10146.2651.1559  Own Process  Running  LocalSystem
DptfPolicyLpmService  Intel(R) Dynamic Platform & Thermal Framework Low Power Mode Service Application  DptfPolicyLpmService.exe  604.10146.2651.1559  Own Process  Running  LocalSystem
DsmSvc  Device Setup Manager  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
DsSvc  Data Sharing Service  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
Eaphost  Extensible Authentication Protocol  svchost.exe  6.2.10240.16384  Share Process  Stopped  localSystem
EFS  Encrypting File System (EFS)  lsass.exe  10.0.10240.16384  Share Process  Stopped  LocalSystem
embeddedmode  embeddedmode  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
EntAppSvc  Enterprise App Management Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
EventLog  Windows Event Log  svchost.exe  6.2.10240.16384  Share Process  Running  NT AUTHORITY\LocalService
EventSystem  COM+ Event System  svchost.exe  6.2.10240.16384  Share Process  Running  NT AUTHORITY\LocalService
Fax  Fax  fxssvc.exe  10.0.10240.16384  Own Process  Stopped  NT AUTHORITY\NetworkService
fdPHost  Function Discovery Provider Host  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
FDResPub  Function Discovery Resource Publication  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
fhsvc  File History Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
FontCache  Windows Font Cache Service  svchost.exe  6.2.10240.16384  Share Process  Running  NT AUTHORITY\LocalService
FontCache3.0.0.0  Windows Presentation Foundation Font Cache 3.0.0.0  PresentationFontCache.exe  3.0.6920.8674  Own Process  Running  NT Authority\LocalService
gpsvc  Group Policy Client  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
hidserv  Human Interface Device Service  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
HomeGroupListener  HomeGroup Listener  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
HomeGroupProvider  HomeGroup Provider  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
icssvc  Windows Mobile Hotspot Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT Authority\LocalService
IEEtwCollectorService  Internet Explorer ETW Collector Service  IEEtwCollector.exe  11.0.10240.16384  Own Process  Stopped  LocalSystem
igfxCUIService2.0.0.0  Intel(R) HD Graphics Control Panel Service  igfxCUIService.exe  6.15.10.4256  Own Process  Running  LocalSystem
IKEEXT  IKE and AuthIP IPsec Keying Modules  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
Intel(R) Capability Licensing Service TCP IP Interface  Intel(R) Capability Licensing Service TCP IP Interface  SocketHeciServer.exe  1.42.17.0  Own Process  Stopped  LocalSystem
Intel(R) Security Assist  Intel(R) Security Assist  isa.exe  1.0.0.523  Own Process  Running  LocalSystem
iphlpsvc  IP Helper  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
isaHelperSvc  Intel(R) Security Assist Helper  isaHelperService.exe    Own Process  Stopped  LocalSystem
jhi_service  Intel(R) Dynamic Application Loader Host Interface  jhi_service.exe  2.0.0.1062  Own Process  Running  LocalSystem
KeyIso  CNG Key Isolation  lsass.exe  10.0.10240.16384  Share Process  Running  LocalSystem
KtmRm  KtmRm for Distributed Transaction Coordinator  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\NetworkService
LanmanServer  Server  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
LanmanWorkstation  Workstation  svchost.exe  6.2.10240.16384  Share Process  Running  NT AUTHORITY\NetworkService
lfsvc  Geolocation Service  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
LicenseManager  Windows License Manager Service  svchost.exe  6.2.10240.16384  Share Process  Running  NT Authority\LocalService
lltdsvc  Link-Layer Topology Discovery Mapper  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
lmhosts  TCP/IP NetBIOS Helper  svchost.exe  6.2.10240.16384  Share Process  Running  NT AUTHORITY\LocalService
LSM  Local Session Manager  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
MapsBroker  Downloaded Maps Manager  svchost.exe  6.2.10240.16384  Own Process  Stopped  NT AUTHORITY\NetworkService
MpsSvc  Windows Firewall  svchost.exe  6.2.10240.16384  Share Process  Running  NT Authority\LocalService
MSDTC  Distributed Transaction Coordinator  msdtc.exe  2001.12.10941.16384  Own Process  Stopped  NT AUTHORITY\NetworkService
MSiSCSI  Microsoft iSCSI Initiator Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
msiserver  Windows Installer  msiexec.exe  5.0.10240.16386  Own Process  Stopped  LocalSystem
NcaSvc  Network Connectivity Assistant  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
NcbService  Network Connection Broker  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
NcdAutoSetup  Network Connected Devices Auto-Setup  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
Netlogon  Netlogon  lsass.exe  10.0.10240.16384  Share Process  Stopped  LocalSystem
Netman  Network Connections  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
netprofm  Network List Service  svchost.exe  6.2.10240.16384  Share Process  Running  NT AUTHORITY\LocalService
NetSetupSvc  Network Setup Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
NetTcpPortSharing  Net.Tcp Port Sharing Service  SMSvcHost.exe  4.6.79.0  Share Process  Stopped  NT AUTHORITY\LocalService
NgcCtnrSvc  Microsoft Passport Container  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
NgcSvc  Microsoft Passport  lsass.exe  10.0.10240.16384  Share Process  Stopped  LocalSystem
NlaSvc  Network Location Awareness  svchost.exe  6.2.10240.16384  Share Process  Running  NT AUTHORITY\NetworkService
nsi  Network Store Interface Service  svchost.exe  6.2.10240.16384  Share Process  Running  NT Authority\LocalService
p2pimsvc  Peer Networking Identity Manager  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
p2psvc  Peer Networking Grouping  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
PcaSvc  Program Compatibility Assistant Service  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
PerfHost  Performance Counter DLL Host  perfhost.exe  6.2.10240.16384  Own Process  Stopped  NT AUTHORITY\LocalService
pla  Performance Logs & Alerts  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
PlugPlay  Plug and Play  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
PNRPAutoReg  PNRP Machine Name Publication Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
PNRPsvc  Peer Name Resolution Protocol  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
PolicyAgent  IPsec Policy Agent  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT Authority\NetworkService
Power  Power  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
PrintNotify  Printer Extensions and Notifications  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
ProfSvc  User Profile Service  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
QWAVE  Quality Windows Audio Video Experience  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
RasAuto  Remote Access Auto Connection Manager  svchost.exe  6.2.10240.16384  Share Process  Stopped  localSystem
RasMan  Remote Access Connection Manager  svchost.exe  6.2.10240.16384  Share Process  Stopped  localSystem
RemoteAccess  Routing and Remote Access  svchost.exe  6.2.10240.16384  Share Process  Stopped  localSystem
RemoteRegistry  Remote Registry  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
RetailDemo  Retail Demo Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
RpcEptMapper  RPC Endpoint Mapper  svchost.exe  6.2.10240.16384  Share Process  Running  NT AUTHORITY\NetworkService
RpcLocator  Remote Procedure Call (RPC) Locator  locator.exe  10.0.10240.16384  Own Process  Stopped  NT AUTHORITY\NetworkService
RpcSs  Remote Procedure Call (RPC)  svchost.exe  6.2.10240.16384  Share Process  Running  NT AUTHORITY\NetworkService
SamSs  Security Accounts Manager  lsass.exe  10.0.10240.16384  Share Process  Running  LocalSystem
SCardSvr  Smart Card  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
ScDeviceEnum  Smart Card Device Enumeration Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
Schedule  Task Scheduler  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
SCPolicySvc  Smart Card Removal Policy  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
SDRSVC  Windows Backup  svchost.exe  6.2.10240.16384  Own Process  Stopped  localSystem
seclogon  Secondary Logon  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
SENS  System Event Notification Service  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
SensorDataService  Sensor Data Service  SensorDataService.exe  10.0.10240.16387  Own Process  Stopped  LocalSystem
SensorService  Sensor Service  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
SensrSvc  Sensor Monitoring Service  svchost.exe  6.2.10240.16384  Share Process  Running  NT AUTHORITY\LocalService
SessionEnv  Remote Desktop Configuration  svchost.exe  6.2.10240.16384  Share Process  Stopped  localSystem
SharedAccess  Internet Connection Sharing (ICS)  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
ShellHWDetection  Shell Hardware Detection  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
smphost  Microsoft Storage Spaces SMP  svchost.exe  6.2.10240.16384  Own Process  Stopped  NT AUTHORITY\NetworkService
SmsRouter  Microsoft Windows SMS Router Service.  svchost.exe  6.2.10240.16384  Share Process  Stopped  localSystem
SNMPTRAP  SNMP Trap  snmptrap.exe  10.0.10240.16384  Own Process  Stopped  NT AUTHORITY\LocalService
Spooler  Print Spooler  spoolsv.exe  10.0.10240.16384  Own Process  Running  LocalSystem
sppsvc  Software Protection  sppsvc.exe  10.0.10240.16384  Own Process  Running  NT AUTHORITY\NetworkService
SSDPSRV  SSDP Discovery  svchost.exe  6.2.10240.16384  Share Process  Running  NT AUTHORITY\LocalService
SstpSvc  Secure Socket Tunneling Protocol Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT Authority\LocalService
StateRepository  State Repository Service  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
stisvc  Windows Image Acquisition (WIA)  svchost.exe  6.2.10240.16384  Own Process  Stopped  NT Authority\LocalService
StorSvc  Storage Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
svsvc  Spot Verifier  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
swprv  Microsoft Software Shadow Copy Provider  svchost.exe  6.2.10240.16384  Own Process  Running  LocalSystem
SysMain  Superfetch  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
SystemEventsBroker  System Events Broker  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
TabletInputService  Touch Keyboard and Handwriting Panel Service  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
TapiSrv  Telephony  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\NetworkService
TermService  Remote Desktop Services  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT Authority\NetworkService
Themes  Themes  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
tiledatamodelsvc  Tile Data model server  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
TimeBroker  Time Broker  svchost.exe  6.2.10240.16384  Share Process  Running  NT AUTHORITY\LocalService
TrkWks  Distributed Link Tracking Client  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
TrustedInstaller  Windows Modules Installer  TrustedInstaller.exe  6.2.10240.16384  Own Process  Stopped  localSystem
UI0Detect  Interactive Services Detection  UI0Detect.exe  10.0.10240.16384  Own Process  Stopped  LocalSystem
UmRdpService  Remote Desktop Services UserMode Port Redirector  svchost.exe  6.2.10240.16384  Share Process  Stopped  localSystem
upnphost  UPnP Device Host  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
UserManager  User Manager  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
UsoSvc  Update Orchestrator Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
VaultSvc  Credential Manager  lsass.exe  10.0.10240.16384  Share Process  Running  LocalSystem
vds  Virtual Disk  vds.exe  10.0.10240.16384  Own Process  Stopped  LocalSystem
vmicguestinterface  Hyper-V Guest Service Interface  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
vmicheartbeat  Hyper-V Heartbeat Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
vmickvpexchange  Hyper-V Data Exchange Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
vmicrdv  Hyper-V Remote Desktop Virtualization Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
vmicshutdown  Hyper-V Guest Shutdown Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
vmictimesync  Hyper-V Time Synchronization Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
vmicvmsession  Hyper-V VM Session Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
vmicvss  Hyper-V Volume Shadow Copy Requestor  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
VSS  Volume Shadow Copy  vssvc.exe  10.0.10240.16384  Own Process  Stopped  LocalSystem
W32Time  Windows Time  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
WalletService  WalletService  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
wbengine  Block Level Backup Engine Service  wbengine.exe  10.0.10240.16384  Own Process  Stopped  localSystem
WbioSrvc  Windows Biometric Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
Wcmsvc  Windows Connection Manager  svchost.exe  6.2.10240.16384  Share Process  Running  NT Authority\LocalService
wcncsvc  Windows Connect Now - Config Registrar  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
WcsPlugInService  Windows Color System  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
WdiServiceHost  Diagnostic Service Host  svchost.exe  6.2.10240.16384  Share Process  Running  NT AUTHORITY\LocalService
WdiSystemHost  Diagnostic System Host  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
WdNisSvc  Windows Defender Network Inspection Service  NisSrv.exe    Own Process  Running  NT AUTHORITY\LocalService
WebClient  WebClient  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
Wecsvc  Windows Event Collector  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\NetworkService
WEPHOSTSVC  Windows Encryption Provider Host Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
wercplsupport  Problem Reports and Solutions Control Panel Support  svchost.exe  6.2.10240.16384  Share Process  Stopped  localSystem
WerSvc  Windows Error Reporting Service  svchost.exe  6.2.10240.16384  Own Process  Stopped  localSystem
WiaRpc  Still Image Acquisition Events  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
WinDefend  Windows Defender Service  MsMpEng.exe    Own Process  Running  LocalSystem
WinHttpAutoProxySvc  WinHTTP Web Proxy Auto-Discovery Service  svchost.exe  6.2.10240.16384  Share Process  Running  NT AUTHORITY\LocalService
Winmgmt  Windows Management Instrumentation  svchost.exe  6.2.10240.16384  Share Process  Running  localSystem
WinRM  Windows Remote Management (WS-Management)  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\NetworkService
WlanSvc  WLAN AutoConfig  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
wlidsvc  Microsoft Account Sign-in Assistant  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
wmiApSrv  WMI Performance Adapter  WmiApSrv.exe  10.0.10240.16384  Own Process  Stopped  localSystem
WMPNetworkSvc  Windows Media Player Network Sharing Service  wmpnetwk.exe    Own Process  Stopped  NT AUTHORITY\NetworkService
workfolderssvc  Work Folders  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT AUTHORITY\LocalService
WPDBusEnum  Portable Device Enumerator Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
WpnService  Windows Push Notifications Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
wscsvc  Security Center  svchost.exe  6.2.10240.16384  Share Process  Running  NT AUTHORITY\LocalService
WSearch  Windows Search  SearchIndexer.exe  7.0.10240.16392  Own Process  Running  LocalSystem
WSService  Windows Store Service (WSService)  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
wuauserv  Windows Update  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
wudfsvc  Windows Driver Foundation - User-mode Driver Framework  svchost.exe  6.2.10240.16384  Share Process  Running  LocalSystem
WwanSvc  WWAN AutoConfig  svchost.exe  6.2.10240.16384  Share Process  Stopped  NT Authority\LocalService
XblAuthManager  Xbox Live Auth Manager  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
XblGameSave  Xbox Live Game Save  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem
XboxNetApiSvc  Xbox Live Networking Service  svchost.exe  6.2.10240.16384  Share Process  Stopped  LocalSystem


AX Files

 
AX File  Version  Description
bdaplgin.ax  6.2.10240.16384  Microsoft BDA Device Control Plug-in for MPEG2 based networks.
g711codc.ax  6.2.10240.16384  Intel G711 CODEC
iac25_32.ax  2.0.5.53  Indeo® audio software
ir41_32.ax  6.2.10240.16384  IR41_32 WRAPPER DLL
ivfsrc.ax  5.10.2.51  Intel Indeo® video IVF Source Filter 5.10
ksproxy.ax  6.2.10240.16384  WDM Streaming ActiveMovie Proxy
kstvtune.ax  6.2.10240.16384  WDM Streaming TvTuner
kswdmcap.ax  6.2.10240.16384  WDM Streaming Video Capture
ksxbar.ax  6.2.10240.16384  WDM Streaming Crossbar
mpeg2data.ax  6.2.10240.16384  Microsoft MPEG-2 Section and Table Acquisition Module
mpg2splt.ax  6.2.10240.16384  DirectShow MPEG-2 Splitter.
msdvbnp.ax  6.2.10240.16384  Microsoft Network Provider for MPEG2 based networks.
msnp.ax  6.2.10240.16384  Microsoft Network Provider for MPEG2 based networks.
psisrndr.ax  6.2.10240.16384  Microsoft Transport Information Filter for MPEG2 based networks.
vbicodec.ax  6.2.10240.16384  Microsoft VBI Codec
vbisurf.ax  6.2.10240.16384  VBI Surface Allocator Filter
vidcap.ax  6.2.10240.16384  Video Capture Interface Server
wstpager.ax  6.2.10240.16384  Microsoft Teletext Server


DLL Files

 
DLL File  Version  Description
abovelockapphost.dll  6.2.10240.16384  AboveLockAppHost
accessibilitycpl.dll  6.2.10240.16384  Ease of access control panel
accountscontrolinternal.dll  6.2.10240.16384  Accounts Control Broker Objects
acctres.dll  6.2.10240.16384  Microsoft Internet Account Manager Resources
acledit.dll  6.2.10240.16384  Access Control List Editor
aclui.dll  6.2.10240.16384  Security Descriptor Editor
acppage.dll  6.2.10240.16384  Compatibility Tab Shell Extension Library
actioncenter.dll  6.2.10240.16427  Security and Maintenance
actioncentercpl.dll  6.2.10240.16384  Security and Maintenance Control Panel
activationclient.dll  6.2.10240.16384  Activation Client
activeds.dll  6.2.10240.16384  ADs Router Layer DLL
actxprxy.dll  6.2.10240.16390  ActiveX Interface Marshaling Library
addressparser.dll  6.2.10240.16384  ADDRESSPARSER
adprovider.dll  6.2.10240.16384  adprovider DLL
adsldp.dll  6.2.10240.16384  ADs LDAP Provider DLL
adsldpc.dll  6.2.10240.16384  ADs LDAP Provider C DLL
adsmsext.dll  6.2.10240.16384  ADs LDAP Provider DLL
adsnt.dll  6.2.10240.16384  ADs Windows NT Provider DLL
adtschema.dll  6.2.10240.16384  Security Audit Schema DLL
advapi32.dll  6.2.10240.16384  Advanced Windows 32 Base API
advapi32res.dll  6.2.10240.16384  Advanced Windows 32 Base API
advpack.dll  11.0.10240.16384  ADVPACK
aeevts.dll  6.2.10240.16384  Application Experience Event Resources
amsi.dll  4.8.10240.16384  Anti-Malware Scan Interface
amstream.dll  6.2.10240.16384  DirectShow Runtime.
apds.dll  6.2.10240.16384  Microsoft® Help Data Services Module
appcapture.dll  6.2.10240.16384  Windows Runtime AppCapture DLL
appcontracts.dll  6.2.10240.16387  Windows AppContracts API Server
apphelp.dll  6.2.10240.16384  Application Compatibility Client Library
apphlpdm.dll  6.2.10240.16384  Application Compatibility Help Module
appidapi.dll  6.2.10240.16384  Application Identity APIs Dll
applockercsp.dll  6.2.10240.16384  AppLockerCSP
appointmentactivation.dll  6.2.10240.16384  DLL for AppointmentActivation
appointmentapis.dll  6.2.10240.16384  DLL for CalendarRT
apprepapi.dll  6.2.10240.16384  Application Reputation APIs Dll
apprepsync.dll  6.2.10240.16384  AppRepSync Task
appxalluserstore.dll  6.2.10240.16389  AppX All User Store DLL
appxapplicabilityengine.dll  6.2.10240.16384  AppX Applicability Engine
appxdeploymentclient.dll  6.2.10240.16445  AppX Deployment Client DLL
appxpackaging.dll  6.2.10240.16384  Native Code Appx Packaging Library
appxsip.dll  6.2.10240.16384  Appx Subject Interface Package
asferror.dll  12.0.10240.16384  ASF Error Definitions
aspnet_counters.dll  4.6.79.0  Microsoft ASP.NET Performance Counter Shim DLL
asycfilt.dll  6.2.10240.16384  
atl.dll  3.5.2284.0  ATL Module for Windows XP (Unicode)
atl100.dll  10.0.40219.1  ATL Module for Windows
atlthunk.dll  6.2.10240.16384  atlthunk.dll
atmfd.dll  5.1.2.243  Windows NT OpenType/Type 1 Font Driver
atmlib.dll  5.1.2.243  Windows NT OpenType/Type 1 API Library.
audiodev.dll  6.2.10240.16384  Portable Media Devices Shell Extension
audioeng.dll  6.2.10240.16412  Audio Engine
audiokse.dll  6.2.10240.16384  Audio Ks Endpoint
audioses.dll  6.2.10240.16412  Audio Session
authbroker.dll  6.2.10240.16384  Web Authentication WinRT API
authbrokerui.dll  6.2.10240.16384  AuthBroker UI
authext.dll  6.2.10240.16384  Authentication Extensions
authfwcfg.dll  6.2.10240.16384  Windows Firewall with Advanced Security Configuration Helper
authfwgp.dll  6.2.10240.16384  Windows Firewall with Advanced Security Group Policy Editor Extension
authfwsnapin.dll  6.2.10240.16384  Microsoft.WindowsFirewall.SnapIn
authfwwizfwk.dll  6.2.10240.16384  Wizard Framework
authui.dll  6.2.10240.16384  Windows Authentication UI
authz.dll  6.2.10240.16384  Authorization Framework
autoplay.dll  6.2.10240.16384  AutoPlay Control Panel
avicap32.dll  6.2.10240.16384  AVI Capture window class
avifil32.dll  6.2.10240.16384  Microsoft AVI File support library
avrt.dll  6.2.10240.16384  Multimedia Realtime Runtime
azroles.dll  6.2.10240.16384  azroles Module
azroleui.dll  6.2.10240.16384  Authorization Manager
azsqlext.dll  6.2.10240.16384  AzMan Sql Audit Extended Stored Procedures Dll
azuresettingsyncprovider.dll  6.2.10240.16384  Azure Setting Sync Provider
backgroundmediapolicy.dll  6.2.10240.16384  <d> Background Media Policy DLL
basecsp.dll  6.2.10240.16384  Microsoft Base Smart Card Crypto Provider
batmeter.dll  6.2.10240.16384  Battery Meter Helper DLL
bcastdvr.proxy.dll  6.2.10240.16384  Broadcast DVR Proxy
bcd.dll  6.2.10240.16393  BCD DLL
bcp47langs.dll  6.2.10240.16384  BCP47 Language Classes
bcrypt.dll  6.2.10240.16384  Windows Cryptographic Primitives Library
bcryptprimitives.dll  6.2.10240.16384  Windows Cryptographic Primitives Library
bidispl.dll  6.2.10240.16384  Bidispl DLL
bingmaps.dll  6.2.10240.16392  Bing Map Control
bingonlineservices.dll  6.2.10240.16384  Bing online services
biocredprov.dll  6.2.10240.16384  WinBio Credential Provider
bitsperf.dll  7.8.10240.16384  Perfmon Counter Access
bitsproxy.dll  7.8.10240.16384  Background Intelligent Transfer Service Proxy
biwinrt.dll  6.2.10240.16384  Windows Background Broker Infrastructure
blackbox.dll  11.0.10240.16384  BlackBox DLL
bluetoothapis.dll  6.2.10240.16384  Bluetooth Usermode Api host
bootvid.dll  6.2.10240.16384  VGA Boot Driver
browcli.dll  6.2.10240.16384  Browser Service Client DLL
browsersettingsync.dll  6.2.10240.16384  Browser Setting Synchronization
browseui.dll  6.2.10240.16384  Shell Browser UI Library
btpanui.dll  6.2.10240.16384  Bluetooth PAN User Interface
bwcontexthandler.dll  1.0.0.1  ContextH Application
c_g18030.dll  6.2.10240.16384  GB18030 DBCS-Unicode Conversion DLL
c_gsm7.dll  6.2.10240.16384  GSM 7bit Code Page Translation DLL for SMS
c_is2022.dll  6.2.10240.16384  ISO-2022 Code Page Translation DLL
c_iscii.dll  6.2.10240.16384  ISCII Code Page Translation DLL
cabinet.dll  6.2.10240.16384  Microsoft® Cabinet File API
cabview.dll  6.2.10240.16384  Cabinet File Viewer Shell Extension
callbuttons.dll  6.2.10240.16384  Windows Runtime CallButtonsServer DLL
callbuttons.proxystub.dll  6.2.10240.16384  Windows Runtime CallButtonsServer ProxyStub DLL
callhistoryclient.dll  6.2.10240.16384  Client DLL for accessing CallHistory information
cameracaptureui.dll  6.2.10240.16384  Microsoft® Windows® Operating System
capiprovider.dll  6.2.10240.16384  capiprovider DLL
capisp.dll  6.2.10240.16384  Sysprep cleanup dll for CAPI
catsrv.dll  2001.12.10941.16384  COM+ Configuration Catalog Server
catsrvps.dll  2001.12.10941.16384  COM+ Configuration Catalog Server Proxy/Stub
catsrvut.dll  2001.12.10941.16384  COM+ Configuration Catalog Server Utilities
cca.dll  6.2.10240.16384  CCA DirectShow Filter.
cdosys.dll  6.6.10240.16384  Microsoft CDO for Windows Library
cdp.dll  6.2.10240.16384  Microsoft (R) CDP Client API
cemapi.dll  6.2.10240.16384  CEMAPI
certca.dll  6.2.10240.16384  Microsoft® Active Directory Certificate Services CA
certcli.dll  6.2.10240.16384  Microsoft® Active Directory Certificate Services Client
certcredprovider.dll  6.2.10240.16384  Cert Credential Provider
certenc.dll  6.2.10240.16384  Active Directory Certificate Services Encoding
certenroll.dll  6.2.10240.16384  Microsoft® Active Directory Certificate Services Enrollment Client
certenrollui.dll  6.2.10240.16384  X509 Certificate Enrollment UI
certmgr.dll  6.2.10240.16384  Certificates snap-in
certpoleng.dll  6.2.10240.16384  Certificate Policy Engine
cewmdm.dll  12.0.10240.16384  Windows CE WMDM Service Provider
cfgbkend.dll  6.2.10240.16384  Configuration Backend Interface
cfgmgr32.dll  6.2.10240.16384  Configuration Manager DLL
cfmifs.dll  6.2.10240.16384  FmIfs Engine
cfmifsproxy.dll  6.2.10240.16384  Microsoft® FmIfs Proxy Library
chakra.dll  11.0.10240.16431  Microsoft ® JScript
chakradiag.dll  11.0.10240.16384  Microsoft ® JScript Diagnostics
chartv.dll  6.2.10240.16384  Chart View
chatapis.dll  6.2.10240.16384  DLL for ChatRT
chxreadingstringime.dll  6.2.10240.16384  CHxReadingStringIME
cic.dll  6.2.10240.16384  CIC - MMC controls for Taskpad
cilkrts20_32.dll  2.0.4232.0  Intel® Cilk™ Plus Runtime
clb.dll  6.2.10240.16384  Column List Box
clbcatq.dll  2001.12.10941.16384  COM+ Configuration Catalog
clfsw32.dll  6.2.10240.16384  Common Log Marshalling Win32 DLL
cliconfg.dll  6.2.10240.16384  SQL Client Configuration Utility DLL
clipboardserver.dll  6.2.10240.16384  Modern Clipboard API Server
clipc.dll  6.2.10240.16384  Client Licensing Platform Client
clrhost.dll  6.2.10240.16384  In Proc server for managed servers in the Windows Runtime
clusapi.dll  6.2.10240.16384  Cluster API Library
cmcfg32.dll  7.2.10240.16384  Microsoft Connection Manager Configuration Dll
cmdext.dll  6.2.10240.16384  cmd.exe Extension DLL
cmdial32.dll  7.2.10240.16384  Microsoft Connection Manager
cmifw.dll  6.2.10240.16384  Windows Firewall rule configuration plug-in
cmipnpinstall.dll  6.2.10240.16384  PNP plugin installer for CMI
cmlua.dll  7.2.10240.16384  Connection Manager Admin API Helper
cmpbk32.dll  7.2.10240.16384  Microsoft Connection Manager Phonebook
cmstplua.dll  7.2.10240.16384  Connection Manager Admin API Helper for Setup
cmutil.dll  7.2.10240.16384  Microsoft Connection Manager Utility Lib
cngcredui.dll  6.2.10240.16384  Microsoft CNG CredUI Provider
cngprovider.dll  6.2.10240.16384  cngprovider DLL
cnvfat.dll  6.2.10240.16384  FAT File System Conversion Utility DLL
colbact.dll  2001.12.10941.16384  COM+
colorcnv.dll  6.2.10240.16384  Windows Media Color Conversion
colorui.dll  6.2.10240.16384  Microsoft Color Control Panel
combase.dll  6.2.10240.16384  Microsoft COM for Windows
comcat.dll  6.2.10240.16384  Microsoft Component Category Manager Library
comctl32.dll  5.82.10240.16384  User Experience Controls Library
comdlg32.dll  6.2.10240.16405  Common Dialogs DLL
coml2.dll  6.2.10240.16384  Microsoft COM for Windows
common_clang32.dll  4.0.0.0  Intel(R) OpenCL(TM) Runtime
commstypehelperutil_ca.dll  6.2.10240.16384  Comms Type Helper Util
compobj.dll  3.10.0.103  Windows Win16 Application Launcher
comppkgsup.dll  12.0.10240.16384  Component Package Support DLL
compstui.dll  6.2.10240.16384  Common Property Sheet User Interface DLL
comrepl.dll  2001.12.10941.16384  COM+
comres.dll  2001.12.10941.16384  COM+ Resources
comsnap.dll  2001.12.10941.16384  COM+ Explorer MMC Snapin
comsvcs.dll  2001.12.10941.16384  COM+ Services
comuid.dll  2001.12.10941.16384  COM+ Explorer UI
configureexpandedstorage.dll  6.2.10240.16384  ConfigureExpandedStorage
connect.dll  6.2.10240.16384  Get Connected Wizards
connectedaccountstate.dll  6.2.10240.16384  ConnectedAccountState.dll
console.dll  6.2.10240.16384  Control Panel Console Applet
contactactivation.dll  6.2.10240.16384  DLL for ContactActivation
contactapis.dll  6.2.10240.16397  DLL for ContactsRT
coremessaging.dll  6.2.10240.16397  Microsoft CoreMessaging Dll
coremmres.dll  6.2.10240.16384  General Core Multimedia Resources
coreuicomponents.dll    
cortana.persona.dll  6.2.10240.16384  Cortana.Persona
cortanamapihelper.dll  6.2.10240.16384  CortanaMapiHelper
cortanamapihelper.proxystub.dll  6.2.10240.16384  CortanaMapiHelper.ProxyStub
cpfilters.dll  6.2.10240.16384   PTFilter & Encypter/Decrypter Tagger Filters.
credentialmigrationhandler.dll  6.2.10240.16384  Credential Migration Handler
credprovdatamodel.dll  6.2.10240.16412  Cred Prov Data Model
credprovhost.dll  6.2.10240.16384  Credential Provider Framework Host
credprovs.dll  6.2.10240.16384  Credential Providers
credssp.dll  6.2.10240.16384  Credential Delegation Security Package
credui.dll  6.2.10240.16384  Credential Manager User Interface
crtdll.dll  4.0.1183.1  Microsoft C Runtime Library
crypt32.dll  6.2.10240.16384  Crypto API32
cryptbase.dll  6.2.10240.16384  Base cryptographic API DLL
cryptdlg.dll  6.2.10240.16384  Microsoft Common Certificate Dialogs
cryptdll.dll  6.2.10240.16384  Cryptography Manager
cryptext.dll  6.2.10240.16384  Crypto Shell Extensions
cryptnet.dll  6.2.10240.16384  Crypto Network Related API
cryptngc.dll  6.2.10240.16384  Microsoft Passport API
cryptowinrt.dll  6.2.10240.16384  Crypto WinRT Library
cryptsp.dll  6.2.10240.16384  Cryptographic Service Provider API
crypttpmeksvc.dll  6.2.10240.16384  Cryptographic TPM Endorsement Key Services
cryptui.dll  6.2.10240.16384  Microsoft Trust UI Provider
cryptuiwizard.dll  6.2.10240.16384  Microsoft Trust UI Provider
cryptxml.dll  6.2.10240.16384  XML DigSig API
cscapi.dll  6.2.10240.16384  Offline Files Win32 API
cscdll.dll  6.2.10240.16384  Offline Files Temporary Shim
ctl3d32.dll  2.31.0.0  Ctl3D 3D Windows Controls
d2d1.dll  6.2.10240.16384  Microsoft D2D Library
d3d10.dll  6.2.10240.16384  Direct3D 10 Runtime
d3d10_1.dll  6.2.10240.16384  Direct3D 10.1 Runtime
d3d10_1core.dll  6.2.10240.16384  Direct3D 10.1 Runtime
d3d10core.dll  6.2.10240.16384  Direct3D 10 Runtime
d3d10level9.dll  6.2.10240.16384  Direct3D 10 to Direct3D9 Translation Runtime
d3d10warp.dll  6.2.10240.16384  Direct3D 10 Rasterizer
d3d11.dll  6.2.10240.16384  Direct3D 11 Runtime
d3d12.dll  6.2.10240.16384  Direct3D 12 Runtime
d3d8.dll  6.2.10240.16384  Microsoft Direct3D
d3d8thk.dll  6.2.10240.16384  Microsoft Direct3D OS Thunk Layer
d3d9.dll  6.2.10240.16412  Direct3D 9 Runtime
d3dcompiler_47.dll  6.2.10240.16384  Direct3D HLSL Compiler
d3dim.dll  6.2.10240.16384  Microsoft Direct3D
d3dim700.dll  6.2.10240.16384  Microsoft Direct3D
d3dramp.dll  6.2.10240.16384  Microsoft Direct3D
d3dxof.dll  6.2.10240.16384  DirectX Files DLL
dabapi.dll  6.2.10240.16384  Desktop Activity Broker API
dafcdp.dll  6.2.10240.16384  DAF CDP Provider
dafprintprovider.dll  6.2.10240.16384  DAF Print Provider DLL
daotpcredentialprovider.dll  6.2.10240.16384  DirectAccess One-Time Password Credential Provider
dataclen.dll  6.2.10240.16384  Disk Space Cleaner for Windows
dataexchange.dll  6.2.10240.16384  Data exchange
davclnt.dll  6.2.10240.16384  Web DAV Client DLL
davhlpr.dll  6.2.10240.16384  DAV Helper DLL
dbgcore.dll  6.2.10240.16384  Windows Core Debugging Helpers
dbgeng.dll  6.2.10240.16384  Windows Symbolic Debugger Engine
dbghelp.dll  6.2.10240.16384  Windows Image Helper
dbgmodel.dll  6.2.10240.16384  Windows Debugger Data Model
dbnetlib.dll  6.2.10240.16384  Winsock Oriented Net DLL for SQL Clients
dbnmpntw.dll  6.2.10240.16384  Named Pipes Net DLL for SQL Clients
dciman32.dll  6.2.10240.16384  DCI Manager
dcomp.dll  6.2.10240.16384  Microsoft DirectComposition Library
ddaclsys.dll  6.2.10240.16384  SysPrep module for Resetting Data Drive ACL
ddoiproxy.dll  6.2.10240.16384  DDOI Interface Proxy
ddores.dll  6.2.10240.16384  Device Category information and resources
ddraw.dll  6.2.10240.16384  Microsoft DirectDraw
ddrawex.dll  6.2.10240.16384  Direct Draw Ex
defaultdevicemanager.dll  6.2.10240.16384  Default Device Manager
defaultprinterprovider.dll  6.2.10240.16384  Microsoft Windows Default Printer Provider
delegatorprovider.dll  6.2.10240.16384  WMI PassThru Provider for Storage Management
deskadp.dll  6.2.10240.16384  Advanced display adapter properties
deskmon.dll  6.2.10240.16384  Advanced display monitor properties
devdispitemprovider.dll  6.2.10240.16384  DeviceItem inproc devquery subsystem
devenum.dll  6.2.10240.16384  Device enumeration.
deviceaccess.dll  6.2.10240.16384  Device Broker And Policy COM Server
deviceassociation.dll  6.2.10240.16384  Device Association Client DLL
devicecenter.dll  6.2.10240.16384  Device Center
devicedisplaystatusmanager.dll  6.2.10240.16384  Device Display Status Manager
devicepairing.dll  6.2.10240.16384  Shell extensions for Device Pairing
devicepairingfolder.dll  6.2.10240.16384  Device Pairing Folder
devicepairingproxy.dll  6.2.10240.16384  Device Pairing Proxy Dll
devicesetupstatusprovider.dll  6.2.10240.16384  Device Setup Status Provider Dll
deviceuxres.dll  6.2.10240.16384  Windows Device User Experience Resource File
devmgr.dll  6.2.10240.16384  Device Manager MMC Snapin
devobj.dll  6.2.10240.16384  Device Information Set DLL
devrtl.dll  6.2.10240.16384  Device Management Run Time Library
dfscli.dll  6.2.10240.16384  Windows NT Distributed File System Client DLL
dfshim.dll  6.2.10240.16384  ClickOnce Application Deployment Support Library
dfsshlex.dll  6.2.10240.16384  Distributed File System shell extension
dhcpcmonitor.dll  6.2.10240.16384  DHCP Client Monitor Dll
dhcpcore.dll  6.2.10240.16384  DHCP Client Service
dhcpcore6.dll  6.2.10240.16384  DHCPv6 Client
dhcpcsvc.dll  6.2.10240.16384  DHCP Client Service
dhcpcsvc6.dll  6.2.10240.16384  DHCPv6 Client
dhcpsapi.dll  6.2.10240.16384  DHCP Server API Stub DLL
dialclient.dll  12.0.10240.16384  DIAL DLL
dictationmanager.dll  6.2.0.1  Dictation Manager
difxapi.dll  2.1.0.0  Driver Install Frameworks for API library module
dimsjob.dll  6.2.10240.16384  DIMS Job DLL
dimsroam.dll  6.2.10240.16384  Key Roaming DIMS Provider DLL
dinput.dll  6.2.10240.16384  Microsoft DirectInput
dinput8.dll  6.2.10240.16384  Microsoft DirectInput
directdb.dll  6.2.10240.16384  Microsoft Direct Database API
directmanipulation.dll  6.2.10240.16431  Microsoft Direct Manipulation Component
dismapi.dll  6.2.10240.16384  DISM API Framework
dispex.dll  5.812.10240.16384  Microsoft ® DispEx
display.dll  6.2.10240.16384  Display Control Panel
displaymanager.dll  6.2.10240.16386  DisplayManager
dlnashext.dll  12.0.10240.16384  DLNA Namespace DLL
dmband.dll  6.2.10240.16384  Microsoft DirectMusic Band
dmcmnutils.dll  6.2.10240.16384  dmcmnutils
dmcompos.dll  6.2.10240.16384  Microsoft DirectMusic Composer
dmdlgs.dll  6.2.10240.16384  Disk Management Snap-in Dialogs
dmdskmgr.dll  6.2.10240.16384  Disk Management Snap-in Support Library
dmdskres.dll  6.2.10240.16384  Disk Management Snap-in Resources
dmdskres2.dll  6.2.10240.16384  Disk Management Snap-in Resources
dmime.dll  6.2.10240.16384  Microsoft DirectMusic Interactive Engine
dmintf.dll  6.2.10240.16384  Disk Management DCOM Interface Stub
dmloader.dll  6.2.10240.16384  Microsoft DirectMusic Loader
dmocx.dll  6.2.10240.16384  TreeView OCX
dmscript.dll  6.2.10240.16384  Microsoft DirectMusic Scripting
dmstyle.dll  6.2.10240.16384  Microsoft DirectMusic Style Engline
dmsynth.dll  6.2.10240.16384  Microsoft DirectMusic Software Synthesizer
dmusic.dll  6.2.10240.16384  Microsoft DirectMusic Core Services
dmutil.dll  6.2.10240.16384  Logical Disk Manager Utility Library
dmvdsitf.dll  6.2.10240.16384  Disk Management Snap-in Support Library
dnsapi.dll  6.2.10240.16384  DNS Client API DLL
dnscmmc.dll  6.2.10240.16384  DNS Client MMC Snap-in DLL
docprop.dll  6.2.10240.16384  OLE DocFile Property Page
dolbydecmft.dll  6.2.10240.16384  Media Foundation Dolby Digital Decoders
dot3api.dll  6.2.10240.16384  802.3 Autoconfiguration API
dot3cfg.dll  6.2.10240.16384  802.3 Netsh Helper
dot3dlg.dll  6.2.10240.16384  802.3 UI Helper
dot3gpclnt.dll  6.2.10240.16384  802.3 Group Policy Client
dot3gpui.dll  6.2.10240.16384  802.3 Network Policy Management Snap-in
dot3hc.dll  6.2.10240.16384  Dot3 Helper Class
dot3msm.dll  6.2.10240.16384  802.3 Media Specific Module
dot3ui.dll  6.2.10240.16384  802.3 Advanced UI
dpapi.dll  6.2.10240.16384  Data Protection API
dpapiprovider.dll  6.2.10240.16384  dpapiprovider DLL
dplayx.dll  10.0.10240.16384  DirectPlay Stub
dpmodemx.dll  10.0.10240.16384  DirectPlay Stub
dpnaddr.dll  10.0.10240.16384  DirectPlay Stub
dpnathlp.dll  10.0.10240.16384  DirectPlay Stub
dpnet.dll  10.0.10240.16384  DirectPlay Stub
dpnhpast.dll  10.0.10240.16384  DirectPlay Stub
dpnhupnp.dll  10.0.10240.16384  DirectPlay Stub
dpnlobby.dll  10.0.10240.16384  DirectPlay Stub
dpwsockx.dll  10.0.10240.16384  DirectPlay Stub
dpx.dll  6.2.10240.16384  Microsoft(R) Delta Package Expander
drmmgrtn.dll  11.0.10240.16384  DRM Migration DLL
drmv2clt.dll  11.0.10100.0  DRMv2 Client DLL
drprov.dll  6.2.10240.16384  Microsoft Remote Desktop Session Host Server Network Provider
drt.dll  6.2.10240.16384  Distributed Routing Table
drtprov.dll  6.2.10240.16384  Distributed Routing Table Providers
drttransport.dll  6.2.10240.16384  Distributed Routing Table Transport Provider
drvstore.dll  6.2.10240.16384  Driver Store API
dsauth.dll  6.2.10240.16384  DS Authorization for Services
dsccoreconfprov.dll  6.2.9200.16384  DSC
dsclient.dll  6.2.10240.16384  Data Sharing Service Client DLL
dsdmo.dll  6.2.10240.16384  DirectSound Effects
dskquota.dll  6.2.10240.16384  Windows Shell Disk Quota Support DLL
dskquoui.dll  6.2.10240.16384  Windows Shell Disk Quota UI DLL
dsound.dll  6.2.10240.16384  DirectSound
dsparse.dll  6.2.10240.16384  Active Directory Domain Services API
dsprop.dll  6.2.10240.16384  Windows Active Directory Property Pages
dsquery.dll  6.2.10240.16384  Directory Service Find
dsreg.dll  6.2.10240.16384  AD/AAD User Device Registration
dsrole.dll  6.2.10240.16384  DS Setup Client DLL
dssec.dll  6.2.10240.16384  Directory Service Security UI
dssenh.dll  6.2.10240.16384  Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
dsui.dll  6.2.10240.16384  Device Setup UI Pages
dsuiext.dll  6.2.10240.16384  Directory Service Common UI
dswave.dll  6.2.10240.16384  Microsoft DirectMusic Wave
dtsh.dll  6.2.10240.16384  Detection and Sharing Status API
dui70.dll  6.2.10240.16384  Windows DirectUI Engine
duser.dll  6.2.10240.16384  Windows DirectUser Engine
dwmapi.dll  6.2.10240.16392  Microsoft Desktop Window Manager API
dwmcore.dll  6.2.10240.16431  Microsoft DWM Core Library
dwrite.dll  6.2.10240.16430  Microsoft DirectX Typography Services
dxdiagn.dll  6.2.10240.16384  Microsoft DirectX Diagnostic Tool
dxgi.dll  6.2.10240.16412  DirectX Graphics Infrastructure
dxmasf.dll  12.0.10240.16384  Microsoft Windows Media Component Removal File.
dxptasksync.dll  6.2.10240.16384  Microsoft Windows DXP Sync.
dxtmsft.dll  11.0.10240.16384  DirectX Media -- Image DirectX Transforms
dxtrans.dll  11.0.10240.16384  DirectX Media -- DirectX Transform Core
dxva2.dll  6.2.10240.16384  DirectX Video Acceleration 2.0 DLL
eapp3hst.dll  6.2.10240.16384  Microsoft ThirdPartyEapDispatcher
eappcfg.dll  6.2.10240.16384  Eap Peer Config
eappgnui.dll  6.2.10240.16384  EAP Generic UI
eapphost.dll  6.2.10240.16384  Microsoft EAPHost Peer service
eappprxy.dll  6.2.10240.16384  Microsoft EAPHost Peer Client DLL
eapprovp.dll  6.2.10240.16384  EAP extension DLL
easwrt.dll  6.2.10240.16384  Exchange ActiveSync Windows Runtime DLL
edgehtml.dll  11.0.10240.16431  Microsoft (R) HTML Viewer
editbuffertesthook.dll    
edpauditapi.dll  6.2.10240.16384  EDP Audit API
edputil.dll  6.2.10240.16384  EDP util
efsadu.dll  6.2.10240.16384  File Encryption Utility
efscore.dll  6.2.10240.16392  EFS Core Library
efsext.dll    
efsutil.dll  6.2.10240.16384  EFS Utility Library
efswrt.dll  6.2.10240.16384  Storage Protection Windows Runtime DLL
ehstorapi.dll  6.2.10240.16384  Windows Enhanced Storage API
ehstorpwdmgr.dll  6.2.10240.16384  Microsoft Enhanced Storage Password Manager
els.dll  6.2.10240.16384  Event Viewer Snapin
elscore.dll  6.2.10240.16384  Els Core Platform DLL
elshyph.dll  6.2.10240.16384  ELS Hyphenation Service
elslad.dll  6.2.10240.16384  ELS Language Detection
elstrans.dll  6.2.10240.16384  ELS Transliteration Service
emailapis.dll  6.2.10240.16384  DLL for EmailRT
embeddedmodesvcapi.dll  6.2.10240.16384  Embedded Mode Service Client DLL
encapi.dll  6.2.10240.16384  Encoder API
encdec.dll  6.2.10240.16384   XDSCodec & Encypter/Decrypter Tagger Filters.
eqossnap.dll  6.2.10240.16384  EQoS Snapin extension
errordetails.dll  6.2.10240.16384  Microsoft Windows operating system.
es.dll  2001.12.10941.16384  COM+
esdsip.dll  6.2.10240.16384  Crypto SIP provider for signing and verifying .esd Electronic Software Distribution files
esent.dll  6.2.10240.16384  Extensible Storage Engine for Microsoft(R) Windows(R)
esentprf.dll  6.2.10240.16384  Extensible Storage Engine Performance Monitoring Library for Microsoft(R) Windows(R)
esevss.dll  6.2.10240.16384  Microsoft(R) ESENT shadow utilities
etwcoreuicomponentsresources.dll  6.2.10240.16384  Microsoft CoreComponents UI ETW manifest Dll
etweseproviderresources.dll  6.2.10240.16384  Microsoft ESE ETW
eventcls.dll  6.2.10240.16384  Microsoft® Volume Shadow Copy Service event class
evr.dll  6.2.10240.16384  Enhanced Video Renderer DLL
execmodelclient.dll  6.2.10240.16384  ExecModelClient
execmodelproxy.dll  6.2.10240.16384  ExecModelProxy
explorerframe.dll  6.2.10240.16405  ExplorerFrame
expsrv.dll  6.0.72.9589  Visual Basic for Applications Runtime - Expression Service
exsmime.dll  6.2.10240.16384  LExsmime
extrasxmlparser.dll  6.2.10240.16384  Extras XML parser used to extract extension information from XML
f3ahvoas.dll  6.2.10240.16384  JP Japanese Keyboard Layout for Fujitsu FMV oyayubi-shift keyboard
familysafetyext.dll  6.2.10240.16384  FamilySafety ChildAccount Extensions
faultrep.dll  6.2.10240.16384  Windows User Mode Crash Reporting DLL
fdbth.dll  6.2.10240.16384  Function Discovery Bluetooth Provider Dll
fdbthproxy.dll  6.2.10240.16384  Bluetooth Provider Proxy Dll
fddevquery.dll  6.2.10240.16384  Microsoft Windows Device Query Helper
fde.dll  6.2.10240.16384  Folder Redirection Snapin Extension
fdeploy.dll  6.2.10240.16384  Folder Redirection Group Policy Extension
fdpnp.dll  6.2.10240.16384  Pnp Provider Dll
fdprint.dll  6.2.10240.16384  Function Discovery Print Provider Dll
fdproxy.dll  6.2.10240.16384  Function Discovery Proxy Dll
fdssdp.dll  6.2.10240.16384  Function Discovery SSDP Provider Dll
fdwcn.dll  6.2.10240.16384  Windows Connect Now - Config Function Discovery Provider DLL
fdwnet.dll  6.2.10240.16384  Function Discovery WNet Provider Dll
fdwsd.dll  6.2.10240.16384  Function Discovery WS Discovery Provider Dll
feclient.dll  6.2.10240.16384  Windows NT File Encryption Client Interfaces
filemgmt.dll  6.2.10240.16384  Services and Shared Folders
findnetprinters.dll  6.2.10240.16384  Find Network Printers COM Component
fingerprintcredential.dll  6.2.10240.16384  WinBio Fingerprint Credential
firewallapi.dll  6.2.10240.16384  Windows Firewall API
firewallcontrolpanel.dll  6.2.10240.16384  Windows Firewall Control Panel
fltlib.dll  6.2.10240.16384  Filter Library
fmifs.dll  6.2.10240.16384  FM IFS Utility DLL
fms.dll  6.2.10240.16384  Font Management Services
fontext.dll  6.2.10240.16384  Windows Font Folder
fontsub.dll  6.2.10240.16384  Font Subsetting DLL
fphc.dll  6.2.10240.16384  Filtering Platform Helper Class
framedyn.dll  6.2.10240.16384  WMI SDK Provider Framework
framedynos.dll  6.2.10240.16384  WMI SDK Provider Framework
frprov.dll  6.2.10240.16384  Folder Redirection WMI Provider
fsutilext.dll  6.2.10240.16384  FS Utility Extension DLL
fundisc.dll  6.2.10240.16384  Function Discovery Dll
fwbase.dll  6.2.10240.16384  Firewall Base DLL
fwcfg.dll  6.2.10240.16384  Windows Firewall Configuration Helper
fwpolicyiomgr.dll  6.2.10240.16412  FwPolicyIoMgr DLL
fwpuclnt.dll  6.2.10240.16384  FWP/IPsec User-Mode API
fwremotesvr.dll  6.2.10240.16384  Windows Firewall Remote APIs Server
fxsapi.dll  6.2.10240.16384  Microsoft Fax API Support DLL
fxscom.dll  6.2.10240.16384  Microsoft Fax Server COM Client Interface
fxscomex.dll  6.2.10240.16384  Microsoft Fax Server Extended COM Client Interface
fxsext32.dll  6.2.10240.16384  Microsoft Fax Exchange Command Extension
fxsresm.dll  6.2.10240.16384  Microsoft Fax Resource DLL
fxsxp32.dll  6.2.10240.16384  Microsoft Fax Transport Provider
gameux.dll  6.2.10240.16384  Games Explorer
gameuxlegacygdfs.dll  1.0.0.1  Legacy GDF resource DLL
gamingtcui.dll  6.2.10240.16384  Windows Gaming Internal CallableUI dll
gcdef.dll  6.2.10240.16384  Game Controllers Default Sheets
gdi32.dll  6.2.10240.16390  GDI Client DLL
gdiplus.dll  6.2.10240.16384  Microsoft GDI+
geocommon.dll  6.2.10240.16384  Geocommon
geolocation.dll  6.2.10240.16384  Geolocation Runtime DLL
geolocatorhelper.dll  6.2.10240.16384  GeoLocatorHelper
getuname.dll  6.2.10240.16384  Unicode name Dll for UCE
glmf32.dll  6.2.10240.16384  OpenGL Metafiling DLL
globcollationhost.dll  6.2.10240.16384  GlobCollationHost
globinputhost.dll  6.2.10240.16384  Windows Globalization Extension API for Input
glu32.dll  6.2.10240.16384  OpenGL Utility Library DLL
gpapi.dll  6.2.10240.16384  Group Policy Client API
gpedit.dll  6.2.10240.16384  GPEdit
gpprnext.dll  6.2.10240.16384  Group Policy Printer Extension
gptext.dll  6.2.10240.16384  GPTExt
hbaapi.dll  6.2.10240.16384  HBA API data interface dll for HBA_API_Rev_2-18_2002MAR1.doc
hcproviders.dll  6.2.10240.16384  Security and Maintenance Providers
helppaneproxy.dll  6.2.10240.16384  Microsoft® Help Proxy
hevcdecoder.dll  6.2.10240.16384  Windows H265 Video Decoder
hgcpl.dll  6.2.10240.16384  HomeGroup Control Panel
hhsetup.dll  6.2.10240.16384  Microsoft® HTML Help
hid.dll  6.2.10240.16384  Hid User Library
hidserv.dll  6.2.10240.16384  Human Interface Device Service
hlink.dll  6.2.10240.16384  Microsoft Office 2000 component
hmkd.dll  6.2.10240.16385  Windows HMAC Key Derivation API
hnetcfg.dll  6.2.10240.16384  Home Networking Configuration Manager
hnetmon.dll  6.2.10240.16384  Home Networking Monitor DLL
hrtfapo.dll    
httpapi.dll  6.2.10240.16384  HTTP Protocol Stack API
htui.dll  6.2.10240.16384  Common halftone Color Adjustment Dialogs
ias.dll  6.2.10240.16384  Network Policy Server
iasacct.dll  6.2.10240.16384  NPS Accounting Provider
iasads.dll  6.2.10240.16384  NPS Active Directory Data Store
iasdatastore.dll  6.2.10240.16384  NPS Datastore server
iashlpr.dll  6.2.10240.16384  NPS Surrogate Component
iasmigplugin.dll  6.2.10240.16384  NPS Migration DLL
iasnap.dll  6.2.10240.16384  NPS NAP Provider
iaspolcy.dll  6.2.10240.16384  NPS Pipeline
iasrad.dll  6.2.10240.16384  NPS RADIUS Protocol Component
iasrecst.dll  6.2.10240.16384  NPS XML Datastore Access
iassam.dll  6.2.10240.16384  NPS NT SAM Provider
iassdo.dll  6.2.10240.16384  NPS SDO Component
iassvcs.dll  6.2.10240.16384  NPS Services Component
iccvid.dll  1.10.0.12  Cinepak® Codec
icm32.dll  6.2.10240.16384  Microsoft Color Management Module (CMM)
icmp.dll  6.2.10240.16384  ICMP DLL
icmui.dll  6.2.10240.16384  Microsoft Color Matching System User Interface DLL
iconcodecservice.dll  6.2.10240.16384  Converts a PNG part of the icon to a legacy bmp icon
icsigd.dll  6.2.10240.16384  Internet Gateway Device properties
idctrls.dll  6.2.10240.16384  Identity Controls
idndl.dll  6.2.10240.16384  Downlevel DLL
idstore.dll  6.2.10240.16384  Identity Store
ieadvpack.dll  11.0.10240.16384  ADVPACK
ieapfltr.dll  11.0.10240.16384  Microsoft SmartScreen Filter
iedkcs32.dll  18.0.10240.16384  IEAK branding
ieetwproxystub.dll  11.0.10240.16384  IE ETW Collector Proxy Stub Resources
ieframe.dll  11.0.10240.16425  Internet Browser
iepeers.dll  11.0.10240.16384  Internet Explorer Peer Objects
ieproxy.dll  11.0.10240.16386  IE ActiveX Interface Marshaling Library
iernonce.dll  11.0.10240.16384  Extended RunOnce processing with UI
iertutil.dll  11.0.10240.16431  Run time utility for Internet Explorer
iesetup.dll  11.0.10240.16384  IOD Version Map
iesysprep.dll  11.0.10240.16384  IE Sysprep Provider
ieui.dll  11.0.10240.16384  Internet Explorer UI Engine
ifmon.dll  6.2.10240.16384  IF Monitor DLL
ifsutil.dll  6.2.10240.16384  IFS Utility DLL
ifsutilx.dll  6.2.10240.16384  IFS Utility Extension DLL
ig8icd32.dll  10.18.15.4256  OpenGL(R) Driver for Intel(R) Graphics Accelerator
igc32.dll  10.18.15.4256  Intel Graphics Shader Compiler for Intel(R) Graphics Accelerator
igd10idpp32.dll  10.18.15.4256  User Mode DPP Driver for Intel(R) Graphics Technology
igd10iumd32.dll  10.18.15.4256  User Mode Driver for Intel(R) Graphics Technology
igd11dxva32.dll  10.18.15.4256  User Mode Driver for Intel(R) Graphics Technology
igd12umd32.dll  10.18.15.4256  User Mode Driver for Intel(R) Graphics Technology
igdail32.dll  10.18.15.4256  Application Settings for Intel(R) Graphics Technology
igdbcl32.dll  10.18.15.4256  OpenCL User Mode Driver for Intel(R) Graphics Technology
igdde32.dll  10.18.15.4256  User Mode Driver for Intel(R) Graphics Technology
igdfcl32.dll  10.18.15.4256  OpenCL User Mode Driver for Intel(R) Graphics Technology
igdmcl32.dll  10.18.15.4256  OpenCL User Mode Driver for Intel(R) Graphics Technology
igdmd32.dll  10.18.15.4256  Metrics Discovery API for Intel(R) Graphics Accelerator
igdrcl32.dll  10.18.15.4256  OpenCL User Mode Driver for Intel(R) Graphics Technology
igdumdim32.dll  10.18.15.4256  User Mode Driver for Intel(R) Graphics Technology
igdusc32.dll  10.18.15.4256  Unified Shader Compiler for Intel(R) Graphics Accelerator
igfx11cmrt32.dll  5.0.0.1084  MDF(CM) Runtime DX11 Dynamic Link Library
igfxcmjit32.dll  5.0.0.1084  MDF(CM) JIT Dynamic Link Library
igfxcmrt32.dll  5.0.0.1084  MDF(CM) Runtime Dynamic Link Library
igfxexps32.dll  6.15.10.4256  igfxext Module
iglhcp32.dll  3.0.1.26  iglhcp32 Dynamic Link Library
iglhsip32.dll  9.0.30.9000  iglhsip32 Dynamic Link Library
imagehlp.dll  6.2.10240.16384  Windows NT Image Helper
imageres.dll  6.2.10240.16384  Windows Image Resource
imagesp1.dll  6.2.10240.16384  Windows SP1 Image Resource
imapi.dll  6.2.10240.16384  Image Mastering API
imapi2.dll  6.2.10240.16384  Image Mastering API v2
imapi2fs.dll  6.2.10240.16384  Image Mastering File System Imaging API v2
imgutil.dll  11.0.10240.16384  IE plugin image decoder support DLL
imm32.dll  6.2.10240.16384  Multi-User Windows IMM32 API Client DLL
inetcomm.dll  6.2.10240.16384  Microsoft Internet Messaging API Resources
inetmib1.dll  6.2.10240.16384  Microsoft MIB-II subagent
inetres.dll  6.2.10240.16384  Microsoft Internet Messaging API Resources
inkanalysis.dll  6.2.10240.16384  InkAnalysis DLL
inked.dll  6.2.10240.16384  Microsoft Tablet PC InkEdit Control
inkobjcore.dll  6.2.10240.16384  Microsoft Tablet PC Ink Platform Component
input.dll  6.2.10240.16384  InputSetting DLL
inputinjectionbroker.dll  6.2.10240.16384  Broker for WinRT input injection.
inputlocalemanager.dll    
inputservice.dll    
inputswitch.dll  6.2.10240.16384  Microsoft Windows Input Switcher
inseng.dll  11.0.10240.16384  Install engine
intel_opencl_icd32.dll  2.0.2.0  OpenCL Client DLL
intelcameraplugin.dll  1.0.0.1  Intel(R) Camera MFT
intelopencl32.dll  10.18.15.4256  Intel(R) OpenCL(TM) Common Runtime Driver
intelsocyuvcopy.dll  1.0.0.1  Intel(R) SoC YUV Copy Filter
iologmsg.dll  6.2.10240.16384  IO Logging DLL
iotassignedaccesslockframework.dll  6.2.10240.16384  Windows Runtime Assigned Access Management DLL
ipeloggingdictationhelper.dll  1.0.0.1  IPE Logging Library Helper
iphlpapi.dll  6.2.10240.16384  IP Helper API
iprop.dll  6.2.10240.16384  OLE PropertySet Implementation
iprtprio.dll  6.2.10240.16384  IP Routing Protocol Priority DLL
iprtrmgr.dll  6.2.10240.16384  IP Router Manager
ipsecsnp.dll  6.2.10240.16384  IP Security Policy Management Snap-in
ipsmsnap.dll  6.2.10240.16384  IP Security Monitor Snap-in
ir32_32.dll  6.2.10240.16384  IR32_32 WRAPPER DLL
ir32_32original.dll  3.24.15.3  Intel Indeo(R) Video R3.2 32-bit Driver
ir41_32original.dll  4.51.16.3  Intel Indeo® Video 4.5
ir41_qc.dll  6.2.10240.16384  IR41_QC WRAPPER DLL
ir41_qcoriginal.dll  4.30.62.2  Intel Indeo® Video Interactive Quick Compressor
ir41_qcx.dll  6.2.10240.16384  IR41_QCX WRAPPER DLL
ir41_qcxoriginal.dll  4.30.64.1  Intel Indeo® Video Interactive Quick Compressor
ir50_32.dll  6.2.10240.16384  IR50_32 WRAPPER DLL
ir50_32original.dll  5.2562.15.55  Intel Indeo® video 5.10
ir50_qc.dll  6.2.10240.16384  IR50_QC WRAPPER DLL
ir50_qcoriginal.dll  5.0.63.48  Intel Indeo® video 5.10 Quick Compressor
ir50_qcx.dll  6.2.10240.16384  IR50_QCX WRAPPER DLL
ir50_qcxoriginal.dll  5.0.64.48  Intel Indeo® video 5.10 Quick Compressor
irclass.dll  6.2.10240.16384  Infrared Class Coinstaller
iscsicpl.dll  5.2.3790.1830  iSCSI Initiator Control Panel Applet
iscsidsc.dll  6.2.10240.16384  iSCSI Discovery api
iscsied.dll  6.2.10240.16384  iSCSI Extension DLL
iscsium.dll  6.2.10240.16384  iSCSI Discovery api
iscsiwmi.dll  6.2.10240.16384  MS iSCSI Initiator WMI Provider
iscsiwmiv2.dll  6.2.10240.16384  WMI Provider for iSCSI
itircl.dll  6.2.10240.16384  Microsoft® InfoTech IR Local DLL
itss.dll  6.2.10240.16384  Microsoft® InfoTech Storage System Library
iuseventlog.dll  1.42.17.0  Intel(R) TCS Event Log messages definitions
iyuv_32.dll  6.2.10240.16384  Intel Indeo(R) Video YUV Codec
javascriptcollectionagent.dll  11.0.10240.16384  JavaScript Performance Collection Agent
joinproviderol.dll  6.2.10240.16384  Online Join Provider DLL
joinutil.dll  6.2.10240.16384  Join Utility DLL
jpmapcontrol.dll  6.2.10240.16384  Jupiter Map Control
jscript.dll  5.812.10240.16384  Microsoft ® JScript
jscript9.dll  11.0.10240.16386  Microsoft ® JScript
jscript9diag.dll  11.0.10240.16384  Microsoft ® JScript Diagnostics
jsproxy.dll  11.0.10240.16384  JScript Proxy Auto-Configuration
kbd101.dll  6.2.10240.16384  JP Japanese Keyboard Layout for 101
kbd101a.dll  6.2.10240.16384  KO Hangeul Keyboard Layout for 101 (Type A)
kbd101b.dll  6.2.10240.16384  KO Hangeul Keyboard Layout for 101(Type B)
kbd101c.dll  6.2.10240.16384  KO Hangeul Keyboard Layout for 101(Type C)
kbd103.dll  6.2.10240.16384  KO Hangeul Keyboard Layout for 103
kbd106.dll  6.2.10240.16384  JP Japanese Keyboard Layout for 106
kbd106n.dll  6.2.10240.16384  JP Japanese Keyboard Layout for 106
kbda1.dll  6.2.10240.16384  Arabic_English_101 Keyboard Layout
kbda2.dll  6.2.10240.16384  Arabic_2 Keyboard Layout
kbda3.dll  6.2.10240.16384  Arabic_French_102 Keyboard Layout
kbdal.dll  6.2.10240.16384  Albania Keyboard Layout
kbdarme.dll  6.2.10240.16384  Eastern Armenian Keyboard Layout
kbdarmph.dll  6.2.10240.16384  Armenian Phonetic Keyboard Layout
kbdarmty.dll  6.2.10240.16384  Armenian Typewriter Keyboard Layout
kbdarmw.dll  6.2.10240.16384  Western Armenian Keyboard Layout
kbdax2.dll  6.2.10240.16384  JP Japanese Keyboard Layout for AX2
kbdaze.dll  6.2.10240.16384  Azerbaijan_Cyrillic Keyboard Layout
kbdazel.dll  6.2.10240.16384  Azeri-Latin Keyboard Layout
kbdazst.dll  6.2.10240.16384  Azerbaijani (Standard) Keyboard Layout
kbdbash.dll  6.2.10240.16384  Bashkir Keyboard Layout
kbdbe.dll  6.2.10240.16384  Belgian Keyboard Layout
kbdbene.dll  6.2.10240.16384  Belgian Dutch Keyboard Layout
kbdbgph.dll  6.2.10240.16384  Bulgarian Phonetic Keyboard Layout
kbdbgph1.dll  6.2.10240.16384  Bulgarian (Phonetic Traditional) Keyboard Layout
kbdbhc.dll  6.2.10240.16384  Bosnian (Cyrillic) Keyboard Layout
kbdblr.dll  6.2.10240.16384  Belarusian Keyboard Layout
kbdbr.dll  6.2.10240.16384  Brazilian Keyboard Layout
kbdbu.dll  6.2.10240.16384  Bulgarian (Typewriter) Keyboard Layout
kbdbug.dll  6.2.10240.16384  Buginese Keyboard Layout
kbdbulg.dll  6.2.10240.16384  Bulgarian Keyboard Layout
kbdca.dll  6.2.10240.16384  Canadian Multilingual Keyboard Layout
kbdcan.dll  6.2.10240.16384  Canadian Multilingual Standard Keyboard Layout
kbdcher.dll  6.2.10240.16384  Cherokee Nation Keyboard Layout
kbdcherp.dll  6.2.10240.16384  Cherokee Phonetic Keyboard Layout
kbdcr.dll  6.2.10240.16384  Croatian/Slovenian Keyboard Layout
kbdcz.dll  6.2.10240.16384  Czech Keyboard Layout
kbdcz1.dll  6.2.10240.16384  Czech_101 Keyboard Layout
kbdcz2.dll  6.2.10240.16384  Czech_Programmer's Keyboard Layout
kbdda.dll  6.2.10240.16384  Danish Keyboard Layout
kbddiv1.dll  6.2.10240.16384  Divehi Phonetic Keyboard Layout
kbddiv2.dll  6.2.10240.16384  Divehi Typewriter Keyboard Layout
kbddv.dll  6.2.10240.16384  Dvorak US English Keyboard Layout
kbddzo.dll  6.2.10240.16384  Dzongkha Keyboard Layout
kbdes.dll  6.2.10240.16384  Spanish Alernate Keyboard Layout
kbdest.dll  6.2.10240.16384  Estonia Keyboard Layout
kbdfa.dll  6.2.10240.16384  Persian Keyboard Layout
kbdfar.dll  6.2.10240.16384  Persian Standard Keyboard Layout
kbdfc.dll  6.2.10240.16384  Canadian French Keyboard Layout
kbdfi.dll  6.2.10240.16384  Finnish Keyboard Layout
kbdfi1.dll  6.2.10240.16384  Finnish-Swedish with Sami Keyboard Layout
kbdfo.dll  6.2.10240.16384  Færoese Keyboard Layout
kbdfr.dll  6.2.10240.16384  French Keyboard Layout
kbdfthrk.dll  6.2.10240.16384  Futhark Keyboard Layout
kbdgae.dll  6.2.10240.16384  Scottish Gaelic (United Kingdom) Keyboard Layout
kbdgeo.dll  6.2.10240.16384  Georgian Keyboard Layout
kbdgeoer.dll  6.2.10240.16384  Georgian (Ergonomic) Keyboard Layout
kbdgeome.dll  6.2.10240.16384  Georgian (MES) Keyboard Layout
kbdgeooa.dll  6.2.10240.16384  Georgian (Old Alphabets) Keyboard Layout
kbdgeoqw.dll  6.2.10240.16384  Georgian (QWERTY) Keyboard Layout
kbdgkl.dll  6.2.10240.16384  Greek_Latin Keyboard Layout
kbdgn.dll  6.2.10240.16384  Guarani Keyboard Layout
kbdgr.dll  6.2.10240.16384  German Keyboard Layout
kbdgr1.dll  6.2.10240.16384  German_IBM Keyboard Layout
kbdgrlnd.dll  6.2.10240.16384  Greenlandic Keyboard Layout
kbdgthc.dll  6.2.10240.16384  Gothic Keyboard Layout
kbdhau.dll  6.2.10240.16384  Hausa Keyboard Layout
kbdhaw.dll  6.2.10240.16384  Hawaiian Keyboard Layout
kbdhe.dll  6.2.10240.16384  Greek Keyboard Layout
kbdhe220.dll  6.2.10240.16384  Greek IBM 220 Keyboard Layout
kbdhe319.dll  6.2.10240.16384  Greek IBM 319 Keyboard Layout
kbdheb.dll  6.2.10240.16384  KBDHEB Keyboard Layout
kbdhebl3.dll  6.2.10240.16384  Hebrew Standard Keyboard Layout
kbdhela2.dll  6.2.10240.16384  Greek IBM 220 Latin Keyboard Layout
kbdhela3.dll  6.2.10240.16384  Greek IBM 319 Latin Keyboard Layout
kbdhept.dll  6.2.10240.16384  Greek_Polytonic Keyboard Layout
kbdhu.dll  6.2.10240.16384  Hungarian Keyboard Layout
kbdhu1.dll  6.2.10240.16384  Hungarian 101-key Keyboard Layout
kbdibm02.dll  6.2.10240.16384  JP Japanese Keyboard Layout for IBM 5576-002/003
kbdibo.dll  6.2.10240.16384  Igbo Keyboard Layout
kbdic.dll  6.2.10240.16384  Icelandic Keyboard Layout
kbdinasa.dll  6.2.10240.16384  Assamese (Inscript) Keyboard Layout
kbdinbe1.dll  6.2.10240.16384  Bengali - Inscript (Legacy) Keyboard Layout
kbdinbe2.dll  6.2.10240.16384  Bengali (Inscript) Keyboard Layout
kbdinben.dll  6.2.10240.16384  Bengali Keyboard Layout
kbdindev.dll  6.2.10240.16384  Devanagari Keyboard Layout
kbdinen.dll  6.2.10240.16384  English (India) Keyboard Layout
kbdinguj.dll  6.2.10240.16384  Gujarati Keyboard Layout
kbdinhin.dll  6.2.10240.16384  Hindi Keyboard Layout
kbdinkan.dll  6.2.10240.16384  Kannada Keyboard Layout
kbdinmal.dll  6.2.10240.16384  Malayalam Keyboard Layout Keyboard Layout
kbdinmar.dll  6.2.10240.16384  Marathi Keyboard Layout
kbdinori.dll  6.2.10240.16384  Odia Keyboard Layout
kbdinpun.dll  6.2.10240.16384  Punjabi/Gurmukhi Keyboard Layout
kbdintam.dll  6.2.10240.16384  Tamil Keyboard Layout
kbdintel.dll  6.2.10240.16384  Telugu Keyboard Layout
kbdinuk2.dll  6.2.10240.16384  Inuktitut Naqittaut Keyboard Layout
kbdir.dll  6.2.10240.16384  Irish Keyboard Layout
kbdit.dll  6.2.10240.16384  Italian Keyboard Layout
kbdit142.dll  6.2.10240.16384  Italian 142 Keyboard Layout
kbdiulat.dll  6.2.10240.16384  Inuktitut Latin Keyboard Layout
kbdjav.dll  6.2.10240.16384  Javanese Keyboard Layout
kbdjpn.dll  6.2.10240.16384  JP Japanese Keyboard Layout Stub driver
kbdkaz.dll  6.2.10240.16384  Kazak_Cyrillic Keyboard Layout
kbdkhmr.dll  6.2.10240.16384  Cambodian Standard Keyboard Layout
kbdkni.dll  6.2.10240.16384  Khmer (NIDA) Keyboard Layout
kbdkor.dll  6.2.10240.16384  KO Hangeul Keyboard Layout Stub driver
kbdkurd.dll  6.2.10240.16384  Central Kurdish Keyboard Layout
kbdkyr.dll  6.2.10240.16384  Kyrgyz Keyboard Layout
kbdla.dll  6.2.10240.16384  Latin-American Spanish Keyboard Layout
kbdlao.dll  6.2.10240.16384  Lao Standard Keyboard Layout
kbdlisub.dll  6.2.10240.16384  Lisu Basic Keyboard Layout
kbdlisus.dll  6.2.10240.16384  Lisu Standard Keyboard Layout
kbdlk41a.dll  6.2.10240.16384  DEC LK411-AJ Keyboard Layout
kbdlt.dll  6.2.10240.16384  Lithuania Keyboard Layout
kbdlt1.dll  6.2.10240.16384  Lithuanian Keyboard Layout
kbdlt2.dll  6.2.10240.16384  Lithuanian Standard Keyboard Layout
kbdlv.dll  6.2.10240.16384  Latvia Keyboard Layout
kbdlv1.dll  6.2.10240.16384  Latvia-QWERTY Keyboard Layout
kbdlvst.dll  6.2.10240.16384  Latvian (Standard) Keyboard Layout
kbdmac.dll  6.2.10240.16384  Macedonian (FYROM) Keyboard Layout
kbdmacst.dll  6.2.10240.16384  Macedonian (FYROM) - Standard Keyboard Layout
kbdmaori.dll  6.2.10240.16384  Maori Keyboard Layout
kbdmlt47.dll  6.2.10240.16384  Maltese 47-key Keyboard Layout
kbdmlt48.dll  6.2.10240.16384  Maltese 48-key Keyboard Layout
kbdmon.dll  6.2.10240.16384  Mongolian Keyboard Layout
kbdmonmo.dll  6.2.10240.16384  Mongolian (Mongolian Script) Keyboard Layout
kbdmonst.dll  6.2.10240.16384  Traditional Mongolian (Standard) Keyboard Layout
kbdmyan.dll  6.2.10240.16384  Myanmar Keyboard Layout
kbdne.dll  6.2.10240.16384  Dutch Keyboard Layout
kbdnec.dll  6.2.10240.16384  JP Japanese Keyboard Layout for (NEC PC-9800)
kbdnec95.dll  6.2.10240.16384  JP Japanese Keyboard Layout for (NEC PC-9800 Windows 95)
kbdnecat.dll  6.2.10240.16384  JP Japanese Keyboard Layout for (NEC PC-9800 on PC98-NX)
kbdnecnt.dll  6.2.10240.16384  JP Japanese NEC PC-9800 Keyboard Layout
kbdnepr.dll  6.2.10240.16384  Nepali Keyboard Layout
kbdnko.dll  6.2.10240.16384  N'Ko Keyboard Layout
kbdno.dll  6.2.10240.16384  Norwegian Keyboard Layout
kbdno1.dll  6.2.10240.16384  Norwegian with Sami Keyboard Layout
kbdnso.dll  6.2.10240.16384  Sesotho sa Leboa Keyboard Layout
kbdntl.dll  6.2.10240.16384  New Tai Leu Keyboard Layout
kbdogham.dll  6.2.10240.16384  Ogham Keyboard Layout
kbdolch.dll  6.2.10240.16384  Ol Chiki Keyboard Layout
kbdoldit.dll  6.2.10240.16384  Old Italic Keyboard Layout
kbdosm.dll  6.2.10240.16384  Osmanya Keyboard Layout
kbdpash.dll  6.2.10240.16384  Pashto (Afghanistan) Keyboard Layout
kbdphags.dll  6.2.10240.16384  Phags-pa Keyboard Layout
kbdpl.dll  6.2.10240.16384  Polish Keyboard Layout
kbdpl1.dll  6.2.10240.16384  Polish Programmer's Keyboard Layout
kbdpo.dll  6.2.10240.16384  Portuguese Keyboard Layout
kbdro.dll  6.2.10240.16384  Romanian (Legacy) Keyboard Layout
kbdropr.dll  6.2.10240.16384  Romanian (Programmers) Keyboard Layout
kbdrost.dll  6.2.10240.16384  Romanian (Standard) Keyboard Layout
kbdru.dll  6.2.10240.16384  Russian Keyboard Layout
kbdru1.dll  6.2.10240.16384  Russia(Typewriter) Keyboard Layout
kbdrum.dll  6.2.10240.16384  Russian - Mnemonic Keyboard Layout
kbdsf.dll  6.2.10240.16384  Swiss French Keyboard Layout
kbdsg.dll  6.2.10240.16384  Swiss German Keyboard Layout
kbdsl.dll  6.2.10240.16384  Slovak Keyboard Layout
kbdsl1.dll  6.2.10240.16384  Slovak(QWERTY) Keyboard Layout
kbdsmsfi.dll  6.2.10240.16384  Sami Extended Finland-Sweden Keyboard Layout
kbdsmsno.dll  6.2.10240.16384  Sami Extended Norway Keyboard Layout
kbdsn1.dll  6.2.10240.16384  Sinhala Keyboard Layout
kbdsora.dll  6.2.10240.16384  Sora Keyboard Layout
kbdsorex.dll  6.2.10240.16384  Sorbian Extended Keyboard Layout
kbdsors1.dll  6.2.10240.16384  Sorbian Standard Keyboard Layout
kbdsorst.dll  6.2.10240.16384  Sorbian Standard (Legacy) Keyboard Layout
kbdsp.dll  6.2.10240.16384  Spanish Keyboard Layout
kbdsw.dll  6.2.10240.16384  Swedish Keyboard Layout
kbdsw09.dll  6.2.10240.16384  Sinhala - Wij 9 Keyboard Layout
kbdsyr1.dll  6.2.10240.16384  Syriac Standard Keyboard Layout
kbdsyr2.dll  6.2.10240.16384  Syriac Phoenetic Keyboard Layout
kbdtaile.dll  6.2.10240.16384  Tai Le Keyboard Layout
kbdtajik.dll  6.2.10240.16384  Tajik Keyboard Layout
kbdtat.dll  6.2.10240.16384  Tatar (Legacy) Keyboard Layout
kbdth0.dll  6.2.10240.16384  Thai Kedmanee Keyboard Layout
kbdth1.dll  6.2.10240.16384  Thai Pattachote Keyboard Layout
kbdth2.dll  6.2.10240.16384  Thai Kedmanee (non-ShiftLock) Keyboard Layout
kbdth3.dll  6.2.10240.16384  Thai Pattachote (non-ShiftLock) Keyboard Layout
kbdtifi.dll  6.2.10240.16384  Tifinagh (Basic) Keyboard Layout
kbdtifi2.dll  6.2.10240.16384  Tifinagh (Extended) Keyboard Layout
kbdtiprc.dll  6.2.10240.16384  Tibetan (PRC) Keyboard Layout
kbdtiprd.dll  6.2.10240.16384  Tibetan (PRC) - Updated Keyboard Layout
kbdtt102.dll  6.2.10240.16384  Tatar Keyboard Layout
kbdtuf.dll  6.2.10240.16384  Turkish F Keyboard Layout
kbdtuq.dll  6.2.10240.16384  Turkish Q Keyboard Layout
kbdturme.dll  6.2.10240.16384  Turkmen Keyboard Layout
kbdtzm.dll  6.2.10240.16384  Central Atlas Tamazight Keyboard Layout
kbdughr.dll  6.2.10240.16384  Uyghur (Legacy) Keyboard Layout
kbdughr1.dll  6.2.10240.16384  Uyghur Keyboard Layout
kbduk.dll  6.2.10240.16384  United Kingdom Keyboard Layout
kbdukx.dll  6.2.10240.16384  United Kingdom Extended Keyboard Layout
kbdur.dll  6.2.10240.16384  Ukrainian Keyboard Layout
kbdur1.dll  6.2.10240.16384  Ukrainian (Enhanced) Keyboard Layout
kbdurdu.dll  6.2.10240.16384  Urdu Keyboard Layout
kbdus.dll  6.2.10240.16384  United States Keyboard Layout
kbdusa.dll  6.2.10240.16384  US IBM Arabic 238_L Keyboard Layout
kbdusl.dll  6.2.10240.16384  Dvorak Left-Hand US English Keyboard Layout
kbdusr.dll  6.2.10240.16384  Dvorak Right-Hand US English Keyboard Layout
kbdusx.dll  6.2.10240.16384  US Multinational Keyboard Layout
kbduzb.dll  6.2.10240.16384  Uzbek_Cyrillic Keyboard Layout
kbdvntc.dll  6.2.10240.16384  Vietnamese Keyboard Layout
kbdwol.dll  6.2.10240.16384  Wolof Keyboard Layout
kbdyak.dll  6.2.10240.16384  Sakha - Russia Keyboard Layout
kbdyba.dll  6.2.10240.16384  Yoruba Keyboard Layout
kbdycc.dll  6.2.10240.16384  Serbian (Cyrillic) Keyboard Layout
kbdycl.dll  6.2.10240.16384  Serbian (Latin) Keyboard Layout
kerbclientshared.dll  6.2.10240.16384  Kerberos Client Shared Functionality
kerberos.dll  6.2.10240.16384  Kerberos Security Package
kernel.appcore.dll  6.2.10240.16384  AppModel API Host
kernel32.dll  6.2.10240.16384  Windows NT BASE API Client DLL
kernelbase.dll  6.2.10240.16384  Windows NT BASE API Client DLL
keyiso.dll  6.2.10240.16384  CNG Key Isolation Service
keymgr.dll  6.2.10240.16384  Stored User Names and Passwords
ksuser.dll  6.2.10240.16384  User CSA Library
ktmw32.dll  6.2.10240.16384  Windows KTM Win32 Client DLL
l2gpstore.dll  6.2.10240.16384  Policy Storage dll
l2nacp.dll  6.2.10240.16384  Windows Onex Credential Provider
l2sechc.dll  6.2.10240.16384  Layer 2 Security Diagnostics Helper Classes
laprxy.dll  12.0.10240.16384  Windows Media Logagent Proxy
lfsvc.dll  6.2.10240.16384  Geolocation Service
libia_cp.dll    
licensemanager.dll  6.2.10240.16412  LicenseManager
licmgr10.dll  11.0.10240.16384  Microsoft® License Manager DLL
linkinfo.dll  6.2.10240.16384  Windows Volume Tracking
loadperf.dll  6.2.10240.16384  Load & Unload Performance Counters
localsec.dll  6.2.10240.16384  Local Users and Groups MMC Snapin
locationapi.dll  6.2.10240.16384  Microsoft Windows Location API
locationframework.dll  6.2.10240.16384  Windows Geolocation Framework
locationframeworkinternalps.dll  6.2.10240.16384  Windows Geolocation Framework Internal PS
locationframeworkps.dll  6.2.10240.16384  Windows Geolocation Framework PS
lockappbroker.dll  6.2.10240.16425  Windows Lock App Broker DLL
loghours.dll  6.2.10240.16384  Schedule Dialog
logoncli.dll  6.2.10240.16384  Net Logon Client DLL
logoncontroller.dll  6.2.10240.16425  Logon UX Controller
lpk.dll  6.2.10240.16384  Language Pack
lsmproxy.dll  6.2.10240.16384  LSM interfaces proxy Dll
luainstall.dll  6.2.10240.16384  Lua manifest install
lz32.dll  6.2.10240.16384  LZ Expand/Compress API DLL
magnification.dll  6.2.10240.16384  Microsoft Magnification API
mapconfiguration.dll  6.2.10240.16392  MapConfiguration
mapcontrolcore.dll  6.2.10240.16384  Map Control Core
mapcontrolstringsres.dll  6.2.10240.16384  Map control resource strings
mapi32.dll  1.0.2536.0  Extended MAPI 1.0 for Windows NT
mapistub.dll  1.0.2536.0  Extended MAPI 1.0 for Windows NT
mapsbtsvc.dll  6.2.10240.16384  Maps Background Transfer Service
mbaeapi.dll  6.2.10240.16431  Mobile Broadband Account Experience API
mbaeapipublic.dll  6.2.10240.16431  Mobile Broadband Account API
mbsmsapi.dll  6.2.10240.16384  Microsoft Windows Mobile Broadband SMS API
mbussdapi.dll  6.2.10240.16384  Microsoft Windows Mobile Broadband USSD API
mcewmdrmndbootstrap.dll  1.3.2310.10  Windows® Media Center WMDRM-ND Receiver Bridge Bootstrap DLL
mciavi32.dll  6.2.10240.16384  Video For Windows MCI driver
mcicda.dll  6.2.10240.16384  MCI driver for cdaudio devices
mciqtz32.dll  6.2.10240.16384  DirectShow MCI Driver
mciseq.dll  6.2.10240.16384  MCI driver for MIDI sequencer
mciwave.dll  6.2.10240.16384  MCI driver for waveform audio
mcrecvsrc.dll  12.0.10240.16385  Miracast Media Foundation Source DLL
mdminst.dll  6.2.10240.16384  Modem Class Installer
mdmregistration.dll  6.2.10240.16384  MDM Registration DLL
messagingdatamodel2.dll  6.2.10240.16394  MessagingDataModel2
mf.dll  12.0.10240.16384  Media Foundation DLL
mf3216.dll  6.2.10240.16384  32-bit to 16-bit Metafile Conversion DLL
mfaacenc.dll  6.2.10240.16384  Media Foundation AAC Encoder
mfasfsrcsnk.dll  12.0.10240.16384  Media Foundation ASF Source and Sink DLL
mfc100.dll  10.0.40219.1  MFCDLL Shared Library - Retail Version
mfc100u.dll  10.0.40219.1  MFCDLL Shared Library - Retail Version
mfc40.dll  4.1.0.6140  MFCDLL Shared Library - Retail Version
mfc40u.dll  4.1.0.6140  MFCDLL Shared Library - Retail Version
mfc42.dll  6.6.8063.0  MFCDLL Shared Library - Retail Version
mfc42u.dll  6.6.8063.0  MFCDLL Shared Library - Retail Version
mfcaptureengine.dll  12.0.10240.16384  Media Foundation CaptureEngine DLL
mfcm100.dll  10.0.40219.1  MFC Managed Library - Retail Version
mfcm100u.dll  10.0.40219.1  MFC Managed Library - Retail Version
mfcore.dll  12.0.10240.16431  Media Foundation Core DLL
mfcsubs.dll  2001.12.10941.16384  COM+
mfds.dll  12.0.10240.16384  Media Foundation Direct Show wrapper DLL
mfdvdec.dll  6.2.10240.16384  Media Foundation DV Decoder
mferror.dll  12.0.10240.16384  Media Foundation Error DLL
mfh263enc.dll  6.2.10240.16384  Media Foundation h263 Encoder
mfh264enc.dll  6.2.10240.16384  Media Foundation H264 Encoder
mfh265enc.dll  6.2.10240.16384  Media Foundation H265 Encoder
mfmediaengine.dll  6.2.10240.16431  Media Foundation Media Engine DLL
mfmjpegdec.dll  6.2.10240.16384  Media Foundation MJPEG Decoder
mfmkvsrcsnk.dll  6.2.10240.16412  Media Foundation MKV Media Source and Sink DLL
mfmp4srcsnk.dll  12.0.10240.16412  Media Foundation MPEG4 Source and Sink DLL
mfmpeg2srcsnk.dll  12.0.10240.16412  Media Foundation MPEG2 Source and Sink DLL
mfnetcore.dll  12.0.10240.16384  Media Foundation Net Core DLL
mfnetsrc.dll  12.0.10240.16384  Media Foundation Net Source DLL
mfperfhelper.dll  12.0.10240.16384  MFPerf DLL
mfplat.dll  12.0.10240.16431  Media Foundation Platform DLL
mfplay.dll  12.0.10240.16412  Media Foundation Playback API DLL
mfps.dll  12.0.10240.16384  Media Foundation Proxy DLL
mfreadwrite.dll  12.0.10240.16384  Media Foundation ReadWrite DLL
mfsrcsnk.dll  12.0.10240.16412  Media Foundation Source and Sink DLL
mfsvr.dll  6.2.10240.16427  Media Foundation Simple Video Renderer DLL
mftranscode.dll  12.0.10240.16384  Media Foundation Transcode DLL
mfvdsp.dll  6.2.10240.16384  Windows Media Foundation Video DSP Components
mfwmaaec.dll  6.2.10240.16384  Windows Media Audio AEC for Media Foundation
mgmtapi.dll  6.2.10240.16384  Microsoft SNMP Manager API (uses WinSNMP)
mi.dll  6.2.10240.16384  Management Infrastructure
mibincodec.dll  6.2.10240.16384  Management Infrastructure binary codec component
microsoft.management.infrastructure.native.unmanaged.dll  6.2.10240.16384  Microsoft.Management.Infrastructure.Native.Unmanaged.dll
microsoftaccountextension.dll  6.2.10240.16384  Microsoft Account Extension DLL
microsoftaccounttokenprovider.dll  6.2.10240.16384  Microsoft® Account Token Provider
microsoft-windows-mapcontrols.dll  6.2.10240.16384  Map Event Resources
microsoft-windows-moshost.dll  6.2.10240.16384  MosHost Event Resources
microsoft-windows-mostrace.dll  6.2.10240.16384  MOS Event Resources
midimap.dll  6.2.10240.16384  Microsoft MIDI Mapper
migisol.dll  6.2.10240.16384  Migration System Isolation Layer
miguiresource.dll  6.2.10240.16384  MIG wini32 resources
mimefilt.dll  2008.0.10240.16384  MIME Filter
mimofcodec.dll  6.2.10240.16384  Management Infrastructure mof codec component
minstoreevents.dll  6.2.10240.16384  Minstore Event Resource
miracastreceiver.dll  12.0.10240.16384  Miracast Receiver API
mirrordrvcompat.dll  6.2.10240.16384  Mirror Driver Compatibility Helper
mispace.dll  6.2.10240.16384  Storage Management Provider for Spaces
miutils.dll  6.2.10240.16384  Management Infrastructure
mlang.dll  6.2.10240.16384  Multi Language Support DLL
mmcbase.dll  6.2.10240.16384  MMC Base DLL
mmci.dll  6.2.10240.16384  Media class installer
mmcico.dll  6.2.10240.16384  Media class co-installer
mmcndmgr.dll  6.2.10240.16384  MMC Node Manager DLL
mmcshext.dll  6.2.10240.16384  MMC Shell Extension DLL
mmdevapi.dll  6.2.10240.16384  MMDevice API
mmres.dll  6.2.10240.16384  General Audio Resources
modemui.dll  6.2.10240.16384  Windows Modem Properties
moricons.dll  6.2.10240.16384  Windows NT Setup Icon Resources Library
mos.dll  6.2.10240.16392  mos
moshostclient.dll  6.2.10240.16384  MosHostClient
mp3dmod.dll  6.2.10240.16384  Microsoft MP3 Decoder DMO
mp43decd.dll  6.2.10240.16384  Windows Media MPEG-4 Video Decoder
mp4sdecd.dll  6.2.10240.16384  Windows Media MPEG-4 S Video Decoder
mpg4decd.dll  6.2.10240.16384  Windows Media MPEG-4 Video Decoder
mpr.dll  6.2.10240.16384  Multiple Provider Router DLL
mprapi.dll  6.2.10240.16384  Windows NT MP Router Administration DLL
mprddm.dll  6.2.10240.16384  Demand Dial Manager Supervisor
mprdim.dll  6.2.10240.16384  Dynamic Interface Manager
mprext.dll  6.2.10240.16384  Multiple Provider Router Extension DLL
mprmsg.dll  6.2.10240.16384  Multi-Protocol Router Service Messages DLL
mrmcorer.dll  6.2.10240.16385  Microsoft Windows MRM
mrmindexer.dll  6.2.10240.16384  Microsoft Windows MRM
mrt_map.dll  1.0.22929.0  Microsoft .NET Native Error Reporting Helper
mrt100.dll  1.0.22929.0  Microsoft .NET Native Runtime
ms3dthumbnailprovider.dll  6.2.10240.16384  3MF Metadata Handler
msaatext.dll  2.0.10413.0  Active Accessibility text support
msac3enc.dll  6.2.10240.16384  Microsoft AC-3 Encoder
msacm32.dll  6.2.10240.16384  Microsoft ACM Audio Filter
msadce.dll  6.2.10240.16384  OLE DB Cursor Engine
msadcer.dll  6.2.10240.16384  OLE DB Cursor Engine Resources
msadco.dll  6.2.10240.16384  Remote Data Services Data Control
msadcor.dll  6.2.10240.16384  Remote Data Services Data Control Resources
msadds.dll  6.2.10240.16384  OLE DB Data Shape Provider
msaddsr.dll  6.2.10240.16384   OLE DB Data Shape Provider Resources
msader15.dll  6.2.10240.16384  ActiveX Data Objects Resources
msado15.dll  6.2.10240.16384  ActiveX Data Objects
msadomd.dll  6.2.10240.16384  ActiveX Data Objects (Multi-Dimensional)
msador15.dll  6.2.10240.16384  Microsoft ActiveX Data Objects Recordset
msadox.dll  6.2.10240.16384  ActiveX Data Objects Extensions
msadrh15.dll  6.2.10240.16384  ActiveX Data Objects Rowset Helper
msafd.dll  6.2.10240.16384  Microsoft Windows Sockets 2.0 Service Provider
msajapi.dll  6.2.10240.16384  AllJoyn API Library
msalacdecoder.dll  6.2.10240.16384  Media Foundation ALAC Decoder
msalacencoder.dll  6.2.10240.16384  Media Foundation ALAC Encoder
msamrnbdecoder.dll  6.2.10240.16384  AMR Narrowband Decoder DLL
msamrnbencoder.dll  6.2.10240.16384  AMR Narrowband Encoder DLL
msamrnbsink.dll  6.2.10240.16384  AMR Narrowband Sink DLL
msamrnbsource.dll  6.2.10240.16384  AMR Narrowband Source DLL
msasn1.dll  6.2.10240.16384  ASN.1 Runtime APIs
msauddecmft.dll  6.2.10240.16384  Media Foundation Audio Decoders
msaudite.dll  6.2.10240.16384  Security Audit Events DLL
msauserext.dll  6.2.10240.16384  MSA USER Extension DLL
mscandui.dll  6.2.10240.16384  MSCANDUI Server DLL
mscat32.dll  6.2.10240.16384  MSCAT32 Forwarder DLL
msclmd.dll  10.0.10240.16384  Microsoft Class Mini-driver
mscms.dll  6.2.10240.16384  Microsoft Color Matching System DLL
mscoree.dll  6.2.10240.16384  Microsoft .NET Runtime Execution Engine
mscorier.dll  6.2.10240.16384  Microsoft .NET Runtime IE resources
mscories.dll  2.0.50727.8662  Microsoft .NET IE SECURITY REGISTRATION
mscpx32r.dll  6.2.10240.16384  ODBC Code Page Translator Resources
mscpxl32.dll  6.2.10240.16384  ODBC Code Page Translator
msctf.dll  6.2.10240.16384  MSCTF Server DLL
msctfmonitor.dll  6.2.10240.16384  MsCtfMonitor DLL
msctfp.dll  6.2.10240.16384  MSCTFP Server DLL
msctfui.dll  6.2.10240.16384  MSCTFUI Server DLL
msctfuimanager.dll  6.2.10240.16425  Microsoft UIManager DLL
msdadc.dll  6.2.10240.16384  OLE DB Data Conversion Stub
msdadiag.dll  6.2.10240.16384  Built-In Diagnostics
msdaenum.dll  6.2.10240.16384  OLE DB Root Enumerator Stub
msdaer.dll  6.2.10240.16384  OLE DB Error Collection Stub
msdaora.dll  6.2.10240.16384  OLE DB Provider for Oracle
msdaorar.dll  6.2.10240.16384  OLE DB Provider for Oracle Resources
msdaosp.dll  6.2.10240.16384  OLE DB Simple Provider
msdaprsr.dll  6.2.10240.16384  OLE DB Persistence Services Resources
msdaprst.dll  6.2.10240.16384  OLE DB Persistence Services
msdaps.dll  6.2.10240.16384  OLE DB Interface Proxies/Stubs
msdarem.dll  6.2.10240.16384  OLE DB Remote Provider
msdaremr.dll  6.2.10240.16384  OLE DB Remote Provider Resources
msdart.dll  6.2.10240.16384  OLE DB Runtime Routines
msdasc.dll  6.2.10240.16384  OLE DB Service Components Stub
msdasql.dll  6.2.10240.16384  OLE DB Provider for ODBC Drivers
msdasqlr.dll  6.2.10240.16384  OLE DB Provider for ODBC Drivers Resources
msdatl3.dll  6.2.10240.16384  OLE DB Implementation Support Routines
msdatt.dll  6.2.10240.16384  OLE DB Temporary Table Services
msdaurl.dll  6.2.10240.16384  OLE DB RootBinder Stub
msdelta.dll  6.2.10240.16384  Microsoft Patch Engine
msdfmap.dll  6.2.10240.16384  Data Factory Handler
msdmo.dll  6.2.10240.16384  DMO Runtime
msdrm.dll  6.2.10240.16384  Windows Rights Management client
msdtcprx.dll  2001.12.10941.16384  Microsoft Distributed Transaction Coordinator OLE Transactions Interface Proxy DLL
msdtcuiu.dll  2001.12.10941.16384  Microsoft Distributed Transaction Coordinator Administrative DLL
msdtcvsp1res.dll  2001.12.10941.16384  Microsoft Distributed Transaction Coordinator Resources for Vista SP1
msexch40.dll  4.0.9756.0  Microsoft Jet Exchange Isam
msexcl40.dll  4.0.9756.0  Microsoft Jet Excel Isam
msfeeds.dll  11.0.10240.16384  Microsoft Feeds Manager
msfeedsbs.dll  11.0.10240.16384  Microsoft Feeds Background Sync
msflacdecoder.dll  6.2.10240.16384  Media Foundation FLAC Decoder
msflacencoder.dll  6.2.10240.16384  Media Foundation FLAC Encoder
msftedit.dll  6.2.10240.16386  Rich Text Edit Control, v7.5
mshtml.dll  11.0.10240.16445  Microsoft (R) HTML Viewer
mshtmldac.dll  11.0.10240.16384  DAC for Trident DOM
mshtmled.dll  11.0.10240.16384  Microsoft® HTML Editing Component
mshtmler.dll  11.0.10240.16384  Microsoft® HTML Editing Component's Resource DLL
msi.dll  5.0.10240.16386  Windows Installer
msidcrl40.dll  6.2.10240.16384  Microsoft® Account Dynamic Link Library
msident.dll  6.2.10240.16384  Microsoft Identity Manager
msidle.dll  6.2.10240.16384  User Idle Monitor
msidntld.dll  6.2.10240.16384  Microsoft Identity Manager
msieftp.dll  6.2.10240.16384  Microsoft Internet Explorer FTP Folder Shell Extension
msihnd.dll  5.0.10240.16384  Windows® installer
msiltcfg.dll  5.0.10240.16384  Windows Installer Configuration API Stub
msimg32.dll  6.2.10240.16384  GDIEXT Client DLL
msimsg.dll  5.0.10240.16384  Windows® Installer International Messages
msimtf.dll  6.2.10240.16384  Active IMM Server DLL
msisip.dll  5.0.10240.16384  MSI Signature SIP Provider
msiwer.dll  5.0.10240.16384  MSI Windows Error Reporting
msjet40.dll  4.0.9765.0  Microsoft Jet Engine Library
msjetoledb40.dll  4.0.9756.0  
msjint40.dll  4.0.9765.0  Microsoft Jet Database Engine International DLL
msjro.dll  6.2.10240.16384  Jet and Replication Objects
msjter40.dll  4.0.9756.0  Microsoft Jet Database Engine Error DLL
msjtes40.dll  4.0.9756.0  Microsoft Jet Expression Service
mskeyprotcli.dll  6.2.10240.16384  Windows Client Key Protection Provider
mskeyprotect.dll  6.2.10240.16384  Microsoft Key Protection Provider
msls31.dll  3.10.349.0  Microsoft Line Services library file
msltus40.dll  4.0.9756.0  Microsoft Jet Lotus 1-2-3 Isam
msmpeg2adec.dll  12.0.10133.0  Microsoft DTV-DVD Audio Decoder
msmpeg2enc.dll  12.0.10240.16384  Microsoft MPEG-2 Encoder
msmpeg2vdec.dll  12.0.10133.0  Microsoft DTV-DVD Video Decoder
msnetobj.dll  11.0.10240.16384  DRM ActiveX Network Object
msobjs.dll  6.2.10240.16384  System object audit names
msoeacct.dll  6.2.10240.16384  Microsoft Internet Account Manager
msoert2.dll  6.2.10240.16384  Microsoft Windows Mail RT Lib
msorc32r.dll  6.2.10240.16384  ODBC Driver for Oracle Resources
msorcl32.dll  6.2.10240.16384  ODBC Driver for Oracle
mspatcha.dll  6.2.10240.16384  Microsoft File Patch Application API
mspatchc.dll  6.2.10240.16384  Microsoft Patch Creation Engine
mspbde40.dll  4.0.9756.0  Microsoft Jet Paradox Isam
msphotography.dll  6.2.10240.16384  MS Photography DLL
msports.dll  6.2.10240.16384  Ports Class Installer
msrating.dll  11.0.10240.16384  Internet Ratings and Local User Management DLL
msrd2x40.dll  4.0.9756.0  Microsoft (R) Red ISAM
msrd3x40.dll  4.0.9756.0  Microsoft (R) Red ISAM
msrdc.dll  6.2.10240.16384  Remote Differential Compression COM server
msrdpwebaccess.dll  6.2.10240.16384  Microsoft Remote Desktop Services Web Access Control
msrepl40.dll  4.0.9756.0  Microsoft Replication Library
msrle32.dll  6.2.10240.16384  Microsoft RLE Compressor
msscntrs.dll  7.0.10240.16384  PKM Perfmon Counter DLL
msscp.dll  11.0.10240.16384  Windows Media Secure Content Provider
msshooks.dll  7.0.10240.16384  Microsoft Search Hooks
mssign32.dll  6.2.10240.16384  Microsoft Trust Signing APIs
mssip32.dll  6.2.10240.16384  MSSIP32 Forwarder DLL
mssitlb.dll  7.0.10240.16384  mssitlb
msspellcheckingfacility.dll  6.2.10240.16384  Microsoft Spell Checking Facility
mssph.dll  7.0.10240.16384  Microsoft Search Protocol Handler
mssphtb.dll  7.0.10240.16384  Outlook MSSearch Connector
mssprxy.dll  7.0.10240.16384  Microsoft Search Proxy
mssrch.dll  7.0.10240.16431  Microsoft Embedded Search
mssvp.dll  7.0.10240.16384  MSSearch Vista Platform
mstask.dll  6.2.10240.16384  Task Scheduler interface DLL
mstext40.dll  4.0.9756.0  Microsoft Jet Text Isam
mstscax.dll  6.2.10240.16384  Remote Desktop Services ActiveX Client
msutb.dll  6.2.10240.16384  MSUTB Server DLL
msv1_0.dll  6.2.10240.16384  Microsoft Authentication Package v1.0
msvbvm60.dll  6.0.98.15  Visual Basic Virtual Machine
msvcirt.dll  7.0.10240.16384  Windows NT IOStreams DLL
msvcp_win.dll  6.2.10240.16384  Microsoft® C Runtime Library
msvcp100.dll  10.0.40219.1  Microsoft® C Runtime Library
msvcp110.dll  11.0.50727.1  Microsoft® C Runtime Library
msvcp110_win.dll  6.2.10240.16384  Microsoft® STL110 C++ Runtime Library
msvcp120.dll  12.0.21005.1  Microsoft® C Runtime Library
msvcp120_clr0400.dll  12.0.52512.0  Microsoft® C Runtime Library
msvcp60.dll  7.0.10240.16384  Windows NT C++ Runtime Library DLL
msvcr100.dll  10.0.40219.1  Microsoft® C Runtime Library
msvcr100_clr0400.dll  14.0.79.0  Microsoft® .NET Framework
msvcr110.dll  11.0.50727.1  Microsoft® C Runtime Library
msvcr120.dll  12.0.21005.1  Microsoft® C Runtime Library
msvcr120_clr0400.dll  12.0.52512.0  Microsoft® C Runtime Library
msvcrt.dll  7.0.10240.16384  Windows NT CRT DLL
msvcrt20.dll  2.12.0.0  Microsoft® C Runtime Library
msvcrt40.dll  6.2.10240.16384  VC 4.x CRT DLL (Forwarded to msvcrt.dll)
msvfw32.dll  6.2.10240.16384  Microsoft Video for Windows DLL
msvidc32.dll  6.2.10240.16384  Microsoft Video 1 Compressor
msvidctl.dll  6.5.10240.16384  ActiveX control for streaming video
msvideodsp.dll  6.2.10240.16384  Video Stabilization MFT
msvproc.dll  12.0.10240.16384  Media Foundation Video Processor
mswb7.dll  6.2.10240.16384  MSWB7 DLL
mswdat10.dll  4.0.9756.0  Microsoft Jet Sort Tables
mswmdm.dll  12.0.10240.16384  Windows Media Device Manager Core
mswsock.dll  6.2.10240.16384  Microsoft Windows Sockets 2.0 Service Provider
mswstr10.dll  4.0.9765.0  Microsoft Jet Sort Library
msxactps.dll  6.2.10240.16384  OLE DB Transaction Proxies/Stubs
msxbde40.dll  4.0.9756.0  Microsoft Jet xBASE Isam
msxml3.dll  8.110.10240.16384  MSXML 3.0
msxml3r.dll  8.110.10240.16384  XML Resources
msxml6.dll  6.30.10240.16384  MSXML 6.0
msxml6r.dll  6.30.10240.16384  XML Resources
msyuv.dll  6.2.10240.16384  Microsoft UYVY Video Decompressor
mtf.dll    
mtxclu.dll  2001.12.10941.16384  Microsoft Distributed Transaction Coordinator Failover Clustering Support DLL
mtxdm.dll  2001.12.10941.16384  COM+
mtxex.dll  2001.12.10941.16384  COM+
mtxlegih.dll  2001.12.10941.16384  COM+
mtxoci.dll  2001.12.10941.16384  Microsoft Distributed Transaction Coordinator Database Support DLL for Oracle
muifontsetup.dll  6.2.10240.16384  MUI Callback for font registry settings
mycomput.dll  6.2.10240.16384  Computer Management
mydocs.dll  6.2.10240.16384  My Documents Folder UI
napcrypt.dll  6.2.10240.16384  NAP Cryptographic API helper
napinsp.dll  6.2.10240.16384  E-mail Naming Shim Provider
naturallanguage6.dll  6.2.10240.16384  Natural Language Development Platform 6
ncaapi.dll  6.2.10240.16384  Microsoft Network Connectivity Assistant API
ncdprop.dll  6.2.10240.16384  Advanced network device properties
nci.dll  6.2.10240.16384  CoInstaller: NET
ncobjapi.dll  6.2.10240.16384  Microsoft® Windows® Operating System
ncrypt.dll  6.2.10240.16384  Windows NCrypt Router
ncryptprov.dll  6.2.10240.16384  Microsoft KSP
ncryptsslp.dll  6.2.10240.16384  Microsoft SChannel Provider
nddeapi.dll  6.2.10240.16384  Network DDE Share Management APIs
ndfapi.dll  6.2.10240.16384  Network Diagnostic Framework Client API
ndfetw.dll  6.2.10240.16384  Network Diagnostic Engine Event Interface
ndfhcdiscovery.dll  6.2.10240.16384  Network Diagnostic Framework HC Discovery API
ndiscapcfg.dll  6.2.10240.16384  NdisCap Notify Object
ndishc.dll  6.2.10240.16384  NDIS Helper Classes
ndproxystub.dll  6.2.10240.16384  Network Diagnostic Engine Proxy/Stub
negoexts.dll  6.2.10240.16384  NegoExtender Security Package
netapi32.dll  6.2.10240.16384  Net Win32 API DLL
netbios.dll  6.2.10240.16384  NetBIOS Interface Library
netcenter.dll  6.2.10240.16384  Network Center control panel
netcfgx.dll  6.2.10240.16384  Network Configuration Objects
netcorehc.dll  6.2.10240.16384  Networking Core Diagnostics Helper Classes
netdiagfx.dll  6.2.10240.16384  Network Diagnostic Framework
netevent.dll  6.2.10240.16384  Net Event Handler
netfxperf.dll  6.2.10240.16384  Extensible Performance Counter Shim
neth.dll  6.2.10240.16384  Net Help Messages DLL
netid.dll  6.2.10240.16384  System Control Panel Applet; Network ID Page
netiohlp.dll  6.2.10240.16384  Netio Helper DLL
netjoin.dll  6.2.10240.16384  Domain Join DLL
netlogon.dll  6.2.10240.16384  Net Logon Services DLL
netmsg.dll  6.2.10240.16384  Net Messages DLL
netplwiz.dll  6.2.10240.16384  Map Network Drives/Network Places Wizard
netprofm.dll  6.2.10240.16384  Network List Manager
netprovfw.dll  6.2.10240.16384  Provisioning Service Framework DLL
netprovisionsp.dll  6.2.10240.16384  Provisioning Service Provider DLL
netsetupapi.dll  6.2.10240.16384  Network Configuration API
netsetupengine.dll  6.2.10240.16384  Network Configuration Engine
netsetupshim.dll  6.2.10240.16384  Network Configuration API
netshell.dll  6.2.10240.16384  Network Connections Shell
netutils.dll  6.2.10240.16384  Net Win32 API Helpers DLL
networkcollectionagent.dll  11.0.10240.16384  Network Collection Agent
networkexplorer.dll  6.2.10240.16384  Network Explorer
networkitemfactory.dll  6.2.10240.16384  NetworkItem Factory
newdev.dll  6.0.5054.0  Add Hardware Device Library
ngcksp.dll  6.2.10240.16384  Microsoft Passport Key Storage Provider
ninput.dll  6.2.10240.16384  Microsoft Pen and Touch Input Component
nlaapi.dll  6.2.10240.16384  Network Location Awareness 2
nlhtml.dll  2008.0.10240.16384  HTML filter
nlmgp.dll  6.2.10240.16384  Network List Manager Snapin
nlmproxy.dll  6.2.10240.16384  Network List Manager Public Proxy
nlmsprep.dll  6.2.10240.16384  Network List Manager Sysprep Module
nlsbres.dll  6.2.10240.16384  NLSBuild resource DLL
nlsdata0000.dll  6.2.10240.16384  Microsoft Neutral Natural Language Server Data and Code
nlsdata0009.dll  6.2.10240.16384  Microsoft English Natural Language Server Data and Code
nlsdl.dll  6.2.10240.16384  Nls Downlevel DLL
nlslexicons0009.dll  6.2.10240.16384  Microsoft English Natural Language Server Data and Code
nmaa.dll  6.2.10240.16384  NMAA
nmadirect.dll  8.1.0.65535  master branch
normaliz.dll  6.2.10240.16384  Unicode Normalization DLL
notificationobjfactory.dll  6.2.10240.16425  Notifications Object Factory
npmproxy.dll  6.2.10240.16384  Network List Manager Proxy
npsmdesktopprovider.dll  6.2.10240.16384  <d> NPSM Desktop Local Provider DLL
nshhttp.dll  6.2.10240.16384  HTTP netsh DLL
nshipsec.dll  6.2.10240.16384  Net Shell IP Security helper DLL
nshwfp.dll  6.2.10240.16384  Windows Filtering Platform Netsh Helper
nsi.dll  6.2.10240.16384  NSI User-mode interface DLL
ntasn1.dll  6.2.10240.16384  Microsoft ASN.1 API
ntdll.dll  6.2.10240.16430  NT Layer DLL
ntdsapi.dll  6.2.10240.16384  Active Directory Domain Services API
ntlanman.dll  6.2.10240.16384  Microsoft® Lan Manager
ntlanui2.dll  6.2.10240.16384  Network object shell UI
ntlmshared.dll  6.2.10240.16384  NTLM Shared Functionality
ntmarta.dll  6.2.10240.16384  Windows NT MARTA provider
ntprint.dll  6.2.10240.16384  Spooler Setup DLL
ntshrui.dll  6.2.10240.16405  Shell extensions for sharing
ntvdm64.dll  6.2.10240.16384  16-bit Emulation on NT64
objsel.dll  6.2.10240.16384  Object Picker Dialog
occache.dll  11.0.10240.16384  Object Control Viewer
ocsetapi.dll  6.2.10240.16384  Windows Optional Component Setup API
odbc32.dll  6.2.10240.16384  ODBC Driver Manager
odbcbcp.dll  6.2.10240.16384  BCP for ODBC
odbcconf.dll  6.2.10240.16384  ODBC Driver Configuration Program
odbccp32.dll  6.2.10240.16384  ODBC Installer
odbccr32.dll  6.2.10240.16384  ODBC Cursor Library
odbccu32.dll  6.2.10240.16384  ODBC Cursor Library
odbcint.dll  6.2.10240.16384  ODBC Resources
odbcji32.dll  6.2.10240.16384  Microsoft ODBC Desktop Driver Pack 3.5
odbcjt32.dll  6.2.10240.16384  Microsoft ODBC Desktop Driver Pack 3.5
odbctrac.dll  6.2.10240.16384  ODBC Driver Manager Trace
oddbse32.dll  6.2.10240.16384  ODBC (3.0) driver for DBase
odexl32.dll  6.2.10240.16384  ODBC (3.0) driver for Excel
odfox32.dll  6.2.10240.16384  ODBC (3.0) driver for FoxPro
odpdx32.dll  6.2.10240.16384  ODBC (3.0) driver for Paradox
odtext32.dll  6.2.10240.16384  ODBC (3.0) driver for text files
oemlicense.dll  6.2.10240.16384  Client Licensing Platform Client Provisioning
offfilt.dll  2008.0.10240.16384  OFFICE Filter
offlinelsa.dll  6.2.10240.16384  Windows
offlinesam.dll  6.2.10240.16384  Windows
offreg.dll  6.2.10240.16384  Offline registry DLL
ogldrv.dll  6.2.10240.16384  MSOGL
ole2.dll  3.10.0.103  Windows Win16 Application Launcher
ole2disp.dll  3.10.0.103  Windows Win16 Application Launcher
ole2nls.dll  3.10.0.103  Windows Win16 Application Launcher
ole32.dll  6.2.10240.16384  Microsoft OLE for Windows
oleacc.dll  7.2.10240.16384  Active Accessibility Core Component
oleacchooks.dll  7.2.10240.16384  Active Accessibility Event Hooks Library
oleaccrc.dll  7.2.10240.16384  Active Accessibility Resource DLL
oleaut32.dll  6.2.10240.16384  
olecli32.dll  6.2.10240.16384  Object Linking and Embedding Client Library
oledb32.dll  6.2.10240.16384  OLE DB Core Services
oledb32r.dll  6.2.10240.16384  OLE DB Core Services Resources
oledlg.dll  6.2.10240.16384  OLE User Interface Support
oleprn.dll  6.2.10240.16384  Oleprn DLL
olepro32.dll  6.2.10240.16384  
olesvr32.dll  6.2.10240.16384  Object Linking and Embedding Server Library
olethk32.dll  6.2.10240.16384  Microsoft OLE for Windows
ondemandbrokerclient.dll  6.2.10240.16384  OnDemandBrokerClient
ondemandconnroutehelper.dll  6.2.10240.16384  On Demand Connctiond Route Helper
onedrivesettingsyncprovider.dll  6.2.10240.16431  OneDrive Setting Sync
onex.dll  6.2.10240.16384  IEEE 802.1X supplicant library
onexui.dll  6.2.10240.16384  IEEE 802.1X supplicant UI library
oobefldr.dll  6.2.10240.16384  Getting Started
opcservices.dll  6.2.10240.16384  Native Code OPC Services Library
opencl.dll  2.0.2.0  OpenCL Client DLL
opengl32.dll  6.2.10240.16384  OpenGL Client DLL
osbaseln.dll  6.2.10240.16384  Service Reporting API
osksupport.dll  6.2.10240.16384  Microsoft On-Screen Keyboard Support Utilities
osuninst.dll  6.2.10240.16384  Uninstall Interface
p2p.dll  6.2.10240.16384  Peer-to-Peer Grouping
p2pgraph.dll  6.2.10240.16384  Peer-to-Peer Graphing
p2pnetsh.dll  6.2.10240.16384  Peer-to-Peer NetSh Helper
packager.dll  6.2.10240.16384  Object Packager2
packagestateroaming.dll  6.2.10240.16384  Package State Roaming
panmap.dll  6.2.10240.16384  PANOSE(tm) Font Mapper
pautoenr.dll  6.2.10240.16384  Auto Enrollment DLL
pcacli.dll  6.2.10240.16384  Program Compatibility Assistant Client Module
pcaui.dll  6.2.10240.16384  Program Compatibility Assistant User Interface Module
pcpksp.dll  6.2.10240.16384  Microsoft Platform Key Storage Provider for Platform Crypto Provider
pcptpm12.dll  6.2.10240.16384  Microsoft Platform Crypto Provider for Trusted Platform Module 1.2
pcwum.dll  6.2.10240.16384  Performance Counters for Windows Native DLL
pdh.dll  6.2.10240.16384  Windows Performance Data Helper DLL
pdhui.dll  6.2.10240.16384  PDH UI
perfctrs.dll  6.2.10240.16384  Performance Counters
perfdisk.dll  6.2.10240.16384  Windows Disk Performance Objects DLL
perfnet.dll  6.2.10240.16384  Windows Network Service Performance Objects DLL
perfos.dll  6.2.10240.16384  Windows System Performance Objects DLL
perfproc.dll  6.2.10240.16384  Windows System Process Performance Objects DLL
perfts.dll  6.2.10240.16384  Windows Remote Desktop Services Performance Objects
personax.dll  6.2.10240.16384  PersonaX
phonecallhistoryapis.dll  6.2.10240.16384  DLL for PhoneCallHistoryRT
phoneutil.dll  6.2.10240.16384  Phone utilities
phoneutilres.dll  6.2.10240.16384  Resource DLL for Phone utilities
photometadatahandler.dll  6.2.10240.16384  Photo Metadata Handler
photowiz.dll  6.2.10240.16384  Photo Printing Wizard
pid.dll  6.2.10240.16384  Microsoft PID
pidgenx.dll  6.2.10240.16384  Pid Generation
pifmgr.dll  6.2.10240.16384  Windows NT PIF Manager Icon Resources Library
pimindexmaintenanceclient.dll  6.2.10240.16384  Client dll for Pim Index Maintenance
pimstore.dll  6.2.10240.16384  POOM
pku2u.dll  6.2.10240.16384  Pku2u Security Package
pla.dll  6.2.10240.16384  Performance Logs & Alerts
playlistfolder.dll  6.2.10240.16384  Playlist Folder
playsndsrv.dll  6.2.10240.16384  PlaySound Service
playtodevice.dll  12.0.10240.16384  PLAYTODEVICE DLL
playtomanager.dll  6.2.10240.16412  Microsoft Windows PlayTo Manager
playtomenu.dll  12.0.10240.16384  Cast to Device Menu DLL
playtoreceiver.dll  12.0.10240.16384  DLNA DMR DLL
playtostatusprovider.dll  6.2.10240.16384  PlayTo Status Provider Dll
pngfilt.dll  11.0.10240.16384  IE PNG plugin image decoder
pnrpnsp.dll  6.2.10240.16384  PNRP Name Space Provider
policymanager.dll  6.2.10240.16384  Policy Manager DLL
polstore.dll  6.2.10240.16384  Policy Storage dll
portabledeviceapi.dll  6.2.10240.16384  Windows Portable Device API Components
portabledeviceclassextension.dll  6.2.10240.16384  Windows Portable Device Class Extension Component
portabledeviceconnectapi.dll  6.2.10240.16384  Portable Device Connection API Components
portabledevicestatus.dll  6.2.10240.16384  Microsoft Windows Portable Device Status Provider
portabledevicesyncprovider.dll  6.2.10240.16384  Microsoft Windows Portable Device Provider.
portabledevicetypes.dll  6.2.10240.16384  Windows Portable Device (Parameter) Types Component
portabledevicewiacompat.dll  6.2.10240.16384  PortableDevice WIA Compatibility Driver
portabledevicewmdrm.dll  6.2.10240.16384  Windows Portable Device WMDRM Component
posyncservices.dll  6.2.10240.16384  Change Tracking
pots.dll  6.2.10240.16384  Power Troubleshooter
powercpl.dll  6.2.10240.16384  Power Options Control Panel
powrprof.dll  6.2.10240.16384  Power Profile Helper DLL
presentationcffrasterizernative_v0300.dll  3.0.6920.8674  WinFX OpenType/CFF Rasterizer
presentationhostproxy.dll  6.2.10240.16384  Windows Presentation Foundation Host Proxy
presentationnative_v0300.dll  3.0.6920.8674  PresentationNative_v0300.dll
prflbmsg.dll  6.2.10240.16384  Perflib Event Messages
printconfig.dll  0.3.10240.16384  PrintConfig User Interface
printdialogs.dll  6.2.10240.16384  Microsoft® Windows® Operating System
printplatformconfig.dll  6.2.10240.16384  Legacy Print Platform Adapter
printui.dll  6.2.10240.16384  Printer Settings User Interface
prncache.dll  6.2.10240.16384  Print UI Cache
prnfldr.dll  6.2.10240.16384  prnfldr dll
prnntfy.dll  6.2.10240.16384  prnntfy DLL
prntvpt.dll  6.2.10240.16384  Print Ticket Services Module
profapi.dll  6.2.10240.16384  User Profile Basic API
profext.dll  6.2.10240.16384  profext
propsys.dll  7.0.10240.16384  Microsoft Property System
provcore.dll  6.2.10240.16384  Microsoft Wireless Provisioning Core
provsvc.dll  6.2.10240.16384  Windows HomeGroup
provthrd.dll  6.2.10240.16384  WMI Provider Thread & Log Library
proximitycommon.dll  6.2.10240.16384  Proximity Common Implementation
proximitycommonpal.dll  6.2.10240.16384  Proximity Common PAL
proximityrtapipal.dll  6.2.10240.16384  Proximity WinRT API PAL
prvdmofcomp.dll  6.2.10240.16384  WMI
psapi.dll  6.2.10240.16384  Process Status Helper
pshed.dll  6.2.10240.16384  Platform Specific Hardware Error Driver
psisdecd.dll  6.2.10240.16384  Microsoft SI/PSI parser for MPEG2 based networks.
psmodulediscoveryprovider.dll  6.2.10240.16384  WMI
pstorec.dll  6.2.10240.16384  Deprecated Protected Storage COM interfaces
puiapi.dll  6.2.10240.16384  puiapi DLL
puiobj.dll  6.2.10240.16384  PrintUI Objects DLL
pvl.dll    
pwrshplugin.dll  6.2.10240.16384  pwrshplugin.dll
qasf.dll  12.0.10240.16384  DirectShow ASF Support
qcap.dll  6.2.10240.16384  DirectShow Runtime.
qdv.dll  6.2.10240.16384  DirectShow Runtime.
qdvd.dll  6.2.10240.16384  DirectShow DVD PlayBack Runtime.
qedit.dll  6.2.10240.16384  DirectShow Editing.
qedwipes.dll  6.2.10240.16384  DirectShow Editing SMPTE Wipes
quartz.dll  6.2.10240.16384  DirectShow Runtime.
query.dll  6.2.10240.16384  Content Index Utility DLL
qwave.dll  6.2.10240.16384  Windows NT
racengn.dll  6.2.10240.16384  Reliability analysis metrics calculation engine
racpldlg.dll  6.2.10240.16384  Remote Assistance Contact List
radardt.dll  6.2.10240.16384  Microsoft Windows Resource Exhaustion Detector
radarrs.dll  6.2.10240.16384  Microsoft Windows Resource Exhaustion Resolver
radcui.dll  6.2.10240.16384  RemoteApp and Desktop Connection UI Component
rasadhlp.dll  6.2.10240.16384  Remote Access AutoDial Helper
rasapi32.dll  6.2.10240.16384  Remote Access API
rascfg.dll  6.2.10240.16384  RAS Configuration Objects
raschap.dll  6.2.10240.16384  Remote Access PPP CHAP
raschapext.dll  6.2.10240.16384  Windows Extension library for raschap
rasctrs.dll  6.2.10240.16384  Windows NT Remote Access Perfmon Counter dll
rasdiag.dll  6.2.10240.16384  RAS Diagnostics Helper Classes
rasdlg.dll  6.2.10240.16384  Remote Access Common Dialog API
rasgcw.dll  6.2.10240.16384  RAS Wizard Pages
rasman.dll  6.2.10240.16384  Remote Access Connection Manager
rasmontr.dll  6.2.10240.16384  RAS Monitor DLL
rasmxs.dll  6.2.10240.16384  Remote Access Device DLL for modems, PADs and switches
rasplap.dll  6.2.10240.16384  RAS PLAP Credential Provider
rasppp.dll  6.2.10240.16384  Remote Access PPP
rasser.dll  6.2.10240.16384  Remote Access Media DLL for COM ports
rastapi.dll  6.2.10240.16384  Remote Access TAPI Compliance Layer
rastls.dll  6.2.10240.16384  Remote Access PPP EAP-TLS
rastlsext.dll  6.2.10240.16384  Windows Extension library for rastls
rdpcore.dll  6.2.10240.16384  RDP Core DLL
rdpencom.dll  6.2.10240.16384  RDPSRAPI COM Objects
rdpendp.dll  6.2.10240.16384  RDP Audio Endpoint
rdpsaps.dll  6.2.10240.16384  RDP Session Agent Proxy Stub
rdvidcrl.dll  6.2.10240.16384  Remote Desktop Services Client for Microsoft Online Services
rdvvmtransport.dll  6.2.10240.16384  RdvVmTransport EndPoints
reagent.dll  6.2.10240.16431  Microsoft Windows Recovery Agent DLL
regapi.dll  6.2.10240.16384  Registry Configuration APIs
regctrl.dll  6.2.10240.16384  RegCtrl
reinfo.dll  6.2.10240.16431  Microsoft Windows Recovery Info DLL
remoteaudioendpoint.dll  6.2.10240.16384  Remote Audio Endpoint
remotenaturallanguage.dll  1.0.0.1  Speech Client Communication To Backend Speech Services Library.
remotepg.dll  6.2.10240.16384  Remote Sessions CPL Extension
removedevicecontexthandler.dll  6.2.10240.16384  Devices & Printers Remove Device Context Menu Handler
removedeviceelevated.dll  6.2.10240.16384  RemoveDeviceElevated Proxy Dll
resampledmo.dll  6.2.10240.16384  Windows Media Resampler
resutils.dll  6.2.10240.16384  Microsoft Cluster Resource Utility DLL
rfxvmt.dll  6.2.10240.16384  Microsoft RemoteFX VM Transport
rgb9rast.dll  6.2.10240.16384  Microsoft® Windows® Operating System
riched20.dll  5.31.23.1231  Rich Text Edit Control, v3.1
riched32.dll  6.2.10240.16384  Wrapper Dll for Richedit 1.0
rmclient.dll  6.2.10240.16384  Resource Manager Client
rnr20.dll  6.2.10240.16384  Windows Socket2 NameSpace DLL
rometadata.dll  4.6.79.0  Microsoft MetaData Library
rpchttp.dll  6.2.10240.16384  RPC HTTP DLL
rpcns4.dll  6.2.10240.16384  Remote Procedure Call Name Service Client
rpcnsh.dll  6.2.10240.16384  RPC Netshell Helper
rpcrt4.dll  6.2.10240.16412  Remote Procedure Call Runtime
rpcrtremote.dll  6.2.10240.16384  Remote RPC Extension
rsaenh.dll  6.2.10240.16384  Microsoft Enhanced Cryptographic Provider
rshx32.dll  6.2.10240.16384  Security Shell Extension
rstrtmgr.dll  6.2.10240.16384  Restart Manager
rtffilt.dll  2008.0.10240.16384  RTF Filter
rtm.dll  6.2.10240.16384  Routing Table Manager
rtmediaframe.dll  6.2.10240.16384  Windows Runtime MediaFrame DLL
rtutils.dll  6.2.10240.16384  Routing Utilities
rtworkq.dll  12.0.10240.16384  Realtime WorkQueue DLL
samcli.dll  6.2.10240.16384  Security Accounts Manager Client DLL
samlib.dll  6.2.10240.16384  SAM Library DLL
sas.dll  6.2.10240.16384  WinLogon Software SAS Library
sbe.dll  6.2.10240.16384  DirectShow Stream Buffer Filter.
sbeio.dll  12.0.10240.16384  Stream Buffer IO DLL
sberes.dll  6.2.10240.16384  DirectShow Stream Buffer Filter Resouces.
scansetting.dll  6.2.10240.16384  Microsoft® Windows(TM) ScanSettings Profile and Scanning implementation
scarddlg.dll  6.2.10240.16384  SCardDlg - Smart Card Common Dialog
scecli.dll  6.2.10240.16384  Windows Security Configuration Editor Client Engine
scesrv.dll  6.2.10240.16384  Windows Security Configuration Editor Engine
schannel.dll  6.2.10240.16384  TLS / SSL Security Provider
schedcli.dll  6.2.10240.16384  Scheduler Service Client DLL
scksp.dll  6.2.10240.16384  Microsoft Smart Card Key Storage Provider
scripto.dll  6.6.10240.16384  Microsoft ScriptO
scrobj.dll  5.812.10240.16384  Windows ® Script Component Runtime
scrrun.dll  5.812.10240.16384  Microsoft ® Script Runtime
sdiageng.dll  6.2.10240.16384  Scripted Diagnostics Execution Engine
sdiagprv.dll  6.2.10240.16384  Windows Scripted Diagnostic Provider API
sdohlp.dll  6.2.10240.16384  NPS SDO Helper Component
search.protocolhandler.mapi2.dll  7.0.10240.16384  Microsoft Search Protocol Handler for MAPI2
searchfolder.dll  6.2.10240.16405  SearchFolder
sechost.dll  6.2.10240.16384  Host for SCM/SDDL/LSA Lookup APIs
secproc.dll  6.2.10240.16384  Windows Rights Management Desktop Security Processor
secproc_isv.dll  6.2.10240.16384  Windows Rights Management Desktop Security Processor
secproc_ssp.dll  6.2.10240.16384  Windows Rights Management Services Server Security Processor
secproc_ssp_isv.dll  6.2.10240.16384  Windows Rights Management Services Server Security Processor (Pre-production)
secur32.dll  6.2.10240.16384  Security Support Provider Interface
security.dll  6.2.10240.16384  Security Support Provider Interface
sendmail.dll  6.2.10240.16405  Send Mail
sensapi.dll  6.2.10240.16384  SENS Connectivity API DLL
sensorsapi.dll  6.2.10240.16390  Sensor API
sensorscpl.dll  6.2.10240.16384  Open Location and Other Sensors
sensorsnativeapi.dll  6.2.10240.16384  Sensors Native API
sensorsnativeapi.v2.dll  6.2.10240.16412  Sensors Native API (V2 stack)
sensorsutilsv2.dll  6.2.10240.16384  Sensors v2 Utilities DLL
serialui.dll  6.2.10240.16384  Serial Port Property Pages
serwvdrv.dll  6.2.10240.16384  Unimodem Serial Wave driver
sessenv.dll  6.2.10240.16384  Remote Desktop Configuration service
settingmonitor.dll  6.2.10240.16384  Setting Synchronization Change Monitor
settingsync.dll  6.2.10240.16384  Setting Synchronization
settingsynccore.dll  6.2.10240.16384  Setting Synchronization Core
settingsyncpolicy.dll  6.2.10240.16384  SettingSync Policy
setupapi.dll  6.2.10240.16384  Windows Setup API
setupcln.dll  6.2.10240.16384  Setup Files Cleanup
sfc.dll  6.2.10240.16384  Windows File Protection
sfc_os.dll  6.2.10240.16384  Windows File Protection
shacct.dll  6.2.10240.16384  Shell Accounts Classes
sharehost.dll  6.2.10240.16384  ShareHost
shcore.dll  6.2.10240.16384  SHCORE
shdocvw.dll  6.2.10240.16384  Shell Doc Object and Control Library
shell32.dll  6.2.10240.16425  Windows Shell Common Dll
shellstyle.dll  6.2.10240.16384  Windows Shell Style Resource Dll
shfolder.dll  6.2.10240.16384  Shell Folder Service
shgina.dll  6.2.10240.16384  Windows Shell User Logon
shimeng.dll  6.2.10240.16384  Shim Engine DLL
shimgvw.dll  6.2.10240.16384  Photo Gallery Viewer
shlwapi.dll  6.2.10240.16384  Shell Light-weight Utility Library
shpafact.dll  6.2.10240.16384  Windows Shell LUA/PA Elevation Factory Dll
shsetup.dll  6.2.10240.16384  Shell setup helper
shsvcs.dll  6.2.10240.16384  Windows Shell Services Dll
shunimpl.dll  6.2.10240.16384  Windows Shell Obsolete APIs
shwebsvc.dll  6.2.10240.16384  Windows Shell Web Services
signdrv.dll  6.2.10240.16384  WMI provider for Signed Drivers
simauth.dll  6.2.10240.16384  EAP SIM run-time dll
simcfg.dll  6.2.10240.16384  EAP SIM config dll
sisbkup.dll  6.2.10240.16384  Single-Instance Store Backup Support Functions
slc.dll  6.2.10240.16384  Software Licensing Client Dll
slcext.dll  6.2.10240.16384  Software Licensing Client Extension Dll
slwga.dll  6.2.10240.16384  Software Licensing WGA API
smartcardcredentialprovider.dll  6.2.10240.16384  Windows Smartcard Credential Provider
smbhelperclass.dll  1.0.0.1  SMB (File Sharing) Helper Class for Network Diagnostic Framework
smphost.dll  6.2.10240.16384  Storage Management Provider (SMP) host service
sndvolsso.dll  6.2.10240.16384  SCA Volume
snmpapi.dll  6.2.10240.16384  SNMP Utility Library
softkbd.dll  6.2.10240.16384  Soft Keyboard Server and Tip
softpub.dll  6.2.10240.16384  Softpub Forwarder DLL
sortserver2003compat.dll  6.2.10240.16384  Sort Version Server 2003
sortwindows61.dll  6.2.10240.16384  SortWindows61 Dll
sortwindows6compat.dll  6.2.10240.16384  Sort Version Windows 6.0
spbcd.dll  6.2.10240.16393  BCD Sysprep Plugin
spfileq.dll  6.2.10240.16384  Windows SPFILEQ
spinf.dll  6.2.10240.16384  Windows SPINF
spnet.dll  6.2.10240.16384  Net Sysprep Plugin
spopk.dll  6.2.10240.16384  OPK Sysprep Plugin
spp.dll  6.2.10240.16384  Microsoft® Windows Shared Protection Point Library
sppc.dll  6.2.10240.16384  Software Licensing Client Dll
sppcext.dll  6.2.10240.16384  Software Protection Platform Client Extension Dll
sppinst.dll  6.2.10240.16384  SPP CMI Installer Plug-in DLL
sppwmi.dll  6.2.10240.16384  Software Protection Platform WMI provider
spwinsat.dll  6.2.10240.16384  WinSAT Sysprep Plugin
spwizeng.dll  6.2.10240.16384  Setup Wizard Framework
spwizimg.dll  6.2.10240.16384  Setup Wizard Framework Resources
spwizres.dll  6.2.10240.16384  Setup Wizard Framework Resources
spwmp.dll  6.2.10240.16384  Windows Media Player System Preparation DLL
sqlcecompact40.dll  4.0.8275.1  Database Repair Tool (32-bit)
sqlceoledb40.dll  4.0.10240.1  OLEDB Provider (32-bit)
sqlceqp40.dll  4.0.10240.1  Query Processor (32-bit)
sqlcese40.dll  4.0.10240.1  Storage Engine (32-bit)
sqloledb.dll  6.2.10240.16384  OLE DB Provider for SQL Server
sqlsrv32.dll  6.2.10240.16384  SQL Server ODBC Driver
sqlunirl.dll  2000.80.2039.0  String Function .DLL for SQL Enterprise Components
sqlwid.dll  2000.80.2039.0  Unicode Function .DLL for SQL Enterprise Components
sqlwoa.dll  2000.80.2040.0  Unicode/ANSI Function .DLL for SQL Enterprise Components
sqlxmlx.dll  6.2.10240.16384  XML extensions for SQL Server
sqmapi.dll  6.2.10240.16384  SQM Client
srchadmin.dll  7.0.10240.16384  Indexing Options
srclient.dll  6.2.10240.16384  Microsoft® Windows System Restore Client Library
srh.dll  6.2.10240.16384  Screen Reader Helper DLL
srhinproc.dll  6.2.10240.16384  Screen Reader Helper DLL
srpapi.dll  6.2.10240.16384  SRP APIs Dll
srumapi.dll  6.2.10240.16384  System Resource Usage Monitor API
srumsvc.dll  6.2.10240.16391  System Resource Usage Monitor Service
srvcli.dll  6.2.10240.16384  Server Service Client DLL
sscore.dll  6.2.10240.16384  Server Service Core DLL
ssdpapi.dll  6.2.10240.16384  SSDP Client API DLL
sspicli.dll  6.2.10240.16384  Security Support Provider Interface
ssshim.dll  6.2.10240.16384  Windows Componentization Platform Servicing API
startupscan.dll  6.2.10240.16384  Startup scan task DLL
staterepository.core.dll  6.2.10240.16384  StateRepository Core
stclient.dll  2001.12.10941.16384  COM+ Configuration Catalog Client
sti.dll  6.2.10240.16384  Still Image Devices client DLL
stobject.dll  6.2.10240.16405  Systray shell service object
storage.dll  3.10.0.103  Windows Win16 Application Launcher
storagecontexthandler.dll  6.2.10240.16384  Device Center Storage Context Menu Handler
storagewmi.dll  6.2.10240.16384  WMI Provider for Storage Management
storagewmi_passthru.dll  6.2.10240.16384  WMI PassThru Provider for Storage Management
storprop.dll  6.2.10240.16384  Property Pages for Storage Devices
structuredquery.dll  7.0.10240.16384  Structured Query
sud.dll  6.2.10240.16384  SUD Control Panel
suplcsps.dll  6.2.10240.16384  Windows Supl CSP implementation
sxproxy.dll  6.2.10240.16384  Microsoft® Windows System Protection Proxy Library
sxs.dll  6.2.10240.16384  Fusion 2.5
sxshared.dll  6.2.10240.16384  Microsoft® Windows SX Shared Library
sxsstore.dll  6.2.10240.16384  Sxs Store DLL
synccenter.dll  6.2.10240.16384  Microsoft Sync Center
synceng.dll  6.2.10240.16384  Windows Briefcase Engine
synchostps.dll  6.2.10240.16384  Proxystub for sync host
syncinfrastructure.dll  6.2.10240.16384  Microsoft Windows Sync Infrastructure.
syncinfrastructureps.dll  6.2.10240.16384  Microsoft Windows sync infrastructure proxy stub.
syncreg.dll  2007.94.10240.16384  Microsoft Synchronization Framework Registration
syncsettings.dll  6.2.10240.16384  Sync Settings
syncui.dll  6.2.10240.16384  Windows Briefcase
syssetup.dll  6.2.10240.16384  Windows NT System Setup
systemcpl.dll  6.2.10240.16389  My System CPL
systemeventsbrokerclient.dll  6.2.10240.16384  system Events Broker Client Library
t2embed.dll  6.2.10240.16384  Microsoft T2Embed Font Embedding
tapi3.dll  6.2.10240.16384  Microsoft TAPI3
tapi32.dll  6.2.10240.16384  Microsoft® Windows(TM) Telephony API Client DLL
tapimigplugin.dll  6.2.10240.16384  Microsoft® Windows(TM) TAPI Migration Plugin Dll
tapiperf.dll  6.2.10240.16384  Microsoft® Windows(TM) Telephony Performance Monitor
tapisrv.dll  6.2.10240.16384  Microsoft® Windows(TM) Telephony Server
tapisysprep.dll  6.2.10240.16384  Microsoft® Windows(TM) Telephony Sysprep Work
tapiui.dll  6.2.10240.16384  Microsoft® Windows(TM) Telephony API UI DLL
taskcomp.dll  6.2.10240.16384  Task Scheduler Backward Compatibility Plug-in
taskschd.dll  6.2.10240.16384  Task Scheduler COM API
taskschdps.dll  6.2.10240.16384  Task Scheduler Interfaces Proxy
tbauth.dll  6.2.10240.16384  TBAuth protocol handler
tbs.dll  6.2.10240.16384  TBS
tcpipcfg.dll  6.2.10240.16384  Network Configuration Objects
tcpmib.dll  6.2.10240.16384  Standard TCP/IP Port Monitor Helper DLL
tcpmonui.dll  6.2.10240.16384  Standard TCP/IP Port Monitor UI DLL
tdh.dll  6.2.10240.16384  Event Trace Helper Library
termmgr.dll  6.2.10240.16384  Microsoft TAPI3 Terminal Manager
tetheringclient.dll  6.2.10240.16431  Tethering Client
textinputframework.dll    
themecpl.dll  6.2.10240.16384  Personalization CPL
themeui.dll  6.2.10240.16384  Windows Theme API
threadpoolwinrt.dll  6.2.10240.16384  Windows WinRT Threadpool
thumbcache.dll  6.2.10240.16384  Microsoft Thumbnail Cache
timebrokerclient.dll  6.2.10240.16384  Time Broker Client Library
timedatemuicallback.dll  6.2.10240.16384  Time Date Control UI Language Change plugin
tlscsp.dll  6.2.10240.16384  Microsoft® Remote Desktop Services Cryptographic Utility
tokenbinding.dll  6.2.10240.16384  Token Binding Protocol
tokenbroker.dll  6.2.10240.16384  Token Broker
tokenbrokerui.dll  6.2.10240.16384  Token Broker UI
tpmcertresources.dll  6.2.10240.16384  TpmCertResources
tpmcompc.dll  6.2.10240.16384  Computer Chooser Dialog
tpmcoreprovisioning.dll  6.2.10240.16384  TPM Core Provisioning Library
tquery.dll  7.0.10240.16431  Microsoft Tripoli Query
traffic.dll  6.2.10240.16384  Microsoft Traffic Control 1.0 DLL
tsbyuv.dll  6.2.10240.16384  Toshiba Video Codec
tschannel.dll  6.2.10240.16384  Task Scheduler Proxy
tsgqec.dll  6.2.10240.16384  RD Gateway QEC
tsmf.dll  6.2.10240.16384  RDP MF Plugin
tspkg.dll  6.2.10240.16384  Web Service Security Package
tsworkspace.dll  6.2.10240.16384  RemoteApp and Desktop Connection Component
ttlsauth.dll  6.2.10240.16384  EAP TTLS run-time dll
ttlscfg.dll  6.2.10240.16384  EAP TTLS configuration dll
ttlsext.dll  6.2.10240.16384  Windows Extension library for EAP TTLS
tvratings.dll  6.2.10240.16384  Module for managing TV ratings
twext.dll  6.2.10240.16384  Previous Versions property page
twinapi.appcore.dll  6.2.10240.16397  twinapi.appcore
twinapi.dll  6.2.10240.16384  twinapi
twinui.appcore.dll  6.2.10240.16412  TWINUI.APPCORE
twinui.dll  6.2.10240.16412  TWINUI
txflog.dll  2001.12.10941.16384  COM+
txfw32.dll  6.2.10240.16384  TxF Win32 DLL
typelib.dll  3.10.0.103  Windows Win16 Application Launcher
tzres.dll  6.2.10240.16384  Time Zones resource DLL
ucmhc.dll  6.2.10240.16384  UCM Helper Class
ucrtbase.dll  6.2.10240.16384  Microsoft® C Runtime Library
udhisapi.dll  6.2.10240.16384  UPnP Device Host ISAPI Extension
uexfat.dll  6.2.10240.16384  eXfat Utility DLL
ufat.dll  6.2.10240.16384  FAT Utility DLL
uianimation.dll  6.2.10240.16384  Windows Animation Manager
uiautomationcore.dll  7.2.10240.16431  Microsoft UI Automation Core
uiautomationcoreres.dll  7.2.10240.16384  Microsoft UI Automation Core Resource
uicom.dll  6.2.10240.16384  Add/Remove Modems
uireng.dll  6.2.10240.16384  UI Recording Engine Library
uiribbon.dll  6.2.10240.16393  Windows Ribbon Framework
uiribbonres.dll  6.2.10240.16393  Windows Ribbon Framework Resources
ulib.dll  6.2.10240.16384  File Utilities Support DLL
umdmxfrm.dll  6.2.10240.16384  Unimodem Tranform Module
unimdmat.dll  6.2.10240.16384  Unimodem Service Provider AT Mini Driver
uniplat.dll  6.2.10240.16384  Unimodem AT Mini Driver Platform Driver for Windows NT
unistore.dll  6.2.10240.16401  Unified Store
untfs.dll  6.2.10240.16384  NTFS Utility DLL
updatepolicy.dll  6.2.10240.16384  Update Policy Reader
upnp.dll  6.2.10240.16384  UPnP Control Point API
upnphost.dll  6.2.10240.16384  UPnP Device Host
urefs.dll  6.2.10240.16384  NTFS Utility DLL
urefsv1.dll  6.2.10240.16384  NTFS Utility DLL
ureg.dll  6.2.10240.16384  Registry Utility DLL
url.dll  11.0.10240.16384  Internet Shortcut Shell Extension DLL
urlmon.dll  11.0.10240.16391  OLE32 Extensions for Win32
usbceip.dll  6.2.10240.16384  USBCEIP Task
usbperf.dll  6.2.10240.16384  USB Performance Objects DLL
usbui.dll  6.2.10240.16384  USB UI Dll
user32.dll  6.2.10240.16384  Multi-User Windows USER API Client DLL
useraccountcontrolsettings.dll  6.2.10240.16384  UserAccountControlSettings
usercpl.dll  6.2.10240.16384  User control panel
userdataaccessres.dll  6.2.10240.16384  Resource DLL for the UserDataAccess stack
userdataaccountapis.dll  6.2.10240.16384  DLL for UserDataAccountsRT
userdatalanguageutil.dll  6.2.10240.16384  Language-related helper functions for user data
userdataplatformhelperutil.dll  6.2.10240.16384  Platform Utilities for data access
userdatatimeutil.dll  6.2.10240.16384  Time-related helper functions for user data
userdatatypehelperutil.dll  6.2.10240.16384  Type Utilities for data access
userdeviceregistration.dll  6.2.10240.16384  AAD User Device Registration WinRT
userdeviceregistration.ngc.dll  6.2.10240.16384  AD/AAD User Device Registration WinRT
userenv.dll  6.2.10240.16384  Userenv
userinitext.dll  6.2.10240.16384  UserInit Utility Extension DLL
userlanguageprofilecallback.dll  6.2.10240.16384  MUI Callback for User Language profile changed
userlanguagescpl.dll  6.2.10240.16384  My Languages Configuration Control Panel
usermgrcli.dll  6.2.10240.16384  UserMgr API DLL
usermgrproxy.dll  6.2.10240.16431  UserMgrProxy
usp10.dll  6.2.10240.16384  Uniscribe Unicode script processor
ustprov.dll  6.2.10240.16384  User State WMI Provider
utildll.dll  6.2.10240.16384  WinStation utility support DLL
uudf.dll  6.2.10240.16384  UDF Utility DLL
uxinit.dll  6.2.10240.16384  Windows User Experience Session Initialization Dll
uxlib.dll  6.2.10240.16384  Setup Wizard Framework
uxlibres.dll  6.2.10240.16384  UXLib Resources
uxtheme.dll  6.2.10240.16397  Microsoft UxTheme Library
van.dll  6.2.10240.16384  View Available Networks
vault.dll  6.2.10240.16384  Windows vault Control Panel
vaultcli.dll  6.2.10240.16384  Credential Vault Client Library
vbajet32.dll  6.0.1.9431  Visual Basic for Applications Development Environment - Expression Service Loader
vbscript.dll  5.812.10240.16384  Microsoft ® VBScript
vcardparser.dll  6.2.10240.16384  Supports the parsing of VCard and ICal formatted data
vccorlib110.dll  11.0.50727.1  Microsoft ® VC WinRT core library
vccorlib120.dll  12.0.21005.1  Microsoft ® VC WinRT core library
vdmdbg.dll  6.2.10240.16384  VDMDBG.DLL
vds_ps.dll  6.2.10240.16384  Microsoft® Virtual Disk Service proxy/stub
vedatalayerhelpers.dll  6.2.10240.16425  Visual Element DataLayer Helpers
veeventdispatcher.dll  6.2.10240.16425  Visual Element Event dispatcher
verifier.dll  6.2.10240.16384  Standard application verifier provider dll
version.dll  6.2.10240.16384  Version Checking and File Installation Libraries
vfwwdm32.dll  6.2.10240.16384  VfW MM Driver for WDM Video Capture Devices
vidreszr.dll  6.2.10240.16384  Windows Media Resizer
virtdisk.dll  6.2.10240.16384  Virtual Disk API DLL
voiceactivationmanager.dll  6.2.10240.16412  Windows Voice Activation Manager
vpnikeapi.dll  6.2.10240.16384  VPN IKE API's
vscmgrps.dll  6.2.10240.16384  Microsoft Virtual Smart Card Manager Proxy/Stub
vss_ps.dll  6.2.10240.16384  Microsoft® Volume Shadow Copy Service proxy/stub
vssapi.dll  6.2.10240.16384  Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL
vsstrace.dll  6.2.10240.16384  Microsoft® Volume Shadow Copy Service Tracing Library
w32topl.dll  6.2.10240.16384  Windows NT Topology Maintenance Tool
wab32.dll  6.2.10240.16384  Microsoft (R) Contacts DLL
wab32res.dll  6.2.10240.16384  Microsoft (R) Contacts DLL
wabsyncprovider.dll  6.2.10240.16384  Microsoft Windows Contacts Sync Provider
walletbackgroundserviceproxy.dll  6.2.10240.16384  Wallet Background Proxy
walletproxy.dll  6.2.10240.16384  Wallet proxy
wavemsp.dll  6.2.10240.16384  Microsoft Wave MSP
wbemcomn.dll  6.2.10240.16384  WMI
wcmapi.dll  6.2.10240.16384  Windows Connection Manager Client API
wcnapi.dll  6.2.10240.16384  Windows Connect Now - API Helper DLL
wcnwiz.dll  6.2.10240.16384  Windows Connect Now Wizards
wcspluginservice.dll  6.2.10240.16384  WcsPlugInService DLL
wdc.dll  6.2.10240.16384  Performance Monitor
wdi.dll  6.2.10240.16384  Windows Diagnostic Infrastructure
wdigest.dll  6.2.10240.16384  Microsoft Digest Access
wdscore.dll  6.2.10240.16384  Panther Engine Module
webcamui.dll  6.2.10240.16384  Microsoft® Windows® Operating System
webcheck.dll  11.0.10240.16384  Web Site Monitor
webclnt.dll  6.2.10240.16384  Web DAV Service DLL
webio.dll  6.2.10240.16384  Web Transfer Protocols API
webservices.dll  6.2.10240.16384  Windows Web Services Runtime
websocket.dll  6.2.10240.16384  Web Socket API
wecapi.dll  6.2.10240.16384  Event Collector Configuration API
wer.dll  6.2.10240.16384  Windows Error Reporting DLL
werdiagcontroller.dll  6.2.10240.16384  WER Diagnostic Controller
weretw.dll    
werui.dll  6.2.10240.16384  Windows Error Reporting UI DLL
wevtapi.dll  6.2.10240.16384  Eventing Consumption and Configuration API
wevtfwd.dll  6.2.10240.16384  WS-Management Event Forwarding Plug-in
wfapigp.dll  6.2.10240.16384  Windows Firewall GPO Helper dll
wfdprov.dll  6.2.10240.16384  Private WPS provisioning API DLL for Wi-Fi Direct
wfhc.dll  6.2.10240.16384  Windows Firewall Helper Class
whhelper.dll  6.2.10240.16384  Net shell helper DLL for winHttp
wiaaut.dll  6.2.10240.16384  WIA Automation Layer
wiadefui.dll  6.2.10240.16384  WIA Scanner Default UI
wiadss.dll  6.2.10240.16384  WIA TWAIN compatibility layer
wiascanprofiles.dll  6.2.10240.16384  Microsoft Windows ScanProfiles
wiashext.dll  6.2.10240.16384  Imaging Devices Shell Folder UI
wiatrace.dll  6.2.10240.16384  WIA Tracing
wifidisplay.dll  6.2.10240.16384  Wi-Fi Display DLL
wimgapi.dll  6.2.10240.16401  Windows Imaging Library
winbio.dll  6.2.10240.16384  Windows Biometrics Client API
winbioext.dll  6.2.10240.16384  Windows Biometrics Client Extension API
winbrand.dll  6.2.10240.16384  Windows Branding Resources
wincorlib.dll  6.2.10240.16384  Microsoft Windows ® WinRT core library
wincredprovider.dll  6.2.10240.16384  wincredprovider DLL
windows.accountscontrol.dll  6.2.10240.16384  Windows Accounts Control
windows.applicationmodel.background.systemeventsbroker.dll  6.2.10240.16384  Windows Background System Events Broker API Server
windows.applicationmodel.background.timebroker.dll  6.2.10240.16384  Windows Background Time Broker API Server
windows.applicationmodel.core.dll  6.2.10240.16384  Windows Application Model Core API
windows.applicationmodel.dll  6.2.10240.16384  Windows ApplicationModel API Server
windows.applicationmodel.lockscreen.dll  6.2.10240.16425  Windows Lock Application Framework DLL
windows.applicationmodel.store.dll  6.2.10240.16431  Windows Store Runtime DLL
windows.applicationmodel.store.testingframework.dll  6.2.10240.16431  Windows Store Testing Framework Runtime DLL
windows.applicationmodel.wallet.dll  6.2.10240.16384  Windows ApplicationModel Wallet Runtime DLL
windows.data.pdf.dll  6.2.10240.16384  PDF WinRT APIs
windows.devices.alljoyn.dll  6.2.10240.16384  Windows.Devices.AllJoyn DLL
windows.devices.background.dll  6.2.10240.16384  Windows.Devices.Background
windows.devices.background.ps.dll  6.2.10240.16384  Windows.Devices.Background Interface Proxy
windows.devices.bluetooth.dll  6.2.10240.16397  Windows.Devices.Bluetooth DLL
windows.devices.custom.dll  6.2.10240.16384  Windows.Devices.Custom
windows.devices.custom.ps.dll  6.2.10240.16384  Windows.Devices.Custom Interface Proxy
windows.devices.enumeration.dll  6.2.10240.16384  Windows.Devices.Enumeration
windows.devices.humaninterfacedevice.dll  6.2.10240.16384  Windows.Devices.HumanInterfaceDevice DLL
windows.devices.lights.dll  6.2.10240.16384  Windows Runtime Lights DLL
windows.devices.midi.dll  6.2.10240.16384  Windows Runtime MIDI Device server DLL
windows.devices.perception.dll  6.2.10240.16384  Windows Devices Perception API
windows.devices.picker.dll  6.2.10240.16384  Device Picker
windows.devices.pointofservice.dll  6.2.10240.16384  Windows Runtime PointOfService DLL
windows.devices.portable.dll  6.2.10240.16384  Windows Runtime Portable Devices DLL
windows.devices.printers.dll  6.2.10240.16384  Windows Runtime Devices Printers DLL
windows.devices.printers.extensions.dll  6.2.10240.16384  Windows.Devices.Printers.Extensions
windows.devices.radios.dll  6.2.10240.16384  Windows.Devices.Radios DLL
windows.devices.scanners.dll  6.2.10240.16384  Windows Runtime Devices Scanners DLL
windows.devices.sensors.dll  6.2.10240.16392  Windows Runtime Sensors DLL
windows.devices.serialcommunication.dll  6.2.10240.16384  Windows.Devices.SerialCommunication DLL
windows.devices.smartcards.dll  6.2.10240.16384  Windows Runtime Smart Card API DLL
windows.devices.usb.dll  6.2.10240.16384  Windows Runtime Usb DLL
windows.devices.wifi.dll  6.2.10240.16384  Windows.Devices.WiFi DLL
windows.devices.wifidirect.dll  6.2.10240.16384  Windows.Devices.WiFiDirect DLL
windows.energy.dll  6.2.10240.16384  Windows Energy Runtime DLL
windows.gaming.input.dll  6.2.10240.16384  Windows Gaming Input API
windows.gaming.preview.dll  6.2.10240.16384  Windows Gaming API Preview
windows.gaming.xboxlive.storage.dll  6.2.10240.16384  Xbox Connected Storage WinRT implementation
windows.globalization.dll  6.2.10240.16384  Windows Globalization
windows.globalization.fontgroups.dll  6.2.10240.16384  Fonts Mapping API
windows.graphics.dll  6.2.10240.16384  WinRT Windows Graphics DLL
windows.graphics.printing.3d.dll  6.2.10240.16384  Microsoft Windows Printing Support
windows.graphics.printing.dll  6.2.10240.16384  Microsoft Windows Printing Support
windows.internal.bluetooth.dll  6.2.10240.16397  Windows.Internal.Bluetooth DLL
windows.internal.management.dll  6.2.10240.16384  Windows Managent Service DLL
windows.management.lockdown.dll  6.2.10240.16384  Windows Runtime Lockdown Management DLL
windows.management.workplace.workplacesettings.dll  6.2.10240.16384  Windows Runtime WorkplaceSettings DLL
windows.media.audio.dll  6.2.10240.16384  Windows Runtime Window Media Audio server DLL
windows.media.backgroundmediaplayback.dll  6.2.10240.16384  Windows Media BackgroundMediaPlayback DLL
windows.media.devices.dll  6.2.10240.16384  Windows Runtime media device server DLL
windows.media.dll  6.2.10240.16401  Windows Media Runtime DLL
windows.media.editing.dll  6.2.10240.16393  Windows Media Editing DLL
windows.media.faceanalysis.dll  6.2.10240.16384  Microsoft (R) Face Detection DLL
windows.media.import.dll  6.2.10240.16393  Windows Photo Import API (WinRT/COM)
windows.media.mediacontrol.dll  6.2.10240.16384  Windows Runtime MediaControl server DLL
windows.media.ocr.dll  6.2.10240.16384  Windows OCR Runtime DLL
windows.media.playback.backgroundmediaplayer.dll  6.2.10240.16384  Windows Media Playback BackgroundMediaPlayer DLL
windows.media.playback.mediaplayer.dll  6.2.10240.16384  Windows Media Playback MediaPlayer DLL
windows.media.playback.proxystub.dll  6.2.10240.16384  BackgroundMediaPlayer Proxy Stub DLL
windows.media.protection.playready.dll  3.0.2777.0  Microsoft PlayReady Client Framework Dll
windows.media.speech.dll  6.2.10240.16425  Windows Speech Runtime DLL
windows.media.speech.uxres.dll  6.2.10240.16384  Windows Media Speech UX Resources DLL
windows.media.streaming.dll  12.0.10240.16384  DLNA DLL
windows.media.streaming.ps.dll  12.0.10240.16384  DLNA Proxy-Stub DLL
windows.networking.backgroundtransfer.backgroundmanagerpolicy.dll  6.2.10240.16384  Background Transfer Background Manager Policy DLL
windows.networking.backgroundtransfer.dll  6.2.10240.16384  Windows.Networking.BackgroundTransfer DLL
windows.networking.connectivity.dll  6.2.10240.16401  Windows Networking Connectivity Runtime DLL
windows.networking.dll  6.2.10240.16384  Windows.Networking DLL
windows.networking.hostname.dll  6.2.10240.16384  Windows.Networking.HostName DLL
windows.networking.networkoperators.hotspotauthentication.dll  6.2.10240.16384  Microsoft Windows Hotspot Authentication API
windows.networking.proximity.dll  6.2.10240.16384  Windows Runtime Proximity API DLL
windows.networking.servicediscovery.dnssd.dll  6.2.10240.16384  Windows.Networking.ServiceDiscovery.Dnssd DLL
windows.networking.sockets.pushenabledapplication.dll  6.2.10240.16384  Windows.Networking.Sockets.PushEnabledApplication DLL
windows.networking.xboxlive.proxystub.dll  6.2.10240.16384  Windows.Networking.XboxLive Proxy Stub Dll
windows.security.authentication.onlineid.dll  6.2.10240.16384  Windows Runtime OnlineId Authentication DLL
windows.security.authentication.web.core.dll  6.2.10240.16384  Token Broker WinRT API
windows.security.credentials.ui.credentialpicker.dll  6.2.10240.16384  WinRT Credential Picker Server
windows.security.credentials.ui.userconsentverifier.dll  6.2.10240.16384  Windows User Consent Verifier API
windows.shell.search.urihandler.dll  6.2.10240.16384  Windows Search URI Handler
windows.shell.servicehostbuilder.dll  6.2.10240.16384  Windows.Shell.ServiceHostBuilder
windows.speech.pal.dll  6.2.10240.16384  Speech Platform Adaptation Layer DLL
windows.staterepository.dll  6.2.10240.16384  Windows StateRepository API Server
windows.staterepositorybroker.dll  6.2.10240.16384  Windows StateRepository API Broker
windows.staterepositoryclient.dll  6.2.10240.16384  Windows StateRepository API Broker
windows.storage.applicationdata.dll  6.2.10240.16384  Windows Application Data API Server
windows.storage.compression.dll  6.2.10240.16384  WinRT Compression
windows.storage.dll  6.2.10240.16405  Microsoft WinRT Storage API
windows.storage.search.dll  6.2.10240.16384  Windows.Storage.Search
windows.system.diagnostics.dll  6.2.10240.16384  Windows System Diagnostics DLL
windows.system.launcher.dll  6.2.10240.16384  Windows.System.Launcher
windows.system.profile.hardwareid.dll  6.2.10240.16384  Windows System Profile HardwareId DLL
windows.system.profile.retailinfo.dll  6.2.10240.16384  Windows.System.Profile.RetailInfo Runtime DLL
windows.system.profile.systemmanufacturers.dll  6.2.10240.16384  Windows.System.Profile.SystemManufacturers
windows.system.remotedesktop.dll  6.2.10240.16384  Windows System RemoteDesktop Runtime DLL
windows.system.systemmanagement.dll  6.2.10240.16384  Windows Runtime SystemManagement DLL
windows.ui.biofeedback.dll  6.2.10240.16386  Bio Feedback User Experience
windows.ui.blockedshutdown.dll  6.2.10240.16386  Blocked Shutdown User Experience
windows.ui.core.textinput.dll  6.2.10240.16431  Windows.UI.Core.TextInput dll
windows.ui.cred.dll  6.2.10240.16391  Credential Prompt User Experience
windows.ui.dll  6.2.10240.16384  Windows Runtime UI Foundation DLL
windows.ui.immersive.dll  6.2.10240.16397  WINDOWS.UI.IMMERSIVE
windows.ui.input.inking.dll  6.2.10240.16384  WinRT Windows Inking DLL
windows.ui.logon.dll  6.2.10240.16431  Logon User Experience
windows.ui.search.dll  6.2.10240.16386  Windows.UI.Search
windows.ui.xaml.dll  6.2.10240.16431  Windows.UI.Xaml dll
windows.ui.xaml.maps.dll  6.2.10240.16384  Windows UI XAML Maps API
windows.ui.xaml.phone.dll  6.2.10240.16384  Windows UI XAML Phone API
windows.ui.xaml.resources.dll  6.2.10240.16384  Windows.UI.Xaml.Resources dll
windows.web.diagnostics.dll  6.2.10240.16384  Windows.Web.Diagnostics
windows.web.dll  6.2.10240.16384  Web Client DLL
windows.web.http.dll  6.2.10240.16384  Windows.Web.Http DLL
windowscodecs.dll  6.2.10240.16384  Microsoft Windows Codecs Library
windowscodecsext.dll  6.2.10240.16384  Microsoft Windows Codecs Extended Library
windowscodecsraw.dll  6.2.10240.16384  Microsoft Camera Codec Pack
windowslivelogin.dll  6.2.10240.16384  Microsoft® Account Login Helper
winfax.dll  6.2.10240.16384  Microsoft Fax API Support DLL
winhttp.dll  6.2.10240.16391  Windows HTTP Services
wininet.dll  11.0.10240.16391  Internet Extensions for Win32
wininitext.dll  6.2.10240.16384  WinInit Utility Extension DLL
winipcfile.dll  6.2.10240.16384  Microsoft Active Directory Rights Management Services File API
winipcsecproc.dll  6.2.10240.16384  Microsoft Active Directory Rights Management Services Desktop Security Processor
winipcsecproc_ssp.dll  6.2.10240.16384  Microsoft Active Directory Rights Management Services Server Security Processor
winipsec.dll  6.2.10240.16384  Windows IPsec SPD Client DLL
winlangdb.dll  6.2.10240.16384  Windows Bcp47 Language Database
winmde.dll  12.0.10240.16412  WinMDE DLL
winmm.dll  6.2.10240.16384  MCI API DLL
winmmbase.dll  6.2.10240.16384  Base Multimedia Extension API DLL
winmsipc.dll  6.2.10240.16384  Microsoft Active Directory Rights Management Services Client
winmsoirmprotector.dll  6.2.10240.16384  Windows Office file format IRM Protector
winnlsres.dll  6.2.10240.16384  NLSBuild resource DLL
winnsi.dll  6.2.10240.16384  Network Store Information RPC interface
winopcirmprotector.dll  6.2.10240.16384  Windows Office file format IRM Protector
winrnr.dll  6.2.10240.16384  LDAP RnR Provider DLL
winrscmd.dll  6.2.10240.16384  remtsvc
winrsmgr.dll  6.2.10240.16384  WSMan Shell API
winrssrv.dll  6.2.10240.16384  winrssrv
winrttracing.dll  6.2.10240.16384  Windows Diagnostics Tracing
winsatapi.dll  6.2.10240.16384  Windows System Assessment Tool API
winscard.dll  6.2.10240.16384  Microsoft Smart Card API
winshfhc.dll  6.2.10240.16384  File Risk Estimation
winsku.dll  6.2.10240.16384  Windows SKU Library
winsockhc.dll  6.2.10240.16384  Winsock Network Diagnostic Helper Class
winsqlite3.dll  3.8.8.3  SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine.
winsrpc.dll  6.2.10240.16384  WINS RPC LIBRARY
winsta.dll  6.2.10240.16384  Winstation Library
winsync.dll  2007.94.10240.16384  Synchronization Framework
winsyncmetastore.dll  2007.94.10240.16384  Windows Synchronization Metadata Store
winsyncproviders.dll  2007.94.10240.16384  Windows Synchronization Provider Framework
wintrust.dll  6.2.10240.16385  Microsoft Trust Verification APIs
wintypes.dll  6.2.10240.16384  Windows Base Types DLL
winusb.dll  6.2.10240.16384  Windows USB Driver User Library
wisp.dll  6.2.10240.16384  Microsoft Pen and Touch Input Component
wkscli.dll  6.2.10240.16384  Workstation Service Client DLL
wkspbrokerax.dll  6.2.10240.16384  Microsoft Workspace Broker ActiveX Control
wksprtps.dll  6.2.10240.16384  WorkspaceRuntime ProxyStub DLL
wlanapi.dll  6.2.10240.16384  Windows WLAN AutoConfig Client Side API DLL
wlancfg.dll  6.2.10240.16384  Wlan Netsh Helper DLL
wlanconn.dll  6.2.10240.16384  Dot11 Connection Flows
wlandlg.dll  6.2.10240.16384  Wireless Lan Dialog Wizards
wlangpui.dll  6.2.10240.16384  Wireless Network Policy Management Snap-in
wlanhlp.dll  6.2.10240.16384  Windows Wireless LAN 802.11 Client Side Helper API
wlanmm.dll  6.2.10240.16384  Dot11 Media and AdHoc Managers
wlanmsm.dll  6.2.10240.16384  Windows Wireless LAN 802.11 MSM DLL
wlanpref.dll  6.2.10240.16384  Wireless Preferred Networks
wlansec.dll  6.2.10240.16384  Windows Wireless LAN 802.11 MSM Security Module DLL
wlanui.dll  6.2.10240.16384  Wireless Profile UI
wlanutil.dll  6.2.10240.16384  Windows Wireless LAN 802.11 Utility DLL
wldap32.dll  6.2.10240.16384  Win32 LDAP API DLL
wldp.dll  6.2.10240.16384  Windows Lockdown Policy
wlgpclnt.dll  6.2.10240.16384  802.11 Group Policy Client
wlidcli.dll  6.2.10240.16384  Microsoft® Account Dynamic Link Library
wlidcredprov.dll  6.2.10240.16384  Microsoft® Account Credential Provider
wlidfdp.dll  6.2.10240.16384  Microsoft® Account Function Discovery Provider
wlidnsp.dll  6.2.10240.16384  Microsoft® Account Namespace Provider
wlidprov.dll  6.2.10240.16384  Microsoft® Account Provider
wlidres.dll  6.2.10240.16384  Microsoft® Windows Live ID Resource
wls0wndh.dll  6.2.10240.16384  Session0 Viewer Window Hook DLL
wmadmod.dll  6.2.10240.16384  Windows Media Audio Decoder
wmadmoe.dll  6.2.10240.16384  Windows Media Audio 10 Encoder/Transcoder
wmasf.dll  12.0.10240.16384  Windows Media ASF DLL
wmcodecdspps.dll  6.2.10240.16384  Windows Media CodecDSP Proxy Stub Dll
wmdmlog.dll  12.0.10240.16384  Windows Media Device Manager Logger
wmdmps.dll  12.0.10240.16384  Windows Media Device Manager Proxy Stub
wmdrmdev.dll  12.0.10240.16384  Windows Media DRM for Network Devices Registration DLL
wmdrmnet.dll  12.0.10240.16384  Windows Media DRM for Network Devices DLL
wmdrmsdk.dll  11.0.10240.16384  Windows Media DRM SDK DLL
wmerror.dll  12.0.10240.16384  Windows Media Error Definitions (English)
wmi.dll  6.2.10240.16384  WMI DC and DP functionality
wmiclnt.dll  6.2.10240.16384  WMI Client API
wmidcom.dll  6.2.10240.16384  WMI
wmidx.dll  12.0.10240.16384  Windows Media Indexer DLL
wmiprop.dll  6.2.10240.16384  WDM Provider Dynamic Property Page CoInstaller
wmitomi.dll  6.2.10240.16384  CIM Provider Adapter
wmnetmgr.dll  12.0.10240.16384  Windows Media Network Plugin Manager DLL
wmp.dll  12.0.10240.16397  Windows Media Player
wmpdui.dll  12.0.10240.16384  Windows Media Player UI Engine
wmpdxm.dll  12.0.10240.16384  Windows Media Player Extension
wmpeffects.dll  12.0.10240.16384  Windows Media Player Effects
wmphoto.dll  6.2.10240.16384  Windows Media Photo Codec
wmploc.dll  12.0.10240.16384  Windows Media Player Resources
wmpps.dll  12.0.10240.16384  Windows Media Player Proxy Stub Dll
wmpshell.dll  12.0.10240.16384  Windows Media Player Launcher
wmsgapi.dll  6.2.10240.16384  WinLogon IPC Client
wmspdmod.dll  6.2.10240.16384  Windows Media Audio Voice Decoder
wmspdmoe.dll  6.2.10240.16384  Windows Media Audio Voice Encoder
wmvcore.dll  12.0.10240.16384  Windows Media Playback/Authoring DLL
wmvdecod.dll  6.2.10240.16384  Windows Media Video Decoder
wmvdspa.dll  6.2.10240.16384  Windows Media Video DSP Components - Advanced
wmvencod.dll  6.2.10240.16384  Windows Media Video 9 Encoder
wmvsdecd.dll  6.2.10240.16384  Windows Media Screen Decoder
wmvsencd.dll  6.2.10240.16384  Windows Media Screen Encoder
wmvxencd.dll  6.2.10240.16384  Windows Media Video Encoder
wofutil.dll  6.2.10240.16384  Windows Overlay File System Filter user mode API
wordbreakers.dll    
workfoldersres.dll  6.2.9200.16384  Work Folders Resources
wow32.dll  6.2.10240.16384  Wow32
wpbcreds.dll  6.2.10240.16384  WP 8.1 upgrade support utility
wpc.dll  6.2.10240.16384  WPC Settings Library
wpdshext.dll  6.2.10240.16384  Portable Devices Shell Extension
wpdshserviceobj.dll  6.2.10240.16384  Windows Portable Device Shell Service Object
wpdsp.dll  6.2.10240.16384  WMDM Service Provider for Windows Portable Devices
wpkbdlayout.dll    
wpnapps.dll  6.2.10240.16412  Windows Push Notification Apps
wpportinglibrary.dll  6.2.10240.16384  <d> DLL
ws2_32.dll  6.2.10240.16384  Windows Socket 2.0 32-Bit DLL
ws2help.dll  6.2.10240.16384  Windows Socket 2.0 Helper for Windows NT
wscapi.dll  6.2.10240.16384  Windows Security Center API
wscinterop.dll  6.2.10240.16384  Windows Health Center WSC Interop
wscisvif.dll  6.2.10240.16384  Windows Security Center ISV API
wsclient.dll  6.2.10240.16384  Windows Store Licensing Client
wscproxystub.dll  6.2.10240.16384  Windows Security Center ISV Proxy Stub
wsdapi.dll  6.2.10240.16384  Web Services for Devices API DLL
wsdchngr.dll  6.2.10240.16384  WSD Challenge Component
wsecedit.dll  6.2.10240.16384  Security Configuration UI Module
wshbth.dll  6.2.10240.16384  Windows Sockets Helper DLL
wshcon.dll  5.812.10240.16384  Microsoft ® Windows Script Controller
wshelper.dll  6.2.10240.16384  Winsock Net shell helper DLL for winsock
wshext.dll  5.812.10240.16384  Microsoft ® Shell Extension for Windows Script Host
wship6.dll  6.2.10240.16384  Winsock2 Helper DLL (TL/IPv6)
wshirda.dll  6.2.10240.16384  Windows Sockets Helper DLL
wshqos.dll  6.2.10240.16384  QoS Winsock2 Helper DLL
wshrm.dll  6.2.10240.16384  Windows Sockets Helper DLL for PGM
wshtcpip.dll  6.2.10240.16384  Winsock2 Helper DLL (TL/IPv4)
wsmagent.dll  6.2.10240.16384  WinRM Agent
wsmanmigrationplugin.dll  6.2.10240.16384  WinRM Migration Plugin
wsmauto.dll  6.2.10240.16384  WSMAN Automation
wsmplpxy.dll  6.2.10240.16384  wsmplpxy
wsmres.dll  6.2.10240.16384  WSMan Resource DLL
wsmsvc.dll  6.2.10240.16384  WSMan Service
wsmwmipl.dll  6.2.10240.16384  WSMAN WMI Provider
wsnmp32.dll  6.2.10240.16384  Microsoft WinSNMP v2.0 Manager API
wsock32.dll  6.2.10240.16384  Windows Socket 32-Bit DLL
wsp_fs.dll  6.2.10240.16384  Windows Storage Provider for FileShare management
wsp_health.dll  6.2.10240.16384  Windows Storage Provider for Health Agent API
wsp_sr.dll  6.2.10240.16384  Windows Storage Provider for Storage Replication management
wsshared.dll  6.2.10240.16384  WSShared DLL
wssync.dll  6.2.10240.16384  Windows Store Licensing Sync Client
wtsapi32.dll  6.2.10240.16384  Windows Remote Desktop Session Host Server SDK APIs
wuapi.dll  6.2.10240.16397  Windows Update Client API
wudriver.dll  6.2.10240.16384  Windows Update WUDriver Stub
wups.dll  6.2.10240.16384  Windows Update client proxy stub
wvc.dll  6.2.10240.16384  Windows Visual Components
wwaapi.dll  6.2.10240.16384  Microsoft Web Application Host API library
wwaext.dll  6.2.10240.16384  Microsoft Web Application Host Extension library
wwanapi.dll  6.2.10240.16384  Mbnapi
wwapi.dll  8.1.10240.16384  WWAN API
xamldiagnostics.dll  6.2.10240.16384  Xaml Diagnostics
xaudio2_8.dll  6.2.10240.16384  XAudio2 Game Audio API
xaudio2_9.dll  6.2.10240.16384  XAudio2 Game Audio API
xblauthmanagerproxy.dll  6.2.10240.16384  XblAuthManagerProxy
xblauthtokenbrokerext.dll  6.2.10240.16384  Xbox Live Token Broker Extension
xblgamesaveproxy.dll  6.2.10240.16384  Xbox Connected Storage Service Proxies and Stubs
xinput1_4.dll  6.2.10240.16384  Microsoft Common Controller API
xinput9_1_0.dll  6.2.10240.16384  XNA Common Controller
xinputuap.dll  6.2.10240.16384  Microsoft Common Controller API
xmlfilter.dll  2008.0.10240.16384  XML Filter
xmllite.dll  6.2.10240.16384  Microsoft XmlLite Library
xmlprovi.dll  6.2.10240.16384  Network Provisioning Service Client API
xolehlp.dll  2001.12.10941.16384  Microsoft Distributed Transaction Coordinator Helper APIs DLL
xpsdocumenttargetprint.dll  6.2.10240.16384  XPS DocumentTargetPrint DLL
xpsfilt.dll  6.2.10240.16384  XML Paper Specification Document IFilter
xpsgdiconverter.dll  6.2.10240.16384  XPS to GDI Converter
xpsprint.dll  6.2.10240.16384  XPS Printing DLL
xpsrasterservice.dll  6.2.10240.16384  XPS Rasterization Service Component
xpsservices.dll  6.2.10240.16384  Xps Object Model in memory creation and deserialization
xpsshhdr.dll  6.2.10240.16384  OPC Shell Metadata Handler
xwizards.dll  6.2.10240.16384  Extensible Wizards Manager Module
xwreg.dll  6.2.10240.16384  Extensible Wizard Registration Manager Module
xwtpdui.dll  6.2.10240.16384  Extensible Wizard Type Plugin for DUI
xwtpw32.dll  6.2.10240.16384  Extensible Wizard Type Plugin for Win32
zipfldr.dll  6.2.10240.16384  Compressed (zipped) Folders
ztrace_ca.dll  6.2.10240.16384  Ztrace_ca DLL
ztrace_maps.dll  6.2.10240.16384  ZTrace Event Resources


Certificates

 
[ Certificate Authorities / Microsoft IT SSL SHA2 ]
 
Certificate Properties:
Version  V3
Signature Algorithm  SHA256 RSA (1.2.840.113549.1.1.11)
Serial Number  A9 9A 27 07
Validity  19/12/2013 - 19/12/2017
MD5 Hash  8C1214A3C3A222F6F5E9A67E37756254
SHA1 Hash  948E1652586240D453287AB69CAEB8F2F4F02117
 
Issuer Properties:
Common Name  Baltimore CyberTrust Root
Organization  Baltimore
Organizational Unit  CyberTrust
Country  Ireland
 
Subject Properties:
Common Name  Microsoft IT SSL SHA2
Organization  Microsoft Corporation
Organizational Unit  Microsoft IT
Country  United States
Locality Name  Redmond
State/Province  Washington
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Certificate Authorities / Microsoft Windows Hardware Compatibility ]
 
Certificate Properties:
Version  V3
Signature Algorithm  MD5 RSA (1.2.840.113549.1.1.4)
Serial Number  A0 69 FE 8F 9A 3F D1 11 8B 19
Validity  01/10/1997 - 31/12/2002
MD5 Hash  09C254BDE4EA50F26D1497F29C51AF6D
SHA1 Hash  109F1CAED645BB78B3EA2B94C0697C740733031C
 
Issuer Properties:
Common Name  Microsoft Root Authority
Organizational Unit  Copyright (c) 1997 Microsoft Corp.
Organizational Unit  Microsoft Corporation
 
Subject Properties:
Common Name  Microsoft Windows Hardware Compatibility
Organizational Unit  Copyright (c) 1997 Microsoft Corp.
Organizational Unit  Microsoft Windows Hardware Compatibility Intermediate CA
Organizational Unit  Microsoft Corporation
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Certificate Authorities / Root Agency ]
 
Certificate Properties:
Version  V3
Signature Algorithm  MD5 RSA (1.2.840.113549.1.1.4)
Serial Number  F4 35 5C AA D4 B8 CF 11 8A 64 00 AA 00 6C 37 06
Validity  29/05/1996 - 01/01/2040
MD5 Hash  C0A723F0DA35026B21EDB17597F1D470
SHA1 Hash  FEE449EE0E3965A5246F000E87FDE2A065FD89D4
 
Issuer Properties:
Common Name  Root Agency
 
Subject Properties:
Common Name  Root Agency
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Certificate Authorities / www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign ]
 
Certificate Properties:
Version  V3
Signature Algorithm  SHA1 RSA (1.2.840.113549.1.1.5)
Serial Number  8F 07 93 3F 23 98 60 92 0F 2F D0 B4 BA EB FC 46
Validity  17/04/1997 - 25/10/2016
MD5 Hash  ACD80EA27BB72CE700DC22724A5F1E92
SHA1 Hash  D559A586669B08F46A30A133F8A9ED3D038E2EA8
 
Issuer Properties:
Organization  VeriSign, Inc.
Organizational Unit  Class 3 Public Primary Certification Authority
Country  United States
 
Subject Properties:
Organization  VeriSign Trust Network
Organizational Unit  VeriSign, Inc.
Organizational Unit  VeriSign International Server CA - Class 3
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / Baltimore CyberTrust Root ]
 
Certificate Properties:
Version  V3
Signature Algorithm  SHA1 RSA (1.2.840.113549.1.1.5)
Serial Number  B9 00 00 02
Validity  12/05/2000 - 13/05/2025
MD5 Hash  ACB694A59C17E0D791529BB19706A6E4
SHA1 Hash  D4DE20D05E66FC53FE1A50882C78DB2852CAE474
 
Issuer Properties:
Common Name  Baltimore CyberTrust Root
Organization  Baltimore
Organizational Unit  CyberTrust
Country  Ireland
 
Subject Properties:
Common Name  Baltimore CyberTrust Root
Organization  Baltimore
Organizational Unit  CyberTrust
Country  Ireland
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / DigiCert ]
 
Certificate Properties:
Version  V3
Signature Algorithm  SHA1 RSA (1.2.840.113549.1.1.5)
Serial Number  39 30 F0 1B FC 60 E5 8F FE 46 D8 17 E5 E0 E7 0C
Validity  10/11/2006 - 10/11/2031
MD5 Hash  87CE0B7B2A0E4900E158719B37A89372
SHA1 Hash  0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
 
Issuer Properties:
Common Name  DigiCert Assured ID Root CA
Organization  DigiCert Inc
Organizational Unit  www.digicert.com
Country  United States
 
Subject Properties:
Common Name  DigiCert Assured ID Root CA
Organization  DigiCert Inc
Organizational Unit  www.digicert.com
Country  United States
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / DigiCert ]
 
Certificate Properties:
Version  V3
Signature Algorithm  SHA1 RSA (1.2.840.113549.1.1.5)
Serial Number  4A C7 91 59 C9 6A 75 A1 B1 46 42 90 56 E0 3B 08
Validity  10/11/2006 - 10/11/2031
MD5 Hash  79E4A9840D7D3A96D7C04FE2434C892E
SHA1 Hash  A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436
 
Issuer Properties:
Common Name  DigiCert Global Root CA
Organization  DigiCert Inc
Organizational Unit  www.digicert.com
Country  United States
 
Subject Properties:
Common Name  DigiCert Global Root CA
Organization  DigiCert Inc
Organizational Unit  www.digicert.com
Country  United States
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / DigiCert ]
 
Certificate Properties:
Version  V3
Signature Algorithm  SHA1 RSA (1.2.840.113549.1.1.5)
Serial Number  77 25 46 AE F2 79 0B 8F 9B 40 0B 6A 26 5C AC 02
Validity  10/11/2006 - 10/11/2031
MD5 Hash  D474DE575C39B2D39C8583C5C065498A
SHA1 Hash  5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
 
Issuer Properties:
Common Name  DigiCert High Assurance EV Root CA
Organization  DigiCert Inc
Organizational Unit  www.digicert.com
Country  United States
 
Subject Properties:
Common Name  DigiCert High Assurance EV Root CA
Organization  DigiCert Inc
Organizational Unit  www.digicert.com
Country  United States
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / Entrust (2048) ]
 
Certificate Properties:
Version  V3
Signature Algorithm  SHA1 RSA (1.2.840.113549.1.1.5)
Serial Number  F8 DE 63 38
Validity  24/12/1999 - 24/07/2029
MD5 Hash  EE2931BC327E9AE6E8B5F751B4347190
SHA1 Hash  503006091D97D4F5AE39F7CBE7927D7D652D3431
 
Issuer Properties:
Common Name  Entrust.net Certification Authority (2048)
Organization  Entrust.net
Organizational Unit  www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)
Organizational Unit  (c) 1999 Entrust.net Limited
 
Subject Properties:
Common Name  Entrust.net Certification Authority (2048)
Organization  Entrust.net
Organizational Unit  www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)
Organizational Unit  (c) 1999 Entrust.net Limited
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / GeoTrust Global CA ]
 
Certificate Properties:
Version  V3
Signature Algorithm  SHA1 RSA (1.2.840.113549.1.1.5)
Serial Number  56 34 02
Validity  21/05/2002 - 21/05/2022
MD5 Hash  F775AB29FB514EB7775EFF053C998EF5
SHA1 Hash  DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212
 
Issuer Properties:
Common Name  GeoTrust Global CA
Organization  GeoTrust Inc.
Country  United States
 
Subject Properties:
Common Name  GeoTrust Global CA
Organization  GeoTrust Inc.
Country  United States
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / GeoTrust Primary Certification Authority - G3 ]
 
Certificate Properties:
Version  V3
Signature Algorithm  SHA256 RSA (1.2.840.113549.1.1.11)
Serial Number  1F 0F 18 C3 A9 27 F6 41 4B 79 B2 19 94 6E AC 15
Validity  02/04/2008 - 02/12/2037
MD5 Hash  B5E83436C910445848706D2E83D4B805
SHA1 Hash  039EEDB80BE7A03C6953893B20D2D9323A4C2AFD
 
Issuer Properties:
Common Name  GeoTrust Primary Certification Authority - G3
Organization  GeoTrust Inc.
Organizational Unit  (c) 2008 GeoTrust Inc. - For authorized use only
Country  United States
 
Subject Properties:
Common Name  GeoTrust Primary Certification Authority - G3
Organization  GeoTrust Inc.
Organizational Unit  (c) 2008 GeoTrust Inc. - For authorized use only
Country  United States
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / GeoTrust ]
 
Certificate Properties:
Version  V3
Signature Algorithm  SHA1 RSA (1.2.840.113549.1.1.5)
Serial Number  CF F4 DE 35
Validity  22/08/1998 - 22/08/2018
MD5 Hash  67CB9DC013248A829BB2171ED11BECD4
SHA1 Hash  D23209AD23D314232174E40D7F9D62139786633A
 
Issuer Properties:
Organization  Equifax
Organizational Unit  Equifax Secure Certificate Authority
Country  United States
 
Subject Properties:
Organization  Equifax
Organizational Unit  Equifax Secure Certificate Authority
Country  United States
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / GlobalSign ]
 
Certificate Properties:
Version  V3
Signature Algorithm  SHA1 RSA (1.2.840.113549.1.1.5)
Serial Number  94 C3 5A 4B 15 01 00 00 00 00 04
Validity  01/09/1998 - 28/01/2028
MD5 Hash  3E455215095192E1B75D379FB187298A
SHA1 Hash  B1BC968BD4F49D622AA89A81F2150152A41D829C
 
Issuer Properties:
Common Name  GlobalSign Root CA
Organization  GlobalSign nv-sa
Organizational Unit  Root CA
Country  Belgium
 
Subject Properties:
Common Name  GlobalSign Root CA
Organization  GlobalSign nv-sa
Organizational Unit  Root CA
Country  Belgium
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / Go Daddy Class 2 Certification Authority ]
 
Certificate Properties:
Version  V3
Signature Algorithm  SHA1 RSA (1.2.840.113549.1.1.5)
Serial Number  00
Validity  29/06/2004 - 29/06/2034
MD5 Hash  91DE0625ABDAFD32170CBB25172A8467
SHA1 Hash  2796BAE63F1801E277261BA0D77770028F20EEE4
 
Issuer Properties:
Organization  The Go Daddy Group, Inc.
Organizational Unit  Go Daddy Class 2 Certification Authority
Country  United States
 
Subject Properties:
Organization  The Go Daddy Group, Inc.
Organizational Unit  Go Daddy Class 2 Certification Authority
Country  United States
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / GTE CyberTrust Global Root ]
 
Certificate Properties:
Version  V1
Signature Algorithm  MD5 RSA (1.2.840.113549.1.1.4)
Serial Number  A5 01
Validity  13/08/1998 - 14/08/2018
MD5 Hash  CA3DD368F1035CD032FAB82B59E85ADB
SHA1 Hash  97817950D81C9670CC34D809CF794431367EF474
 
Issuer Properties:
Common Name  GTE CyberTrust Global Root
Organization  GTE Corporation
Organizational Unit  GTE CyberTrust Solutions, Inc.
Country  United States
 
Subject Properties:
Common Name  GTE CyberTrust Global Root
Organization  GTE Corporation
Organizational Unit  GTE CyberTrust Solutions, Inc.
Country  United States
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / Microsoft Authenticode(tm) Root ]
 
Certificate Properties:
Version  V3
Signature Algorithm  MD5 RSA (1.2.840.113549.1.1.4)
Serial Number  01
Validity  01/01/1995 - 01/01/2000
MD5 Hash  DC6D6FAF897CDD17332FB5BA9035E9CE
SHA1 Hash  7F88CD7223F3C813818C994614A89C99FA3B5247
 
Issuer Properties:
Common Name  Microsoft Authenticode(tm) Root Authority
Organization  MSFT
Country  United States
 
Subject Properties:
Common Name  Microsoft Authenticode(tm) Root Authority
Organization  MSFT
Country  United States
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / Microsoft Root Authority ]
 
Certificate Properties:
Version  V3
Signature Algorithm  MD5 RSA (1.2.840.113549.1.1.4)
Serial Number  40 DF EC 63 F6 3E D1 11 88 3C 3C 8B 00 C1 00
Validity  10/01/1997 - 31/12/2020
MD5 Hash  2A954ECA79B2874573D92D90BAF99FB6
SHA1 Hash  A43489159A520F0D93D032CCAF37E7FE20A8B419
 
Issuer Properties:
Common Name  Microsoft Root Authority
Organizational Unit  Copyright (c) 1997 Microsoft Corp.
Organizational Unit  Microsoft Corporation
 
Subject Properties:
Common Name  Microsoft Root Authority
Organizational Unit  Copyright (c) 1997 Microsoft Corp.
Organizational Unit  Microsoft Corporation
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / Microsoft Root Certificate Authority 2010 ]
 
Certificate Properties:
Version  V3
Signature Algorithm  SHA256 RSA (1.2.840.113549.1.1.11)
Serial Number  AA 39 43 6B 58 9B 9A 44 AC 44 BA BF 25 3A CC 28
Validity  24/06/2010 - 24/06/2035
MD5 Hash  A266BB7DCC38A562631361BBF61DD11B
SHA1 Hash  3B1EFD3A66EA28B16697394703A72CA340A05BD5
 
Issuer Properties:
Common Name  Microsoft Root Certificate Authority 2010
Organization  Microsoft Corporation
Country  United States
Locality Name  Redmond
State/Province  Washington
 
Subject Properties:
Common Name  Microsoft Root Certificate Authority 2010
Organization  Microsoft Corporation
Country  United States
Locality Name  Redmond
State/Province  Washington
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / Microsoft Root Certificate Authority 2011 ]
 
Certificate Properties:
Version  V3
Signature Algorithm  SHA256 RSA (1.2.840.113549.1.1.11)
Serial Number  44 E1 42 6C D6 69 B5 43 96 B2 9F FC B5 C8 8B 3F
Validity  23/03/2011 - 23/03/2036
MD5 Hash  CE0490D5E56C34A5AE0BE98BE581185D
SHA1 Hash  8F43288AD272F3103B6FB1428485EA3014C0BCFE
 
Issuer Properties:
Common Name  Microsoft Root Certificate Authority 2011
Organization  Microsoft Corporation
Country  United States
Locality Name  Redmond
State/Province  Washington
 
Subject Properties:
Common Name  Microsoft Root Certificate Authority 2011
Organization  Microsoft Corporation
Country  United States
Locality Name  Redmond
State/Province  Washington
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / Microsoft Root Certificate Authority ]
 
Certificate Properties:
Version  V3
Signature Algorithm  SHA1 RSA (1.2.840.113549.1.1.5)
Serial Number  65 2E 13 07 F4 58 73 4C AD A5 A0 4A A1 16 AD 79
Validity  10/05/2001 - 10/05/2021
MD5 Hash  E1C07EA0AABBD4B77B84C228117808A7
SHA1 Hash  CDD4EEAE6000AC7F40C3802C171E30148030C072
 
Issuer Properties:
Common Name  Microsoft Root Certificate Authority
 
Subject Properties:
Common Name  Microsoft Root Certificate Authority
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / Microsoft Timestamp Root ]
 
Certificate Properties:
Version  V1
Signature Algorithm  MD5 RSA (1.2.840.113549.1.1.4)
Serial Number  01
Validity  13/05/1997 - 31/12/1999
MD5 Hash  556EBEF54C1D7C0360C43418BC9649C1
SHA1 Hash  245C97DF7514E7CF2DF8BE72AE957B9E04741E85
 
Issuer Properties:
Organization  Microsoft Trust Network
Organizational Unit  Microsoft Corporation
Organizational Unit  Microsoft Time Stamping Service Root
 
Subject Properties:
Organization  Microsoft Trust Network
Organizational Unit  Microsoft Corporation
Organizational Unit  Microsoft Time Stamping Service Root
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / QuoVadis Root Certification Authority ]
 
Certificate Properties:
Version  V3
Signature Algorithm  SHA1 RSA (1.2.840.113549.1.1.5)
Serial Number  8B 50 B6 3A
Validity  19/03/2001 - 17/03/2021
MD5 Hash  27DE36FE72B70003009DF4F01E6C0424
SHA1 Hash  DE3F40BD5093D39B6C60F6DABC076201008976C9
 
Issuer Properties:
Common Name  QuoVadis Root Certification Authority
Organization  QuoVadis Limited
Organizational Unit  Root Certification Authority
Country  Bermuda
 
Subject Properties:
Common Name  QuoVadis Root Certification Authority
Organization  QuoVadis Limited
Organizational Unit  Root Certification Authority
Country  Bermuda
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / StartCom Certification Authority G2 ]
 
Certificate Properties:
Version  V3
Signature Algorithm  SHA256 RSA (1.2.840.113549.1.1.11)
Serial Number  3B
Validity  01/01/2010 - 01/01/2040
MD5 Hash  784BFB9E64820AD3B84C62F364F29064
SHA1 Hash  31F1FD68226320EEC63B3F9DEA4A3E537C7C3917
 
Issuer Properties:
Common Name  StartCom Certification Authority G2
Organization  StartCom Ltd.
Country  Israel
 
Subject Properties:
Common Name  StartCom Certification Authority G2
Organization  StartCom Ltd.
Country  Israel
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / Symantec Enterprise Mobile Root for Microsoft ]
 
Certificate Properties:
Version  V3
Signature Algorithm  SHA256 RSA (1.2.840.113549.1.1.11)
Serial Number  CE D8 F4 BD A9 29 66 0F 7B 90 BF 9E 2F 55 6B 0F
Validity  15/03/2012 - 15/03/2032
MD5 Hash  71D0A5FF2D59741694BEE37D1E5C860B
SHA1 Hash  92B46C76E13054E104F230517E6E504D43AB10B5
 
Issuer Properties:
Common Name  Symantec Enterprise Mobile Root for Microsoft
Organization  Symantec Corporation
Country  United States
 
Subject Properties:
Common Name  Symantec Enterprise Mobile Root for Microsoft
Organization  Symantec Corporation
Country  United States
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / Thawte Timestamping CA ]
 
Certificate Properties:
Version  V3
Signature Algorithm  MD5 RSA (1.2.840.113549.1.1.4)
Serial Number  00
Validity  01/01/1997 - 01/01/2021
MD5 Hash  7F667A71D3EB6978209A51149D83DA20
SHA1 Hash  BE36A4562FB2EE05DBB3D32323ADF445084ED656
 
Issuer Properties:
Common Name  Thawte Timestamping CA
Organization  Thawte
Organizational Unit  Thawte Certification
Country  South Africa
Locality Name  Durbanville
State/Province  Western Cape
 
Subject Properties:
Common Name  Thawte Timestamping CA
Organization  Thawte
Organizational Unit  Thawte Certification
Country  South Africa
Locality Name  Durbanville
State/Province  Western Cape
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / thawte ]
 
Certificate Properties:
Version  V3
Signature Algorithm  SHA1 RSA (1.2.840.113549.1.1.5)
Serial Number  6D 2B DB 37 CE 2F F4 49 EC ED D5 20 57 D5 4E 34
Validity  17/11/2006 - 17/07/2036
MD5 Hash  8CCADC0B22CEF5BE72AC411A11A8D812
SHA1 Hash  91C6D6EE3E8AC86384E548C299295C756C817B81
 
Issuer Properties:
Common Name  thawte Primary Root CA
Organization  thawte, Inc.
Organizational Unit  Certification Services Division
Organizational Unit  (c) 2006 thawte, Inc. - For authorized use only
Country  United States
 
Subject Properties:
Common Name  thawte Primary Root CA
Organization  thawte, Inc.
Organizational Unit  Certification Services Division
Organizational Unit  (c) 2006 thawte, Inc. - For authorized use only
Country  United States
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / USERTrust ]
 
Certificate Properties:
Version  V3
Signature Algorithm  SHA1 RSA (1.2.840.113549.1.1.5)
Serial Number  69 AD A9 06 68 2A D3 11 B4 21 00 50 8B 0C BE 44
Validity  24/06/1999 - 24/06/2019
MD5 Hash  B3A53E77216DAC4AC0C9FBD5413DCA06
SHA1 Hash  58119F0E128287EA50FDD987456F4F78DCFAD6D4
 
Issuer Properties:
Common Name  UTN - DATACorp SGC
Organization  The USERTRUST Network
Organizational Unit  http://www.usertrust.com
Country  United States
Locality Name  Salt Lake City
State/Province  UT
 
Subject Properties:
Common Name  UTN - DATACorp SGC
Organization  The USERTRUST Network
Organizational Unit  http://www.usertrust.com
Country  United States
Locality Name  Salt Lake City
State/Province  UT
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / USERTrust ]
 
Certificate Properties:
Version  V3
Signature Algorithm  SHA1 RSA (1.2.840.113549.1.1.5)
Serial Number  01
Validity  30/05/2000 - 30/05/2020
MD5 Hash  1D3554048578B03F42424DBF20730A3F
SHA1 Hash  02FAF3E291435468607857694DF5E45B68851868
 
Issuer Properties:
Common Name  AddTrust External CA Root
Organization  AddTrust AB
Organizational Unit  AddTrust External TTP Network
Country  Sweden
 
Subject Properties:
Common Name  AddTrust External CA Root
Organization  AddTrust AB
Organizational Unit  AddTrust External TTP Network
Country  Sweden
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / VeriSign Class 3 Public Primary CA ]
 
Certificate Properties:
Version  V1
Signature Algorithm  MD2 RSA (1.2.840.113549.1.1.2)
Serial Number  BF BA CC 03 7B CA 38 B6 34 29 D9 10 1D E4 BA 70
Validity  29/01/1996 - 02/08/2028
MD5 Hash  10FC635DF6263E0DF325BE5F79CD6767
SHA1 Hash  742C3192E607E424EB4549542BE1BBC53E6174E2
 
Issuer Properties:
Organization  VeriSign, Inc.
Organizational Unit  Class 3 Public Primary Certification Authority
Country  United States
 
Subject Properties:
Organization  VeriSign, Inc.
Organizational Unit  Class 3 Public Primary Certification Authority
Country  United States
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / VeriSign Time Stamping CA ]
 
Certificate Properties:
Version  V1
Signature Algorithm  MD5 RSA (1.2.840.113549.1.1.4)
Serial Number  A3 DC 5D 15 5F 73 5D A5 1C 59 82 8C 38 D2 19 4A
Validity  12/05/1997 - 08/01/2004
MD5 Hash  EBB04F1D3A2E372F1DDA6E27D6B680FA
SHA1 Hash  18F7C1FCC3090203FD5BAA2F861A754976C8DD25
 
Issuer Properties:
Organization  VeriSign Trust Network
Organizational Unit  VeriSign, Inc.
Organizational Unit  VeriSign Time Stamping Service Root
Organizational Unit  NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
 
Subject Properties:
Organization  VeriSign Trust Network
Organizational Unit  VeriSign, Inc.
Organizational Unit  VeriSign Time Stamping Service Root
Organizational Unit  NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)
 
[ Root Certificates / VeriSign ]
 
Certificate Properties:
Version  V3
Signature Algorithm  SHA1 RSA (1.2.840.113549.1.1.5)
Serial Number  4A 3B 6B CC CD 58 21 4A BB E8 7D 26 9E D1 DA 18
Validity  08/11/2006 - 17/07/2036
MD5 Hash  CB17E431673EE209FE455793F30AFA1C
SHA1 Hash  4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
 
Issuer Properties:
Common Name  VeriSign Class 3 Public Primary Certification Authority - G5
Organization  VeriSign, Inc.
Organizational Unit  VeriSign Trust Network
Organizational Unit  (c) 2006 VeriSign, Inc. - For authorized use only
Country  United States
 
Subject Properties:
Common Name  VeriSign Class 3 Public Primary Certification Authority - G5
Organization  VeriSign, Inc.
Organizational Unit  VeriSign Trust Network
Organizational Unit  (c) 2006 VeriSign, Inc. - For authorized use only
Country  United States
 
Public Key Properties:
Public Key Algorithm  RSA (1.2.840.113549.1.1.1)


UpTime

 
Current Session:
Last Shutdown Time  26/08/2015 12:03:20
Last Boot Time  27/08/2015 16:42:34
Current Time  27/08/2015 17:52:30
UpTime  4234 sec (0 days, 1 hours, 10 min, 34 sec)
 
UpTime Statistics:
First Boot Time  20/08/2015 15:27:20
First Shutdown Time  20/08/2015 15:26:34
Total UpTime  478088 sec (5 days, 12 hours, 48 min, 8 sec)
Total DownTime  135498 sec (1 days, 13 hours, 38 min, 18 sec)
Longest UpTime  470068 sec (5 days, 10 hours, 34 min, 28 sec)
Longest DownTime  103154 sec (1 days, 4 hours, 39 min, 14 sec)
Total Reboots  5
System Availability  77.92%
 
Bluescreen Statistics:
First Bluescreen Time  20/08/2015 15:40:48
Last Bluescreen Time  27/08/2015 16:42:39
Total Bluescreens  3
 
Information:
Information  The above statistics are based on System Event Log entries


Share

 
Share Name  Type  Remark  Local Path
ADMIN$  Folder  Remote Admin  C:\Windows
C$  Folder  Default share  C:\
IPC$  IPC  Remote IPC  


Account Security

 
Account Security Properties:
Computer Role  Primary
Domain Name  LAPTOP-5DNN8R19
Primary Domain Controller  Not Specified
Forced Logoff Time  Disabled
Min / Max Password Age  0 / 42 days
Minimum Password Length  0 chars
Password History Length  Disabled
Lockout Threshold  Disabled
Lockout Duration  30 min
Lockout Observation Window  30 min


Logon

 
User  Full Name  Logon Server  Logon Domain
galffycsaba@gmail.com      MicrosoftAccount
galffycsaba@gmail.com      MicrosoftAccount


Users

 
[ Administrator ]
 
User Properties:
User Name  Administrator
Full Name  Administrator
Comment  Built-in account for administering the computer/domain
Member Of Groups  Administrators
Logon Count  0
Disk Quota  -
 
User Features:
Logon Script Executed  Yes
Account Disabled  Yes
Locked Out User  No
Home Folder Required  No
Password Required  Yes
Read-Only Password  No
Password Never Expires  Yes
 
[ DefaultAccount ]
 
User Properties:
User Name  DefaultAccount
Full Name  DefaultAccount
Comment  A user account managed by the system.
Member Of Groups  System Managed Accounts Group
Logon Count  0
Disk Quota  -
 
User Features:
Logon Script Executed  Yes
Account Disabled  Yes
Locked Out User  No
Home Folder Required  No
Password Required  No
Read-Only Password  No
Password Never Expires  Yes
 
[ galff ]
 
User Properties:
User Name  galff
Full Name  Gálffy Csaba
Member Of Groups  Administrators; Users
Logon Count  0
Disk Quota  -
 
User Features:
Logon Script Executed  Yes
Account Disabled  No
Locked Out User  No
Home Folder Required  No
Password Required  Yes
Read-Only Password  No
Password Never Expires  Yes
 
[ Guest ]
 
User Properties:
User Name  Guest
Full Name  Guest
Comment  Built-in account for guest access to the computer/domain
Member Of Groups  Guests
Logon Count  0
Disk Quota  -
 
User Features:
Logon Script Executed  Yes
Account Disabled  Yes
Locked Out User  No
Home Folder Required  No
Password Required  No
Read-Only Password  Yes
Password Never Expires  Yes


Local Groups

 
[ Administrators ]
 
Local Group Properties:
Comment  Administrators have complete and unrestricted access to the computer/domain
 
Group Members:
Administrator  
galff  Gálffy Csaba
 
[ Distributed COM Users ]
 
Local Group Properties:
Comment  Members are allowed to launch, activate and use Distributed COM objects on this machine.
 
[ Event Log Readers ]
 
Local Group Properties:
Comment  Members of this group can read event logs from local machine
 
[ Guests ]
 
Local Group Properties:
Comment  Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
 
Group Members:
Guest  
 
[ IIS_IUSRS ]
 
Local Group Properties:
Comment  Built-in group used by Internet Information Services.
 
Group Members:
IUSR  
 
[ Performance Log Users ]
 
Local Group Properties:
Comment  Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer
 
[ Performance Monitor Users ]
 
Local Group Properties:
Comment  Members of this group can access performance counter data locally and remotely
 
[ Remote Management Users ]
 
Local Group Properties:
Comment  Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user.
 
[ System Managed Accounts Group ]
 
Local Group Properties:
Comment  Members of this group are managed by the system.
 
Group Members:
DefaultAccount  
 
[ Users ]
 
Local Group Properties:
Comment  Users are prevented from making accidental or intentional system-wide changes and can run most applications
 
Group Members:
Authenticated Users  
galff  Gálffy Csaba
INTERACTIVE  


Global Groups

 
[ None ]
 
Global Group Properties:
Comment  Ordinary users
 
Group Members:
Administrator  
DefaultAccount  
galff  Gálffy Csaba
Guest  


Windows Video

 
[ Intel(R) HD Graphics ]
 
Video Adapter Properties:
Device Description  Intel(R) HD Graphics
Adapter String  Intel(R) HD Graphics
BIOS String  Intel Video BIOS
Chip Type  Intel(R) HD Graphics
DAC Type  Internal
Driver Date  17/07/2015
Driver Version  10.18.15.4256
Driver Provider  Intel Corporation
Memory Size  1 GB
 
Installed Drivers:
igdumdim64  10.18.15.4256
igd10iumd64  10.18.15.4256
igd10iumd64  10.18.15.4256
igd12umd64  10.18.15.4256
igdumdim32  10.18.15.4256
igd10iumd32  10.18.15.4256
igd10iumd32  10.18.15.4256
igd12umd32  10.18.15.4256
 
Video Adapter Manufacturer:
Company Name  Intel Corporation
Product Information  http://www.intel.com/products/chipsets
Driver Download  http://support.intel.com/support/graphics
Driver Update  http://www.aida64.com/driver-updates
 
[ Intel(R) HD Graphics ]
 
Video Adapter Properties:
Device Description  Intel(R) HD Graphics
Adapter String  Intel(R) HD Graphics
BIOS String  Intel Video BIOS
Chip Type  Intel(R) HD Graphics
DAC Type  Internal
Driver Date  17/07/2015
Driver Version  10.18.15.4256
Driver Provider  Intel Corporation
Memory Size  1 GB
 
Installed Drivers:
igdumdim64  10.18.15.4256
igd10iumd64  10.18.15.4256
igd10iumd64  10.18.15.4256
igd12umd64  10.18.15.4256
igdumdim32  10.18.15.4256
igd10iumd32  10.18.15.4256
igd10iumd32  10.18.15.4256
igd12umd32  10.18.15.4256
 
Video Adapter Manufacturer:
Company Name  Intel Corporation
Product Information  http://www.intel.com/products/chipsets
Driver Download  http://support.intel.com/support/graphics
Driver Update  http://www.aida64.com/driver-updates
 
[ Intel(R) HD Graphics ]
 
Video Adapter Properties:
Device Description  Intel(R) HD Graphics
Adapter String  Intel(R) HD Graphics
BIOS String  Intel Video BIOS
Chip Type  Intel(R) HD Graphics
DAC Type  Internal
Driver Date  17/07/2015
Driver Version  10.18.15.4256
Driver Provider  Intel Corporation
Memory Size  1 GB
 
Installed Drivers:
igdumdim64  10.18.15.4256
igd10iumd64  10.18.15.4256
igd10iumd64  10.18.15.4256
igd12umd64  10.18.15.4256
igdumdim32  10.18.15.4256
igd10iumd32  10.18.15.4256
igd10iumd32  10.18.15.4256
igd12umd32  10.18.15.4256
 
Video Adapter Manufacturer:
Company Name  Intel Corporation
Product Information  http://www.intel.com/products/chipsets
Driver Download  http://support.intel.com/support/graphics
Driver Update  http://www.aida64.com/driver-updates


GPU

 
[ Integrated: Intel Cherry Trail / Braswell SoC - Integrated Graphics Controller (16 EU) ]
 
Graphics Processor Properties:
Video Adapter  Intel Cherry Trail / Braswell SoC - Integrated Graphics Controller (16 EU)
GPU Code Name  Cherry Trail
PCI Device  8086-22B0 / 1043-1BDD (Rev 20)
Process Technology  14 nm
Bus Type  Integrated
GPU Clock  600 MHz
RAMDAC Clock  350 MHz
Pixel Pipelines  4
TMU Per Pipeline  1
Unified Shaders  64 (v5.0)
DirectX Hardware Support  DirectX v11.1
WDDM Version  WDDM 2.0
 
Architecture:
Architecture  Intel Gen8LP
Execution Units (EU)  16
Local Data Share  64 KB
 
Theoretical Peak Performance:
Pixel Fillrate  2400 MPixel/s @ 600 MHz
Texel Fillrate  2400 MTexel/s @ 600 MHz
Single-Precision FLOPS  153.6 GFLOPS @ 600 MHz
 
Utilization:
Dedicated Memory  0 MB
Dynamic Memory  54 MB
 
Graphics Processor Manufacturer:
Company Name  Intel Corporation
Product Information  http://www.intel.com/products/chipsets
Driver Download  http://support.intel.com/support/graphics
Driver Update  http://www.aida64.com/driver-updates


Monitor

 
[ Generic PnP Monitor [NoDB] ]
 
Monitor Properties:
Monitor Name  Generic PnP Monitor [NoDB]
Monitor ID  AUO20D4
Manufacture Date  2002
Serial Number  12003
Max. Visible Display Size  14 cm x 22 cm (10.3")
Picture Aspect Ratio  5:4
Horizontal Frequency  45 kHz
Vertical Frequency  60 Hz
Maximum Pixel Clock  80 MHz
Gamma  2.20
DPMS Mode Support  Active-Off
 
Supported Video Modes:
800 x 1280  Pixel Clock: 75.00 MHz
 
[ Intel AVStream Camera ]
 
Monitor Properties:
Monitor Name  Intel AVStream Camera
Monitor ID  INT22B8
Serial Number  None
Max. Visible Display Size  4095 mm x 4095 mm (228.0")
Picture Aspect Ratio  5:4
Gamma  3.55
DPMS Mode Support  Standby, Suspend, Active-Off
 
Supported Video Modes:
640 x 480  60 Hz
640 x 480  67 Hz
640 x 480  72 Hz
640 x 480  75 Hz
720 x 400  70 Hz
720 x 400  88 Hz
800 x 600  56 Hz
800 x 600  60 Hz
800 x 600  72 Hz
800 x 600  75 Hz
832 x 624  75 Hz
1024 x 768  60 Hz
1024 x 768  72 Hz
1024 x 768  75 Hz
1024 x 768  87 Hz
1152 x 870  75 Hz
1280 x 1024  75 Hz
2288 x 1287  123 Hz
4095 x 4095  Pixel Clock: 655.35 MHz


Desktop

 
Desktop Properties:
Device Technology  Raster Display
Resolution  1280 x 800
Color Depth  32-bit
Color Planes  1
Font Resolution  96 dpi
Pixel Width / Height  36 / 36
Pixel Diagonal  51
Vertical Refresh Rate  60 Hz
Desktop Wallpaper  C:\Users\galff\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\photo-1428591501234-1ffcb0d6871f.jpg
 
Desktop Effects:
Combo-Box Animation  Enabled
Drop Shadow Effect  Enabled
Flat Menu Effect  Enabled
Font Smoothing  Enabled
ClearType  Enabled
Full Window Dragging  Enabled
Gradient Window Title Bars  Enabled
Hide Menu Access Keys  Enabled
Hot Tracking Effect  Enabled
Icon Title Wrapping  Enabled
List-Box Smooth Scrolling  Enabled
Menu Animation  Enabled
Menu Fade Effect  Enabled
Minimize/Restore Animation  Enabled
Mouse Cursor Shadow  Disabled
Selection Fade Effect  Enabled
ShowSounds Accessibility Feature  Disabled
ToolTip Animation  Enabled
ToolTip Fade Effect  Enabled
Windows Aero  Enabled
Windows Plus! Extension  Disabled


Multi-Monitor

 
Device ID  Primary  Upper Left Corner  Bottom Right Corner
\\.\DISPLAY1  Yes  (0,0)  (1280,800)


Video Modes

 
Resolution  Color Depth  Refresh Rate
320 x 200  8-bit  60 Hz
320 x 200  16-bit  60 Hz
320 x 200  32-bit  60 Hz
320 x 240  8-bit  60 Hz
320 x 240  8-bit  60 Hz
320 x 240  16-bit  60 Hz
320 x 240  16-bit  60 Hz
320 x 240  32-bit  60 Hz
320 x 240  32-bit  60 Hz
400 x 300  8-bit  60 Hz
400 x 300  8-bit  60 Hz
400 x 300  16-bit  60 Hz
400 x 300  16-bit  60 Hz
400 x 300  32-bit  60 Hz
400 x 300  32-bit  60 Hz
512 x 384  8-bit  60 Hz
512 x 384  8-bit  60 Hz
512 x 384  16-bit  60 Hz
512 x 384  16-bit  60 Hz
512 x 384  32-bit  60 Hz
512 x 384  32-bit  60 Hz
640 x 400  8-bit  60 Hz
640 x 400  16-bit  60 Hz
640 x 400  32-bit  60 Hz
640 x 480  8-bit  60 Hz
640 x 480  8-bit  60 Hz
640 x 480  16-bit  60 Hz
640 x 480  16-bit  60 Hz
640 x 480  32-bit  60 Hz
640 x 480  32-bit  60 Hz
800 x 600  8-bit  60 Hz
800 x 600  8-bit  60 Hz
800 x 600  16-bit  60 Hz
800 x 600  16-bit  60 Hz
800 x 600  32-bit  60 Hz
800 x 600  32-bit  60 Hz
1024 x 768  8-bit  60 Hz
1024 x 768  8-bit  60 Hz
1024 x 768  16-bit  60 Hz
1024 x 768  16-bit  60 Hz
1024 x 768  32-bit  60 Hz
1024 x 768  32-bit  60 Hz
1280 x 600  8-bit  60 Hz
1280 x 600  8-bit  60 Hz
1280 x 600  16-bit  60 Hz
1280 x 600  16-bit  60 Hz
1280 x 600  32-bit  60 Hz
1280 x 600  32-bit  60 Hz
1280 x 720  8-bit  60 Hz
1280 x 720  8-bit  60 Hz
1280 x 720  16-bit  60 Hz
1280 x 720  16-bit  60 Hz
1280 x 720  32-bit  60 Hz
1280 x 720  32-bit  60 Hz
1280 x 768  8-bit  60 Hz
1280 x 768  8-bit  60 Hz
1280 x 768  16-bit  60 Hz
1280 x 768  16-bit  60 Hz
1280 x 768  32-bit  60 Hz
1280 x 768  32-bit  60 Hz
1280 x 800  8-bit  60 Hz
1280 x 800  16-bit  60 Hz
1280 x 800  32-bit  60 Hz


OpenGL

 
OpenGL Properties:
Vendor  Intel
Renderer  Intel(R) HD Graphics
Version  4.3.0 - Build 10.18.15.4256
Shading Language Version  4.30 - Build 10.18.15.4256
OpenGL DLL  10.0.10240.16384(th1.150709-1700)
Multitexture Texture Units  8
Occlusion Query Counter Bits  64
Sub-Pixel Precision  8-bit
Max Viewport Size  16384 x 16384
Max Cube Map Texture Size  16384 x 16384
Max Rectangle Texture Size  16384 x 16384
Max 3D Texture Size  2048 x 2048 x 2048
Max Anisotropy  16
Max Clipping Planes  8
Max Display-List Nesting Level  64
Max Draw Buffers  8
Max Evaluator Order  32
Max Light Sources  8
Max Pixel Map Table Size  65536
Min / Max Program Texel Offset  -8 / 7
Max Texture Array Layers  2048
Max Texture LOD Bias  15
 
OpenGL Compliancy:
OpenGL 1.1  Yes (100%)
OpenGL 1.2  Yes (100%)
OpenGL 1.3  Yes (100%)
OpenGL 1.4  Yes (100%)
OpenGL 1.5  Yes (100%)
OpenGL 2.0  Yes (100%)
OpenGL 2.1  Yes (100%)
OpenGL 3.0  Yes (100%)
OpenGL 3.1  Yes (100%)
OpenGL 3.2  Yes (100%)
OpenGL 3.3  Yes (100%)
OpenGL 4.0  Yes (100%)
OpenGL 4.1  Yes (100%)
OpenGL 4.2  Yes (100%)
OpenGL 4.3  Yes (100%)
OpenGL 4.4  No (88%)
OpenGL 4.5  No (0%)
 
Max Stack Depth:
Attribute Stack  16
Client Attribute Stack  16
Modelview Matrix Stack  32
Name Stack  128
Projection Matrix Stack  4
Texture Matrix Stack  10
 
Draw Range Elements:
Max Index Count  1048576
Max Vertex Count  1048576
 
Transform Feedback:
Max Interleaved Components  128
Max Separate Attributes  4
Max Separate Components  4
 
Framebuffer Object:
Max Color Attachments  8
Max Render Buffer Size  16384 x 16384
 
Vertex Shader:
Max Uniform Vertex Components  4096
Max Varying Floats  64
Max Vertex Texture Image Units  32
Max Combined Texture Image Units  192
 
Geometry Shader:
Max Geometry Texture Units  32
Max Varying Components  64
Max Geometry Varying Components  64
Max Vertex Varying Components  32
Max Geometry Uniform Components  4096
Max Geometry Output Vertices  256
Max Geometry Total Output Components  1024
 
Fragment Shader:
Max Uniform Fragment Components  4096
 
Vertex Program:
Max Local Parameters  256
Max Environment Parameters  300
Max Program Matrices  8
Max Program Matrix Stack Depth  2
Max Vertex Attributes  16
Max Instructions  1024
Max Native Instructions  1024
Max Temporaries  31
Max Native Temporaries  31
Max Parameters  512
Max Native Parameters  400
Max Attributes  16
Max Native Attributes  16
Max Address Registers  1
Max Native Address Registers  1
 
Fragment Program:
Max Local Parameters  256
Max Environment Parameters  256
Max Texture Coordinates  8
Max Texture Image Units  32
Max Instructions  1447
Max Native Instructions  1447
Max Temporaries  256
Max Native Temporaries  256
Max Parameters  512
Max Native Parameters  32
Max Attributes  13
Max Native Attributes  13
Max Address Registers  0
Max Native Address Registers  0
Max ALU Instructions  1447
Max Native ALU Instructions  1447
Max Texture Instructions  1447
Max Native Texture Instructions  1447
Max Texture Indirections  128
Max Native Texture Indirections  128
 
OpenGL Extensions:
Total / Supported Extensions  1007 / 216
GL_3DFX_multisample  Not Supported
GL_3DFX_tbuffer  Not Supported
GL_3DFX_texture_compression_FXT1  Supported
GL_3DL_direct_texture_access2  Not Supported
GL_3Dlabs_multisample_transparency_id  Not Supported
GL_3Dlabs_multisample_transparency_range  Not Supported
GL_AMD_blend_minmax_factor  Not Supported
GL_AMD_compressed_3DC_texture  Not Supported
GL_AMD_compressed_ATC_texture  Not Supported
GL_AMD_conservative_depth  Not Supported
GL_AMD_debug_output  Not Supported
GL_AMD_depth_clamp_separate  Not Supported
GL_AMD_draw_buffers_blend  Not Supported
GL_AMD_framebuffer_sample_positions  Not Supported
GL_AMD_gcn_shader  Not Supported
GL_AMD_gpu_shader_half_float  Not Supported
GL_AMD_gpu_shader_half_float2  Not Supported
GL_AMD_gpu_shader_int64  Not Supported
GL_AMD_interleaved_elements  Not Supported
GL_AMD_multi_draw_indirect  Not Supported
GL_AMD_name_gen_delete  Not Supported
GL_AMD_occlusion_query_event  Not Supported
GL_AMD_performance_monitor  Not Supported
GL_AMD_pinned_memory  Not Supported
GL_AMD_program_binary_Z400  Not Supported
GL_AMD_query_buffer_object  Not Supported
GL_AMD_sample_positions  Not Supported
GL_AMD_seamless_cubemap_per_texture  Not Supported
GL_AMD_shader_atomic_counter_ops  Not Supported
GL_AMD_shader_stencil_export  Not Supported
GL_AMD_shader_stencil_value_export  Not Supported
GL_AMD_shader_trace  Not Supported
GL_AMD_shader_trinary_minmax  Not Supported
GL_AMD_sparse_texture  Not Supported
GL_AMD_sparse_texture_pool  Not Supported
GL_AMD_stencil_operation_extended  Not Supported
GL_AMD_texture_compression_dxt6  Not Supported
GL_AMD_texture_compression_dxt7  Not Supported
GL_AMD_texture_cube_map_array  Not Supported
GL_AMD_texture_texture4  Not Supported
GL_AMD_texture_tile_pool  Not Supported
GL_AMD_transform_feedback3_lines_triangles  Not Supported
GL_AMD_transform_feedback4  Not Supported
GL_AMD_vertex_shader_layer  Supported
GL_AMD_vertex_shader_tessellator  Not Supported
GL_AMD_vertex_shader_viewport_index  Supported
GL_AMDX_debug_output  Not Supported
GL_AMDX_name_gen_delete  Not Supported
GL_AMDX_random_access_target  Not Supported
GL_AMDX_vertex_shader_tessellator  Not Supported
GL_ANDROID_extension_pack_es31a  Not Supported
GL_ANGLE_depth_texture  Not Supported
GL_ANGLE_framebuffer_blit  Not Supported
GL_ANGLE_framebuffer_multisample  Not Supported
GL_ANGLE_instanced_arrays  Not Supported
GL_ANGLE_pack_reverse_row_order  Not Supported
GL_ANGLE_program_binary  Not Supported
GL_ANGLE_texture_compression_dxt1  Not Supported
GL_ANGLE_texture_compression_dxt3  Not Supported
GL_ANGLE_texture_compression_dxt5  Not Supported
GL_ANGLE_texture_usage  Not Supported
GL_ANGLE_translated_shader_source  Not Supported
GL_APPLE_aux_depth_stencil  Not Supported
GL_APPLE_client_storage  Not Supported
GL_APPLE_copy_texture_levels  Not Supported
GL_APPLE_element_array  Not Supported
GL_APPLE_fence  Not Supported
GL_APPLE_float_pixels  Not Supported
GL_APPLE_flush_buffer_range  Not Supported
GL_APPLE_flush_render  Not Supported
GL_APPLE_framebuffer_multisample  Not Supported
GL_APPLE_object_purgeable  Not Supported
GL_APPLE_packed_pixel  Not Supported
GL_APPLE_packed_pixels  Not Supported
GL_APPLE_pixel_buffer  Not Supported
GL_APPLE_rgb_422  Not Supported
GL_APPLE_row_bytes  Not Supported
GL_APPLE_specular_vector  Not Supported
GL_APPLE_sync  Not Supported
GL_APPLE_texture_2D_limited_npot  Not Supported
GL_APPLE_texture_format_BGRA8888  Not Supported
GL_APPLE_texture_max_level  Not Supported
GL_APPLE_texture_range  Not Supported
GL_APPLE_transform_hint  Not Supported
GL_APPLE_vertex_array_object  Not Supported
GL_APPLE_vertex_array_range  Not Supported
GL_APPLE_vertex_point_size  Not Supported
GL_APPLE_vertex_program_evaluators  Not Supported
GL_APPLE_ycbcr_422  Not Supported
GL_ARB_arrays_of_arrays  Supported
GL_ARB_base_instance  Supported
GL_ARB_bindless_texture  Not Supported
GL_ARB_blend_func_extended  Supported
GL_ARB_buffer_storage  Supported
GL_ARB_cl_event  Supported
GL_ARB_clear_buffer_object  Supported
GL_ARB_clear_texture  Supported
GL_ARB_clip_control  Not Supported
GL_ARB_color_buffer_float  Supported
GL_ARB_compatibility  Supported
GL_ARB_compressed_texture_pixel_storage  Supported
GL_ARB_compute_shader  Supported
GL_ARB_compute_variable_group_size  Not Supported
GL_ARB_conditional_render_inverted  Not Supported
GL_ARB_conservative_depth  Supported
GL_ARB_context_flush_control  Not Supported
GL_ARB_copy_buffer  Supported
GL_ARB_copy_image  Supported
GL_ARB_cull_distance  Not Supported
GL_ARB_debug_group  Not Supported
GL_ARB_debug_label  Not Supported
GL_ARB_debug_output  Supported
GL_ARB_debug_output2  Not Supported
GL_ARB_depth_buffer_float  Supported
GL_ARB_depth_clamp  Supported
GL_ARB_depth_texture  Supported
GL_ARB_derivative_control  Not Supported
GL_ARB_direct_state_access  Not Supported
GL_ARB_draw_buffers  Supported
GL_ARB_draw_buffers_blend  Supported
GL_ARB_draw_elements_base_vertex  Supported
GL_ARB_draw_indirect  Supported
GL_ARB_draw_instanced  Supported
GL_ARB_enhanced_layouts  Supported
GL_ARB_ES2_compatibility  Supported
GL_ARB_ES3_1_compatibility  Not Supported
GL_ARB_ES3_compatibility  Supported
GL_ARB_explicit_attrib_location  Supported
GL_ARB_explicit_uniform_location  Supported
GL_ARB_fragment_coord_conventions  Supported
GL_ARB_fragment_layer_viewport  Supported
GL_ARB_fragment_program  Supported
GL_ARB_fragment_program_shadow  Supported
GL_ARB_fragment_shader  Supported
GL_ARB_framebuffer_no_attachments  Supported
GL_ARB_framebuffer_object  Supported
GL_ARB_framebuffer_sRGB  Supported
GL_ARB_geometry_shader4  Supported
GL_ARB_get_program_binary  Supported
GL_ARB_get_texture_sub_image  Not Supported
GL_ARB_gpu_shader_fp64  Supported
GL_ARB_gpu_shader5  Supported
GL_ARB_half_float_pixel  Supported
GL_ARB_half_float_vertex  Supported
GL_ARB_imaging  Not Supported
GL_ARB_indirect_parameters  Supported
GL_ARB_instanced_arrays  Supported
GL_ARB_internalformat_query  Supported
GL_ARB_internalformat_query2  Supported
GL_ARB_invalidate_subdata  Supported
GL_ARB_make_current_read  Not Supported
GL_ARB_map_buffer_alignment  Supported
GL_ARB_map_buffer_range  Supported
GL_ARB_matrix_palette  Not Supported
GL_ARB_multi_bind  Supported
GL_ARB_multi_draw_indirect  Supported
GL_ARB_multisample  Supported
GL_ARB_multitexture  Supported
GL_ARB_occlusion_query  Supported
GL_ARB_occlusion_query2  Supported
GL_ARB_pipeline_statistics_query  Not Supported
GL_ARB_pixel_buffer_object  Supported
GL_ARB_point_parameters  Supported
GL_ARB_point_sprite  Supported
GL_ARB_program_interface_query  Supported
GL_ARB_provoking_vertex  Supported
GL_ARB_query_buffer_object  Supported
GL_ARB_robust_buffer_access_behavior  Supported
GL_ARB_robustness  Supported
GL_ARB_robustness_isolation  Not Supported
GL_ARB_sample_shading  Supported
GL_ARB_sampler_objects  Supported
GL_ARB_seamless_cube_map  Supported
GL_ARB_seamless_cubemap_per_texture  Supported
GL_ARB_separate_shader_objects  Supported
GL_ARB_shader_atomic_counters  Supported
GL_ARB_shader_bit_encoding  Supported
GL_ARB_shader_draw_parameters  Not Supported
GL_ARB_shader_group_vote  Not Supported
GL_ARB_shader_image_load_store  Supported
GL_ARB_shader_image_size  Supported
GL_ARB_shader_objects  Supported
GL_ARB_shader_precision  Supported
GL_ARB_shader_stencil_export  Not Supported
GL_ARB_shader_storage_buffer_object  Supported
GL_ARB_shader_subroutine  Supported
GL_ARB_shader_texture_image_samples  Not Supported
GL_ARB_shader_texture_lod  Not Supported
GL_ARB_shading_language_100  Supported
GL_ARB_shading_language_120  Not Supported
GL_ARB_shading_language_420pack  Supported
GL_ARB_shading_language_include  Not Supported
GL_ARB_shading_language_packing  Supported
GL_ARB_shadow  Supported
GL_ARB_shadow_ambient  Not Supported
GL_ARB_sparse_buffer  Not Supported
GL_ARB_sparse_texture  Not Supported
GL_ARB_stencil_texturing  Supported
GL_ARB_swap_buffers  Not Supported
GL_ARB_sync  Supported
GL_ARB_tessellation_shader  Supported
GL_ARB_texture_barrier  Not Supported
GL_ARB_texture_border_clamp  Supported
GL_ARB_texture_buffer_object  Not Supported
GL_ARB_texture_buffer_object_rgb32  Supported
GL_ARB_texture_buffer_range  Supported
GL_ARB_texture_compression  Supported
GL_ARB_texture_compression_bptc  Supported
GL_ARB_texture_compression_rgtc  Supported
GL_ARB_texture_compression_rtgc  Not Supported
GL_ARB_texture_cube_map  Supported
GL_ARB_texture_cube_map_array  Supported
GL_ARB_texture_env_add  Supported
GL_ARB_texture_env_combine  Supported
GL_ARB_texture_env_crossbar  Supported
GL_ARB_texture_env_dot3  Supported
GL_ARB_texture_float  Supported
GL_ARB_texture_gather  Supported
GL_ARB_texture_mirror_clamp_to_edge  Supported
GL_ARB_texture_mirrored_repeat  Supported
GL_ARB_texture_multisample  Supported
GL_ARB_texture_non_power_of_two  Supported
GL_ARB_texture_query_levels  Supported
GL_ARB_texture_query_lod  Supported
GL_ARB_texture_rectangle  Supported
GL_ARB_texture_rg  Supported
GL_ARB_texture_rgb10_a2ui  Supported
GL_ARB_texture_snorm  Not Supported
GL_ARB_texture_stencil8  Supported
GL_ARB_texture_storage  Supported
GL_ARB_texture_storage_multisample  Supported
GL_ARB_texture_swizzle  Supported
GL_ARB_texture_view  Supported
GL_ARB_timer_query  Supported
GL_ARB_transform_feedback_instanced  Supported
GL_ARB_transform_feedback_overflow_query  Not Supported
GL_ARB_transform_feedback2  Supported
GL_ARB_transform_feedback3  Supported
GL_ARB_transpose_matrix  Supported
GL_ARB_uber_buffers  Not Supported
GL_ARB_uber_mem_image  Not Supported
GL_ARB_uber_vertex_array  Not Supported
GL_ARB_uniform_buffer_object  Supported
GL_ARB_vertex_array_bgra  Supported
GL_ARB_vertex_array_object  Supported
GL_ARB_vertex_attrib_64bit  Supported
GL_ARB_vertex_attrib_binding  Supported
GL_ARB_vertex_blend  Not Supported
GL_ARB_vertex_buffer_object  Supported
GL_ARB_vertex_program  Supported
GL_ARB_vertex_shader  Supported
GL_ARB_vertex_type_10f_11f_11f_rev  Supported
GL_ARB_vertex_type_2_10_10_10_rev  Supported
GL_ARB_viewport_array  Supported
GL_ARB_window_pos  Supported
GL_ARM_mali_program_binary  Not Supported
GL_ARM_mali_shader_binary  Not Supported
GL_ARM_rgba8  Not Supported
GL_ARM_shader_framebuffer_fetch  Not Supported
GL_ARM_shader_framebuffer_fetch_depth_stencil  Not Supported
GL_ATI_array_rev_comps_in_4_bytes  Not Supported
GL_ATI_blend_equation_separate  Not Supported
GL_ATI_blend_weighted_minmax  Not Supported
GL_ATI_draw_buffers  Not Supported
GL_ATI_element_array  Not Supported
GL_ATI_envmap_bumpmap  Not Supported
GL_ATI_fragment_shader  Not Supported
GL_ATI_lock_texture  Not Supported
GL_ATI_map_object_buffer  Not Supported
GL_ATI_meminfo  Not Supported
GL_ATI_pixel_format_float  Not Supported
GL_ATI_pn_triangles  Not Supported
GL_ATI_point_cull_mode  Not Supported
GL_ATI_separate_stencil  Supported
GL_ATI_shader_texture_lod  Not Supported
GL_ATI_text_fragment_shader  Not Supported
GL_ATI_texture_compression_3dc  Not Supported
GL_ATI_texture_env_combine3  Not Supported
GL_ATI_texture_float  Not Supported
GL_ATI_texture_mirror_once  Not Supported
GL_ATI_vertex_array_object  Not Supported
GL_ATI_vertex_attrib_array_object  Not Supported
GL_ATI_vertex_blend  Not Supported
GL_ATI_vertex_shader  Not Supported
GL_ATI_vertex_streams  Not Supported
GL_ATIX_pn_triangles  Not Supported
GL_ATIX_texture_env_combine3  Not Supported
GL_ATIX_texture_env_route  Not Supported
GL_ATIX_vertex_shader_output_point_size  Not Supported
GL_Autodesk_facet_normal  Not Supported
GL_Autodesk_valid_back_buffer_hint  Not Supported
GL_CR_bounding_box  Not Supported
GL_CR_cursor_position  Not Supported
GL_CR_head_spu_name  Not Supported
GL_CR_performance_info  Not Supported
GL_CR_print_string  Not Supported
GL_CR_readback_barrier_size  Not Supported
GL_CR_saveframe  Not Supported
GL_CR_server_id_sharing  Not Supported
GL_CR_server_matrix  Not Supported
GL_CR_state_parameter  Not Supported
GL_CR_synchronization  Not Supported
GL_CR_tile_info  Not Supported
GL_CR_tilesort_info  Not Supported
GL_CR_window_size  Not Supported
GL_DIMD_YUV  Not Supported
GL_DMP_shader_binary  Not Supported
GL_EXT_422_pixels  Not Supported
GL_EXT_abgr  Supported
GL_EXT_bgra  Supported
GL_EXT_bindable_uniform  Not Supported
GL_EXT_blend_color  Supported
GL_EXT_blend_equation_separate  Supported
GL_EXT_blend_func_separate  Supported
GL_EXT_blend_logic_op  Not Supported
GL_EXT_blend_minmax  Supported
GL_EXT_blend_subtract  Supported
GL_EXT_Cg_shader  Not Supported
GL_EXT_clip_control  Supported
GL_EXT_clip_volume_hint  Supported
GL_EXT_cmyka  Not Supported
GL_EXT_color_buffer_float  Not Supported
GL_EXT_color_buffer_half_float  Not Supported
GL_EXT_color_matrix  Not Supported
GL_EXT_color_subtable  Not Supported
GL_EXT_color_table  Not Supported
GL_EXT_compiled_vertex_array  Supported
GL_EXT_convolution  Not Supported
GL_EXT_convolution_border_modes  Not Supported
GL_EXT_coordinate_frame  Not Supported
GL_EXT_copy_buffer  Not Supported
GL_EXT_copy_image  Not Supported
GL_EXT_copy_texture  Not Supported
GL_EXT_cull_vertex  Not Supported
GL_EXT_debug_label  Not Supported
GL_EXT_debug_marker  Not Supported
GL_EXT_depth_bounds_test  Not Supported
GL_EXT_depth_buffer_float  Not Supported
GL_EXT_direct_state_access  Supported
GL_EXT_discard_framebuffer  Not Supported
GL_EXT_disjoint_timer_query  Not Supported
GL_EXT_draw_buffers  Not Supported
GL_EXT_draw_buffers_indexed  Not Supported
GL_EXT_draw_buffers2  Supported
GL_EXT_draw_indirect  Not Supported
GL_EXT_draw_instanced  Not Supported
GL_EXT_draw_range_elements  Supported
GL_EXT_fog_coord  Supported
GL_EXT_fog_function  Not Supported
GL_EXT_fog_offset  Not Supported
GL_EXT_frag_depth  Not Supported
GL_EXT_fragment_lighting  Not Supported
GL_EXT_framebuffer_blit  Supported
GL_EXT_framebuffer_multisample  Supported
GL_EXT_framebuffer_multisample_blit_scaled  Not Supported
GL_EXT_framebuffer_object  Supported
GL_EXT_framebuffer_sRGB  Not Supported
GL_EXT_generate_mipmap  Not Supported
GL_EXT_geometry_point_size  Not Supported
GL_EXT_geometry_shader  Not Supported
GL_EXT_geometry_shader4  Supported
GL_EXT_glx_stereo_tree  Not Supported
GL_EXT_gpu_program_parameters  Supported
GL_EXT_gpu_shader_fp64  Not Supported
GL_EXT_gpu_shader4  Supported
GL_EXT_gpu_shader5  Not Supported
GL_EXT_histogram  Not Supported
GL_EXT_import_sync_object  Not Supported
GL_EXT_index_array_formats  Not Supported
GL_EXT_index_func  Not Supported
GL_EXT_index_material  Not Supported
GL_EXT_index_texture  Not Supported
GL_EXT_instanced_arrays  Not Supported
GL_EXT_interlace  Not Supported
GL_EXT_light_texture  Not Supported
GL_EXT_map_buffer_range  Not Supported
GL_EXT_misc_attribute  Not Supported
GL_EXT_multi_draw_arrays  Supported
GL_EXT_multisample  Not Supported
GL_EXT_multisampled_render_to_texture  Not Supported
GL_EXT_multiview_draw_buffers  Not Supported
GL_EXT_occlusion_query_boolean  Not Supported
GL_EXT_packed_depth_stencil  Supported
GL_EXT_packed_float  Supported
GL_EXT_packed_pixels  Supported
GL_EXT_packed_pixels_12  Not Supported
GL_EXT_paletted_texture  Not Supported
GL_EXT_pixel_buffer_object  Not Supported
GL_EXT_pixel_format  Not Supported
GL_EXT_pixel_texture  Not Supported
GL_EXT_pixel_transform  Not Supported
GL_EXT_pixel_transform_color_table  Not Supported
GL_EXT_point_parameters  Not Supported
GL_EXT_polygon_offset  Not Supported
GL_EXT_polygon_offset_clamp  Supported
GL_EXT_post_depth_coverage  Not Supported
GL_EXT_primitive_bounding_box  Not Supported
GL_EXT_provoking_vertex  Not Supported
GL_EXT_pvrtc_sRGB  Not Supported
GL_EXT_raster_multisample  Not Supported
GL_EXT_read_format_bgra  Not Supported
GL_EXT_rescale_normal  Supported
GL_EXT_robustness  Not Supported
GL_EXT_scene_marker  Not Supported
GL_EXT_secondary_color  Supported
GL_EXT_separate_shader_objects  Not Supported
GL_EXT_separate_specular_color  Supported
GL_EXT_shader_atomic_counters  Not Supported
GL_EXT_shader_framebuffer_fetch  Not Supported
GL_EXT_shader_image_load_formatted  Not Supported
GL_EXT_shader_image_load_store  Not Supported
GL_EXT_shader_implicit_conversions  Not Supported
GL_EXT_shader_integer_mix  Supported
GL_EXT_shader_io_blocks  Not Supported
GL_EXT_shader_pixel_local_storage  Not Supported
GL_EXT_shader_subroutine  Not Supported
GL_EXT_shader_texture_lod  Not Supported
GL_EXT_shadow_funcs  Supported
GL_EXT_shadow_samplers  Not Supported
GL_EXT_shared_texture_palette  Not Supported
GL_EXT_sparse_texture2  Not Supported
GL_EXT_sRGB  Not Supported
GL_EXT_sRGB_write_control  Not Supported
GL_EXT_static_vertex_array  Not Supported
GL_EXT_stencil_clear_tag  Not Supported
GL_EXT_stencil_two_side  Supported
GL_EXT_stencil_wrap  Supported
GL_EXT_subtexture  Not Supported
GL_EXT_swap_control  Not Supported
GL_EXT_tessellation_point_size  Not Supported
GL_EXT_tessellation_shader  Not Supported
GL_EXT_texgen_reflection  Not Supported
GL_EXT_texture  Not Supported
GL_EXT_texture_array  Supported
GL_EXT_texture_border_clamp  Not Supported
GL_EXT_texture_buffer  Not Supported
GL_EXT_texture_buffer_object  Not Supported
GL_EXT_texture_buffer_object_rgb32  Not Supported
GL_EXT_texture_color_table  Not Supported
GL_EXT_texture_compression_bptc  Not Supported
GL_EXT_texture_compression_dxt1  Not Supported
GL_EXT_texture_compression_latc  Not Supported
GL_EXT_texture_compression_rgtc  Not Supported
GL_EXT_texture_compression_s3tc  Supported
GL_EXT_texture_cube_map  Not Supported
GL_EXT_texture_cube_map_array  Not Supported
GL_EXT_texture_edge_clamp  Supported
GL_EXT_texture_env  Not Supported
GL_EXT_texture_env_add  Supported
GL_EXT_texture_env_combine  Supported
GL_EXT_texture_env_dot3  Not Supported
GL_EXT_texture_filter_anisotropic  Supported
GL_EXT_texture_filter_minmax  Not Supported
GL_EXT_texture_format_BGRA8888  Not Supported
GL_EXT_texture_integer  Supported
GL_EXT_texture_lod  Not Supported
GL_EXT_texture_lod_bias  Supported
GL_EXT_texture_mirror_clamp  Not Supported
GL_EXT_texture_object  Not Supported
GL_EXT_texture_perturb_normal  Not Supported
GL_EXT_texture_rectangle  Supported
GL_EXT_texture_rg  Not Supported
GL_EXT_texture_shared_exponent  Supported
GL_EXT_texture_snorm  Supported
GL_EXT_texture_sRGB  Supported
GL_EXT_texture_sRGB_decode  Supported
GL_EXT_texture_storage  Supported
GL_EXT_texture_swizzle  Supported
GL_EXT_texture_type_2_10_10_10_REV  Not Supported
GL_EXT_texture_view  Not Supported
GL_EXT_texture3D  Supported
GL_EXT_texture4D  Not Supported
GL_EXT_timer_query  Not Supported
GL_EXT_transform_feedback  Supported
GL_EXT_transform_feedback2  Not Supported
GL_EXT_transform_feedback3  Not Supported
GL_EXT_unpack_subimage  Not Supported
GL_EXT_vertex_array  Not Supported
GL_EXT_vertex_array_bgra  Not Supported
GL_EXT_vertex_array_set  Not Supported
GL_EXT_vertex_array_setXXX  Not Supported
GL_EXT_vertex_attrib_64bit  Not Supported
GL_EXT_vertex_shader  Not Supported
GL_EXT_vertex_weighting  Not Supported
GL_EXT_x11_sync_object  Not Supported
GL_EXTX_framebuffer_mixed_formats  Not Supported
GL_EXTX_packed_depth_stencil  Not Supported
GL_FGL_lock_texture  Not Supported
GL_FJ_shader_binary_GCCSO  Not Supported
GL_GL2_geometry_shader  Not Supported
GL_GREMEDY_frame_terminator  Not Supported
GL_GREMEDY_string_marker  Not Supported
GL_HP_convolution_border_modes  Not Supported
GL_HP_image_transform  Not Supported
GL_HP_occlusion_test  Not Supported
GL_HP_texture_lighting  Not Supported
GL_I3D_argb  Not Supported
GL_I3D_color_clamp  Not Supported
GL_I3D_interlace_read  Not Supported
GL_IBM_clip_check  Not Supported
GL_IBM_cull_vertex  Not Supported
GL_IBM_load_named_matrix  Not Supported
GL_IBM_multi_draw_arrays  Not Supported
GL_IBM_multimode_draw_arrays  Not Supported
GL_IBM_occlusion_cull  Not Supported
GL_IBM_pixel_filter_hint  Not Supported
GL_IBM_rasterpos_clip  Not Supported
GL_IBM_rescale_normal  Not Supported
GL_IBM_static_data  Not Supported
GL_IBM_texture_clamp_nodraw  Not Supported
GL_IBM_texture_mirrored_repeat  Supported
GL_IBM_vertex_array_lists  Not Supported
GL_IBM_YCbCr  Not Supported
GL_IMG_multisampled_render_to_texture  Not Supported
GL_IMG_program_binary  Not Supported
GL_IMG_read_format  Not Supported
GL_IMG_sgx_binary  Not Supported
GL_IMG_shader_binary  Not Supported
GL_IMG_texture_compression_pvrtc  Not Supported
GL_IMG_texture_compression_pvrtc2  Not Supported
GL_IMG_texture_env_enhanced_fixed_function  Not Supported
GL_IMG_texture_format_BGRA8888  Not Supported
GL_IMG_user_clip_plane  Not Supported
GL_IMG_vertex_program  Not Supported
GL_INGR_blend_func_separate  Not Supported
GL_INGR_color_clamp  Not Supported
GL_INGR_interlace_read  Not Supported
GL_INGR_multiple_palette  Not Supported
GL_INTEL_compute_shader_lane_shift  Not Supported
GL_INTEL_conservative_rasterization  Not Supported
GL_INTEL_fragment_shader_ordering  Supported
GL_INTEL_fragment_shader_span_sharing  Not Supported
GL_INTEL_image_serialize  Not Supported
GL_INTEL_map_texture  Supported
GL_INTEL_multi_rate_fragment_shader  Not Supported
GL_INTEL_parallel_arrays  Not Supported
GL_INTEL_performance_queries  Not Supported
GL_INTEL_performance_query  Supported
GL_INTEL_texture_scissor  Not Supported
GL_KHR_blend_equation_advanced  Supported
GL_KHR_blend_equation_advanced_coherent  Not Supported
GL_KHR_context_flush_control  Not Supported
GL_KHR_debug  Supported
GL_KHR_robust_buffer_access_behavior  Not Supported
GL_KHR_robustness  Not Supported
GL_KHR_texture_compression_astc_hdr  Not Supported
GL_KHR_texture_compression_astc_ldr  Supported
GL_KTX_buffer_region  Not Supported
GL_MESA_pack_invert  Not Supported
GL_MESA_program_debug  Not Supported
GL_MESA_resize_buffers  Not Supported
GL_MESA_texture_array  Not Supported
GL_MESA_texture_signed_rgba  Not Supported
GL_MESA_window_pos  Not Supported
GL_MESA_ycbcr_texture  Not Supported
GL_MESAX_texture_float  Not Supported
GL_MESAX_texture_stack  Not Supported
GL_MTX_fragment_shader  Not Supported
GL_MTX_precision_dpi  Not Supported
GL_NV_3dvision_settings  Not Supported
GL_NV_alpha_test  Not Supported
GL_NV_bgr  Not Supported
GL_NV_bindless_multi_draw_indirect  Not Supported
GL_NV_bindless_multi_draw_indirect_count  Not Supported
GL_NV_bindless_texture  Not Supported
GL_NV_blend_equation_advanced  Not Supported
GL_NV_blend_equation_advanced_coherent  Not Supported
GL_NV_blend_minmax  Not Supported
GL_NV_blend_square  Supported
GL_NV_centroid_sample  Not Supported
GL_NV_command_list  Not Supported
GL_NV_complex_primitives  Not Supported
GL_NV_compute_program5  Not Supported
GL_NV_conditional_render  Supported
GL_NV_conservative_raster  Not Supported
GL_NV_copy_buffer  Not Supported
GL_NV_copy_depth_to_color  Not Supported
GL_NV_copy_image  Not Supported
GL_NV_coverage_sample  Not Supported
GL_NV_deep_texture3D  Not Supported
GL_NV_depth_buffer_float  Not Supported
GL_NV_depth_clamp  Not Supported
GL_NV_depth_nonlinear  Not Supported
GL_NV_depth_range_unclamped  Not Supported
GL_NV_draw_buffers  Not Supported
GL_NV_draw_instanced  Not Supported
GL_NV_draw_texture  Not Supported
GL_NV_EGL_stream_consumer_external  Not Supported
GL_NV_ES1_1_compatibility  Not Supported
GL_NV_ES3_1_compatibility  Not Supported
GL_NV_evaluators  Not Supported
GL_NV_explicit_attrib_location  Not Supported
GL_NV_explicit_multisample  Not Supported
GL_NV_fbo_color_attachments  Not Supported
GL_NV_fence  Not Supported
GL_NV_fill_rectangle  Not Supported
GL_NV_float_buffer  Not Supported
GL_NV_fog_distance  Not Supported
GL_NV_fragdepth  Not Supported
GL_NV_fragment_coverage_to_color  Not Supported
GL_NV_fragment_program  Not Supported
GL_NV_fragment_program_option  Not Supported
GL_NV_fragment_program2  Not Supported
GL_NV_fragment_program4  Not Supported
GL_NV_fragment_shader_interlock  Not Supported
GL_NV_framebuffer_blit  Not Supported
GL_NV_framebuffer_mixed_samples  Not Supported
GL_NV_framebuffer_multisample  Not Supported
GL_NV_framebuffer_multisample_coverage  Not Supported
GL_NV_framebuffer_multisample_ex  Not Supported
GL_NV_generate_mipmap_sRGB  Not Supported
GL_NV_geometry_program4  Not Supported
GL_NV_geometry_shader_passthrough  Not Supported
GL_NV_geometry_shader4  Not Supported
GL_NV_gpu_program_fp64  Not Supported
GL_NV_gpu_program4  Not Supported
GL_NV_gpu_program4_1  Not Supported
GL_NV_gpu_program5  Not Supported
GL_NV_gpu_program5_mem_extended  Not Supported
GL_NV_gpu_shader5  Not Supported
GL_NV_half_float  Not Supported
GL_NV_instanced_arrays  Not Supported
GL_NV_internalformat_sample_query  Not Supported
GL_NV_light_max_exponent  Not Supported
GL_NV_multisample_coverage  Not Supported
GL_NV_multisample_filter_hint  Not Supported
GL_NV_non_square_matrices  Not Supported
GL_NV_occlusion_query  Not Supported
GL_NV_pack_subimage  Not Supported
GL_NV_packed_depth_stencil  Not Supported
GL_NV_packed_float  Not Supported
GL_NV_packed_float_linear  Not Supported
GL_NV_parameter_buffer_object  Not Supported
GL_NV_parameter_buffer_object2  Not Supported
GL_NV_path_rendering  Not Supported
GL_NV_path_rendering_shared_edge  Not Supported
GL_NV_pixel_buffer_object  Not Supported
GL_NV_pixel_data_range  Not Supported
GL_NV_platform_binary  Not Supported
GL_NV_point_sprite  Not Supported
GL_NV_present_video  Not Supported
GL_NV_primitive_restart  Supported
GL_NV_read_buffer  Not Supported
GL_NV_read_buffer_front  Not Supported
GL_NV_read_depth  Not Supported
GL_NV_read_depth_stencil  Not Supported
GL_NV_read_stencil  Not Supported
GL_NV_register_combiners  Not Supported
GL_NV_register_combiners2  Not Supported
GL_NV_sample_locations  Not Supported
GL_NV_sample_mask_override_coverage  Not Supported
GL_NV_shader_atomic_counters  Not Supported
GL_NV_shader_atomic_float  Not Supported
GL_NV_shader_atomic_fp16_vector  Not Supported
GL_NV_shader_atomic_int64  Not Supported
GL_NV_shader_buffer_load  Not Supported
GL_NV_shader_buffer_store  Not Supported
GL_NV_shader_storage_buffer_object  Not Supported
GL_NV_shader_thread_group  Not Supported
GL_NV_shader_thread_shuffle  Not Supported
GL_NV_shadow_samplers_array  Not Supported
GL_NV_shadow_samplers_cube  Not Supported
GL_NV_sRGB_formats  Not Supported
GL_NV_tessellation_program5  Not Supported
GL_NV_texgen_emboss  Not Supported
GL_NV_texgen_reflection  Supported
GL_NV_texture_array  Not Supported
GL_NV_texture_barrier  Not Supported
GL_NV_texture_border_clamp  Not Supported
GL_NV_texture_compression_latc  Not Supported
GL_NV_texture_compression_s3tc  Not Supported
GL_NV_texture_compression_s3tc_update  Not Supported
GL_NV_texture_compression_vtc  Not Supported
GL_NV_texture_env_combine4  Not Supported
GL_NV_texture_expand_normal  Not Supported
GL_NV_texture_lod_clamp  Not Supported
GL_NV_texture_multisample  Not Supported
GL_NV_texture_npot_2D_mipmap  Not Supported
GL_NV_texture_rectangle  Not Supported
GL_NV_texture_shader  Not Supported
GL_NV_texture_shader2  Not Supported
GL_NV_texture_shader3  Not Supported
GL_NV_timer_query  Not Supported
GL_NV_transform_feedback  Not Supported
GL_NV_transform_feedback2  Not Supported
GL_NV_uniform_buffer_unified_memory  Not Supported
GL_NV_vdpau_interop  Not Supported
GL_NV_vertex_array_range  Not Supported
GL_NV_vertex_array_range2  Not Supported
GL_NV_vertex_attrib_64bit  Not Supported
GL_NV_vertex_attrib_integer_64bit  Not Supported
GL_NV_vertex_buffer_unified_memory  Not Supported
GL_NV_vertex_program  Not Supported
GL_NV_vertex_program1_1  Not Supported
GL_NV_vertex_program2  Not Supported
GL_NV_vertex_program2_option  Not Supported
GL_NV_vertex_program3  Not Supported
GL_NV_vertex_program4  Not Supported
GL_NV_video_capture  Not Supported
GL_NV_viewport_array2  Not Supported
GL_NVX_conditional_render  Not Supported
GL_NVX_flush_hold  Not Supported
GL_NVX_gpu_memory_info  Not Supported
GL_NVX_instanced_arrays  Not Supported
GL_NVX_nvenc_interop  Not Supported
GL_NVX_shader_thread_group  Not Supported
GL_NVX_shader_thread_shuffle  Not Supported
GL_NVX_shared_sync_object  Not Supported
GL_NVX_sysmem_buffer  Not Supported
GL_NVX_ycrcb  Not Supported
GL_OES_blend_equation_separate  Not Supported
GL_OES_blend_func_separate  Not Supported
GL_OES_blend_subtract  Not Supported
GL_OES_byte_coordinates  Not Supported
GL_OES_compressed_EAC_R11_signed_texture  Not Supported
GL_OES_compressed_EAC_R11_unsigned_texture  Not Supported
GL_OES_compressed_EAC_RG11_signed_texture  Not Supported
GL_OES_compressed_EAC_RG11_unsigned_texture  Not Supported
GL_OES_compressed_ETC1_RGB8_texture  Not Supported
GL_OES_compressed_ETC2_punchthroughA_RGBA8_texture  Not Supported
GL_OES_compressed_ETC2_punchthroughA_sRGB8_alpha_texture  Not Supported
GL_OES_compressed_ETC2_RGB8_texture  Not Supported
GL_OES_compressed_ETC2_RGBA8_texture  Not Supported
GL_OES_compressed_ETC2_sRGB8_alpha8_texture  Not Supported
GL_OES_compressed_ETC2_sRGB8_texture  Not Supported
GL_OES_compressed_paletted_texture  Not Supported
GL_OES_conditional_query  Not Supported
GL_OES_depth_texture  Not Supported
GL_OES_depth_texture_cube_map  Not Supported
GL_OES_depth24  Not Supported
GL_OES_depth32  Not Supported
GL_OES_draw_texture  Not Supported
GL_OES_EGL_image  Not Supported
GL_OES_EGL_image_external  Not Supported
GL_OES_EGL_sync  Not Supported
GL_OES_element_index_uint  Not Supported
GL_OES_extended_matrix_palette  Not Supported
GL_OES_fbo_render_mipmap  Not Supported
GL_OES_fixed_point  Not Supported
GL_OES_fragment_precision_high  Not Supported
GL_OES_framebuffer_object  Not Supported
GL_OES_get_program_binary  Not Supported
GL_OES_mapbuffer  Not Supported
GL_OES_matrix_get  Not Supported
GL_OES_matrix_palette  Not Supported
GL_OES_packed_depth_stencil  Not Supported
GL_OES_point_size_array  Not Supported
GL_OES_point_sprite  Not Supported
GL_OES_query_matrix  Not Supported
GL_OES_read_format  Not Supported
GL_OES_required_internalformat  Not Supported
GL_OES_rgb8_rgba8  Not Supported
GL_OES_sample_shading  Not Supported
GL_OES_sample_variables  Not Supported
GL_OES_shader_image_atomic  Not Supported
GL_OES_shader_multisample_interpolation  Not Supported
GL_OES_single_precision  Not Supported
GL_OES_standard_derivatives  Not Supported
GL_OES_stencil_wrap  Not Supported
GL_OES_stencil1  Not Supported
GL_OES_stencil4  Not Supported
GL_OES_stencil8  Not Supported
GL_OES_surfaceless_context  Not Supported
GL_OES_texture_3D  Not Supported
GL_OES_texture_compression_astc  Not Supported
GL_OES_texture_cube_map  Not Supported
GL_OES_texture_env_crossbar  Not Supported
GL_OES_texture_float  Not Supported
GL_OES_texture_float_linear  Not Supported
GL_OES_texture_half_float  Not Supported
GL_OES_texture_half_float_linear  Not Supported
GL_OES_texture_mirrored_repeat  Not Supported
GL_OES_texture_npot  Not Supported
GL_OES_texture_stencil8  Not Supported
GL_OES_texture_storage_multisample_2d_array  Not Supported
GL_OES_vertex_array_object  Not Supported
GL_OES_vertex_half_float  Not Supported
GL_OES_vertex_type_10_10_10_2  Not Supported
GL_OML_interlace  Not Supported
GL_OML_resample  Not Supported
GL_OML_subsample  Not Supported
GL_PGI_misc_hints  Not Supported
GL_PGI_vertex_hints  Not Supported
GL_QCOM_alpha_test  Not Supported
GL_QCOM_binning_control  Not Supported
GL_QCOM_driver_control  Not Supported
GL_QCOM_extended_get  Not Supported
GL_QCOM_extended_get2  Not Supported
GL_QCOM_perfmon_global_mode  Not Supported
GL_QCOM_tiled_rendering  Not Supported
GL_QCOM_writeonly_rendering  Not Supported
GL_REND_screen_coordinates  Not Supported
GL_S3_performance_analyzer  Not Supported
GL_S3_s3tc  Not Supported
GL_SGI_color_matrix  Not Supported
GL_SGI_color_table  Not Supported
GL_SGI_compiled_vertex_array  Not Supported
GL_SGI_cull_vertex  Not Supported
GL_SGI_index_array_formats  Not Supported
GL_SGI_index_func  Not Supported
GL_SGI_index_material  Not Supported
GL_SGI_index_texture  Not Supported
GL_SGI_make_current_read  Not Supported
GL_SGI_texture_add_env  Not Supported
GL_SGI_texture_color_table  Not Supported
GL_SGI_texture_edge_clamp  Not Supported
GL_SGI_texture_lod  Not Supported
GL_SGIS_color_range  Not Supported
GL_SGIS_detail_texture  Not Supported
GL_SGIS_fog_function  Not Supported
GL_SGIS_generate_mipmap  Supported
GL_SGIS_multisample  Not Supported
GL_SGIS_multitexture  Not Supported
GL_SGIS_pixel_texture  Not Supported
GL_SGIS_point_line_texgen  Not Supported
GL_SGIS_sharpen_texture  Not Supported
GL_SGIS_texture_border_clamp  Not Supported
GL_SGIS_texture_color_mask  Not Supported
GL_SGIS_texture_edge_clamp  Supported
GL_SGIS_texture_filter4  Not Supported
GL_SGIS_texture_lod  Supported
GL_SGIS_texture_select  Not Supported
GL_SGIS_texture4D  Not Supported
GL_SGIX_async  Not Supported
GL_SGIX_async_histogram  Not Supported
GL_SGIX_async_pixel  Not Supported
GL_SGIX_blend_alpha_minmax  Not Supported
GL_SGIX_clipmap  Not Supported
GL_SGIX_convolution_accuracy  Not Supported
GL_SGIX_depth_pass_instrument  Not Supported
GL_SGIX_depth_texture  Not Supported
GL_SGIX_flush_raster  Not Supported
GL_SGIX_fog_offset  Not Supported
GL_SGIX_fog_texture  Not Supported
GL_SGIX_fragment_specular_lighting  Not Supported
GL_SGIX_framezoom  Not Supported
GL_SGIX_instruments  Not Supported
GL_SGIX_interlace  Not Supported
GL_SGIX_ir_instrument1  Not Supported
GL_SGIX_list_priority  Not Supported
GL_SGIX_pbuffer  Not Supported
GL_SGIX_pixel_texture  Not Supported
GL_SGIX_pixel_texture_bits  Not Supported
GL_SGIX_reference_plane  Not Supported
GL_SGIX_resample  Not Supported
GL_SGIX_shadow  Not Supported
GL_SGIX_shadow_ambient  Not Supported
GL_SGIX_sprite  Not Supported
GL_SGIX_subsample  Not Supported
GL_SGIX_tag_sample_buffer  Not Supported
GL_SGIX_texture_add_env  Not Supported
GL_SGIX_texture_coordinate_clamp  Not Supported
GL_SGIX_texture_lod_bias  Not Supported
GL_SGIX_texture_multi_buffer  Not Supported
GL_SGIX_texture_range  Not Supported
GL_SGIX_texture_scale_bias  Not Supported
GL_SGIX_vertex_preclip  Not Supported
GL_SGIX_vertex_preclip_hint  Not Supported
GL_SGIX_ycrcb  Not Supported
GL_SGIX_ycrcb_subsample  Not Supported
GL_SUN_convolution_border_modes  Not Supported
GL_SUN_global_alpha  Not Supported
GL_SUN_mesh_array  Not Supported
GL_SUN_multi_draw_arrays  Supported
GL_SUN_read_video_pixels  Not Supported
GL_SUN_slice_accum  Not Supported
GL_SUN_triangle_list  Not Supported
GL_SUN_vertex  Not Supported
GL_SUNX_constant_data  Not Supported
GL_VIV_shader_binary  Not Supported
GL_WGL_ARB_extensions_string  Not Supported
GL_WGL_EXT_extensions_string  Not Supported
GL_WGL_EXT_swap_control  Not Supported
GL_WIN_phong_shading  Not Supported
GL_WIN_specular_fog  Not Supported
GL_WIN_swap_hint  Supported
GLU_EXT_nurbs_tessellator  Not Supported
GLU_EXT_object_space_tess  Not Supported
GLU_SGI_filter4_parameters  Not Supported
GLX_AMD_gpu_association  Not Supported
GLX_ARB_create_context  Not Supported
GLX_ARB_create_context_profile  Not Supported
GLX_ARB_create_context_robustness  Not Supported
GLX_ARB_fbconfig_float  Not Supported
GLX_ARB_framebuffer_sRGB  Not Supported
GLX_ARB_get_proc_address  Not Supported
GLX_ARB_multisample  Not Supported
GLX_ARB_robustness_application_isolation  Not Supported
GLX_ARB_robustness_share_group_isolation  Not Supported
GLX_ARB_vertex_buffer_object  Not Supported
GLX_EXT_buffer_age  Not Supported
GLX_EXT_create_context_es_profile  Not Supported
GLX_EXT_create_context_es2_profile  Not Supported
GLX_EXT_fbconfig_packed_float  Not Supported
GLX_EXT_framebuffer_sRGB  Not Supported
GLX_EXT_import_context  Not Supported
GLX_EXT_scene_marker  Not Supported
GLX_EXT_swap_control  Not Supported
GLX_EXT_swap_control_tear  Not Supported
GLX_EXT_texture_from_pixmap  Not Supported
GLX_EXT_visual_info  Not Supported
GLX_EXT_visual_rating  Not Supported
GLX_INTEL_swap_event  Not Supported
GLX_MESA_agp_offset  Not Supported
GLX_MESA_copy_sub_buffer  Not Supported
GLX_MESA_multithread_makecurrent  Not Supported
GLX_MESA_pixmap_colormap  Not Supported
GLX_MESA_query_renderer  Not Supported
GLX_MESA_release_buffers  Not Supported
GLX_MESA_set_3dfx_mode  Not Supported
GLX_MESA_swap_control  Not Supported
GLX_NV_copy_image  Not Supported
GLX_NV_delay_before_swap  Not Supported
GLX_NV_float_buffer  Not Supported
GLX_NV_multisample_coverage  Not Supported
GLX_NV_present_video  Not Supported
GLX_NV_swap_group  Not Supported
GLX_NV_video_capture  Not Supported
GLX_NV_video_out  Not Supported
GLX_NV_video_output  Not Supported
GLX_OML_interlace  Not Supported
GLX_OML_swap_method  Not Supported
GLX_OML_sync_control  Not Supported
GLX_SGI_cushion  Not Supported
GLX_SGI_make_current_read  Not Supported
GLX_SGI_swap_control  Not Supported
GLX_SGI_video_sync  Not Supported
GLX_SGIS_blended_overlay  Not Supported
GLX_SGIS_color_range  Not Supported
GLX_SGIS_multisample  Not Supported
GLX_SGIX_dm_buffer  Not Supported
GLX_SGIX_fbconfig  Not Supported
GLX_SGIX_hyperpipe  Not Supported
GLX_SGIX_pbuffer  Not Supported
GLX_SGIX_swap_barrier  Not Supported
GLX_SGIX_swap_group  Not Supported
GLX_SGIX_video_resize  Not Supported
GLX_SGIX_video_source  Not Supported
GLX_SGIX_visual_select_group  Not Supported
GLX_SUN_get_transparent_index  Not Supported
GLX_SUN_video_resize  Not Supported
WGL_3DFX_gamma_control  Not Supported
WGL_3DFX_multisample  Not Supported
WGL_3DL_stereo_control  Not Supported
WGL_AMD_gpu_association  Not Supported
WGL_AMDX_gpu_association  Not Supported
WGL_ARB_buffer_region  Supported
WGL_ARB_context_flush_control  Not Supported
WGL_ARB_create_context  Supported
WGL_ARB_create_context_profile  Supported
WGL_ARB_create_context_robustness  Supported
WGL_ARB_extensions_string  Supported
WGL_ARB_framebuffer_sRGB  Supported
WGL_ARB_make_current_read  Supported
WGL_ARB_multisample  Supported
WGL_ARB_pbuffer  Supported
WGL_ARB_pixel_format  Supported
WGL_ARB_pixel_format_float  Supported
WGL_ARB_render_texture  Not Supported
WGL_ARB_robustness_application_isolation  Not Supported
WGL_ARB_robustness_share_group_isolation  Not Supported
WGL_ATI_pbuffer_memory_hint  Not Supported
WGL_ATI_pixel_format_float  Not Supported
WGL_ATI_render_texture_rectangle  Not Supported
WGL_EXT_buffer_region  Not Supported
WGL_EXT_create_context_es_profile  Supported
WGL_EXT_create_context_es2_profile  Supported
WGL_EXT_depth_float  Supported
WGL_EXT_display_color_table  Not Supported
WGL_EXT_extensions_string  Supported
WGL_EXT_framebuffer_sRGB  Not Supported
WGL_EXT_framebuffer_sRGBWGL_ARB_create_context  Not Supported
WGL_EXT_gamma_control  Not Supported
WGL_EXT_make_current_read  Not Supported
WGL_EXT_multisample  Not Supported
WGL_EXT_pbuffer  Not Supported
WGL_EXT_pixel_format  Not Supported
WGL_EXT_pixel_format_packed_float  Supported
WGL_EXT_render_texture  Not Supported
WGL_EXT_swap_control  Supported
WGL_EXT_swap_control_tear  Supported
WGL_EXT_swap_interval  Not Supported
WGL_I3D_digital_video_control  Not Supported
WGL_I3D_gamma  Not Supported
WGL_I3D_genlock  Not Supported
WGL_I3D_image_buffer  Not Supported
WGL_I3D_swap_frame_lock  Not Supported
WGL_I3D_swap_frame_usage  Not Supported
WGL_MTX_video_preview  Not Supported
WGL_NV_copy_image  Not Supported
WGL_NV_delay_before_swap  Not Supported
WGL_NV_DX_interop  Supported
WGL_NV_DX_interop2  Not Supported
WGL_NV_float_buffer  Not Supported
WGL_NV_gpu_affinity  Not Supported
WGL_NV_multisample_coverage  Not Supported
WGL_NV_present_video  Not Supported
WGL_NV_render_depth_texture  Not Supported
WGL_NV_render_texture_rectangle  Not Supported
WGL_NV_swap_group  Not Supported
WGL_NV_texture_rectangle  Not Supported
WGL_NV_vertex_array_range  Not Supported
WGL_NV_video_capture  Not Supported
WGL_NV_video_output  Not Supported
WGL_NVX_DX_interop  Not Supported
WGL_OML_sync_control  Not Supported
WGL_S3_cl_sharingWGL_ARB_create_context_profile  Not Supported
 
Supported Compressed Texture Formats:
RGB DXT1  Supported
RGBA DXT1  Supported
RGBA DXT3  Supported
RGBA DXT5  Supported
RGB FXT1  Supported
RGBA FXT1  Supported
3Dc  Not Supported
 
Video Adapter Manufacturer:
Company Name  Intel Corporation
Product Information  http://www.intel.com/products/chipsets
Driver Download  http://support.intel.com/support/graphics
Driver Update  http://www.aida64.com/driver-updates


GPGPU

 
[ Direct3D: Intel(R) HD Graphics ]
 
Device Properties:
Device Name  Intel(R) HD Graphics
PCI Device  8086-22B0 / 1043-1BDD (Rev 20)
Dedicated Memory  130 MB
Driver Name  igdumdim32.dll
Driver Version  10.18.15.4256
Shader Model  SM 5.1
Max Threads  1024
Multiple UAV Access  64 UAVs
Thread Dispatch  3D
Thread Local Storage  32 KB
 
Device Features:
10-bit Precision Floating-Point  Not Supported
16-bit Precision Floating-Point  Supported
Append/Consume Buffers  Supported
Atomic Operations  Supported
Double-Precision Floating-Point  Supported
Gather4  Supported
Indirect Compute Dispatch  Supported
Map On Default Buffers  Supported
 
Device Manufacturer:
Company Name  Intel Corporation
Product Information  http://www.intel.com/products/chipsets
Driver Download  http://support.intel.com/support/graphics
Driver Update  http://www.aida64.com/driver-updates
 
[ OpenCL: Intel(R) HD Graphics ]
 
OpenCL Properties:
Platform Name  Intel(R) OpenCL
Platform Vendor  Intel(R) Corporation
Platform Version  OpenCL 1.2
Platform Profile  Full
 
Device Properties:
Device Name  Intel(R) HD Graphics
Device Type  GPU
Device Vendor  Intel(R) Corporation
Device Version  OpenCL 1.2
Device Profile  Full
Driver Version  10.18.15.4256
OpenCL C Version  OpenCL C 1.2
Supported Built-In Kernels  block_motion_estimate_intel; block_advanced_motion_estimate_check_intel
Supported SPIR Versions  1.2
Clock Rate  600 MHz
Compute Units / Cores  12 / 48
Address Space Size  32-bit
Max 2D Image Size  16384 x 16384
Max 3D Image Size  2048 x 2048 x 2048
Max Image Array Size  2048
Max Image Buffer Size  12738688
Max Samplers  16
Max Work-Item Size  256 x 256 x 256
Max Work-Group Size  256
Max Argument Size  1 KB
Max Constant Buffer Size  64 KB
Max Constant Arguments  8
Max Printf Buffer Size  4 MB
Native ISA Vector Widths  char1, short1, int1, half1, float1
Preferred Native Vector Widths  char1, short1, int1, long1, half1, float1
Profiling Timer Resolution  80 ns
OpenCL DLL  opencl.dll (2.0.2.0)
 
Memory Properties:
Global Memory  777 MB
Global Memory Cache  256 KB (Read/Write, 64-byte line)
Local Memory  64 KB
Max Memory Object Allocation Size  199042 KB
Memory Base Address Alignment  1024-bit
Min Data Type Alignment  128 bytes
Image Row Pitch Alignment  4 pixels
Image Base Address Alignment  4 pixels
 
OpenCL Compliancy:
OpenCL 1.1  Yes (100%)
OpenCL 1.2  Yes (100%)
OpenCL 2.0  Yes (100%)
 
Device Features:
Command-Queue Out Of Order Execution  Disabled
Command-Queue Profiling  Enabled
Compiler Available  Yes
Error Correction  Not Supported
Images  Supported
Kernel Execution  Supported
Linker Available  Yes
Little-Endian Device  Yes
Native Kernel Execution  Not Supported
SVM Atomics  Not Supported
SVM Coarse Grain Buffer  Not Supported
SVM Fine Grain Buffer  Not Supported
SVM Fine Grain System  Not Supported
Thread Trace  Not Supported
Unified Memory  Yes
 
Half-Precision Floating-Point Capabilities:
Correctly Rounded Divide and Sqrt  Not Supported
Denorms  Not Supported
IEEE754-2008 FMA  Not Supported
INF and NaNs  Supported
Rounding to Infinity  Supported
Rounding to Nearest Even  Supported
Rounding to Zero  Supported
Software Basic Floating-Point Operations  No
 
Single-Precision Floating-Point Capabilities:
Correctly Rounded Divide and Sqrt  Supported
Denorms  Supported
IEEE754-2008 FMA  Not Supported
INF and NaNs  Supported
Rounding to Infinity  Supported
Rounding to Nearest Even  Supported
Rounding to Zero  Supported
Software Basic Floating-Point Operations  No
 
Double-Precision Floating-Point Capabilities:
Correctly Rounded Divide and Sqrt  Not Supported
Denorms  Not Supported
IEEE754-2008 FMA  Not Supported
INF and NaNs  Not Supported
Rounding to Infinity  Not Supported
Rounding to Nearest Even  Not Supported
Rounding to Zero  Not Supported
Software Basic Floating-Point Operations  No
 
Device Extensions:
Total / Supported Extensions  90 / 26
cl_altera_compiler_mode  Not Supported
cl_altera_device_temperature  Not Supported
cl_altera_live_object_tracking  Not Supported
cl_amd_bus_addressable_memory  Not Supported
cl_amd_c1x_atomics  Not Supported
cl_amd_compile_options  Not Supported
cl_amd_core_id  Not Supported
cl_amd_d3d10_interop  Not Supported
cl_amd_d3d9_interop  Not Supported
cl_amd_device_attribute_query  Not Supported
cl_amd_device_board_name  Not Supported
cl_amd_device_memory_flags  Not Supported
cl_amd_device_persistent_memory  Not Supported
cl_amd_device_profiling_timer_offset  Not Supported
cl_amd_device_topology  Not Supported
cl_amd_event_callback  Not Supported
cl_amd_fp64  Not Supported
cl_amd_hsa  Not Supported
cl_amd_image2d_from_buffer_read_only  Not Supported
cl_amd_media_ops  Not Supported
cl_amd_media_ops2  Not Supported
cl_amd_offline_devices  Not Supported
cl_amd_popcnt  Not Supported
cl_amd_predefined_macros  Not Supported
cl_amd_printf  Not Supported
cl_amd_svm  Not Supported
cl_amd_vec3  Not Supported
cl_apple_contextloggingfunctions  Not Supported
cl_apple_gl_sharing  Not Supported
cl_apple_setmemobjectdestructor  Not Supported
cl_arm_core_id  Not Supported
cl_arm_printf  Not Supported
cl_ext_atomic_counters_32  Not Supported
cl_ext_atomic_counters_64  Not Supported
cl_ext_device_fission  Not Supported
cl_ext_migrate_memobject  Not Supported
cl_intel_accelerator  Supported
cl_intel_advanced_motion_estimation  Supported
cl_intel_ctz  Supported
cl_intel_d3d11_nv12_media_sharing  Supported
cl_intel_device_partition_by_names  Not Supported
cl_intel_dx9_media_sharing  Supported
cl_intel_exec_by_local_thread  Not Supported
cl_intel_motion_estimation  Supported
cl_intel_printf  Not Supported
cl_intel_simultaneous_sharing  Supported
cl_intel_subgroups  Supported
cl_intel_thread_local_exec  Not Supported
cl_intel_va_api_media_sharing  Not Supported
cl_intel_visual_analytics  Not Supported
cl_khr_3d_image_writes  Supported
cl_khr_byte_addressable_store  Supported
cl_khr_context_abort  Not Supported
cl_khr_d3d10_sharing  Supported
cl_khr_d3d11_sharing  Supported
cl_khr_depth_images  Supported
cl_khr_dx9_media_sharing  Supported
cl_khr_egl_event  Not Supported
cl_khr_egl_image  Not Supported
cl_khr_fp16  Supported
cl_khr_fp64  Not Supported
cl_khr_gl_depth_images  Supported
cl_khr_gl_event  Supported
cl_khr_gl_msaa_sharing  Supported
cl_khr_gl_sharing  Supported
cl_khr_global_int32_base_atomics  Supported
cl_khr_global_int32_extended_atomics  Supported
cl_khr_icd  Supported
cl_khr_image2d_from_buffer  Supported
cl_khr_initialize_memory  Not Supported
cl_khr_int64_base_atomics  Not Supported
cl_khr_int64_extended_atomics  Not Supported
cl_khr_local_int32_base_atomics  Supported
cl_khr_local_int32_extended_atomics  Supported
cl_khr_mipmap_image  Not Supported
cl_khr_mipmap_image_writes  Not Supported
cl_khr_select_fprounding_mode  Not Supported
cl_khr_spir  Supported
cl_khr_srgb_image_writes  Not Supported
cl_khr_subgroups  Not Supported
cl_khr_terminate_context  Not Supported
cl_nv_compiler_options  Not Supported
cl_nv_copy_opts  Not Supported
cl_nv_d3d10_sharing  Not Supported
cl_nv_d3d11_sharing  Not Supported
cl_nv_d3d9_sharing  Not Supported
cl_nv_device_attribute_query  Not Supported
cl_nv_pragma_unroll  Not Supported
cl_qcom_ext_host_ptr  Not Supported
cl_qcom_ion_host_ptr  Not Supported
 
Device Manufacturer:
Company Name  Intel Corporation
Product Information  http://www.intel.com/products/chipsets
Driver Download  http://support.intel.com/support/graphics
Driver Update  http://www.aida64.com/driver-updates
 
[ OpenCL: Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz ]
 
OpenCL Properties:
Platform Name  Intel(R) OpenCL
Platform Vendor  Intel(R) Corporation
Platform Version  OpenCL 1.2
Platform Profile  Full
 
Device Properties:
Device Name  Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz
Device Type  CPU
Device Vendor  Intel(R) Corporation
Device Version  OpenCL 1.2 (Build 10049)
Device Profile  Full
Driver Version  5.2.0.10049
OpenCL C Version  OpenCL C 1.2
Supported SPIR Versions  1.2
Clock Rate  1440 MHz
Compute Units  4
Address Space Size  32-bit
Max 2D Image Size  16384 x 16384
Max 3D Image Size  2048 x 2048 x 2048
Max Image Array Size  2048
Max Image Buffer Size  32174400
Max Samplers  480
Max Work-Item Size  8192 x 8192 x 8192
Max Work-Group Size  8192
Max Global Variable Size  64 KB
Preferred Global Variables Total Size  64 KB
Max Argument Size  3840 bytes
Max Constant Buffer Size  128 KB
Max Constant Arguments  480
Max Pipe Arguments  16
Max Printf Buffer Size  1 MB
Native ISA Vector Widths  char16, short8, int2, float4
Preferred Native Vector Widths  char1, short1, int1, long1, float1
Profiling Timer Resolution  711 ns
OpenCL DLL  opencl.dll (2.0.2.0)
 
Memory Properties:
Global Memory  1963 MB
Global Memory Cache  1024 KB (Read/Write, 64-byte line)
Local Memory  32 KB
Max Memory Object Allocation Size  502725 KB
Memory Base Address Alignment  1024-bit
Min Data Type Alignment  128 bytes
Image Row Pitch Alignment  64 pixels
Image Base Address Alignment  64 pixels
Preferred Platform Atomic Alignment  64 bytes
Preferred Global Atomic Alignment  64 bytes
 
OpenCL Compliancy:
OpenCL 1.1  Yes (100%)
OpenCL 1.2  Yes (100%)
OpenCL 2.0  No (87%)
 
Device Features:
Command-Queue Out Of Order Execution  Enabled
Command-Queue Profiling  Enabled
Compiler Available  Yes
Error Correction  Not Supported
Images  Supported
Kernel Execution  Supported
Linker Available  Yes
Little-Endian Device  Yes
Native Kernel Execution  Supported
SVM Atomics  Supported
SVM Coarse Grain Buffer  Supported
SVM Fine Grain Buffer  Supported
SVM Fine Grain System  Supported
Thread Trace  Not Supported
Unified Memory  Yes
 
Half-Precision Floating-Point Capabilities:
Correctly Rounded Divide and Sqrt  Not Supported
Denorms  Not Supported
IEEE754-2008 FMA  Not Supported
INF and NaNs  Not Supported
Rounding to Infinity  Not Supported
Rounding to Nearest Even  Not Supported
Rounding to Zero  Not Supported
Software Basic Floating-Point Operations  No
 
Single-Precision Floating-Point Capabilities:
Correctly Rounded Divide and Sqrt  Not Supported
Denorms  Supported
IEEE754-2008 FMA  Not Supported
INF and NaNs  Supported
Rounding to Infinity  Not Supported
Rounding to Nearest Even  Supported
Rounding to Zero  Not Supported
Software Basic Floating-Point Operations  No
 
Double-Precision Floating-Point Capabilities:
Correctly Rounded Divide and Sqrt  Not Supported
Denorms  Not Supported
IEEE754-2008 FMA  Not Supported
INF and NaNs  Not Supported
Rounding to Infinity  Not Supported
Rounding to Nearest Even  Not Supported
Rounding to Zero  Not Supported
Software Basic Floating-Point Operations  No
 
Device Extensions:
Total / Supported Extensions  90 / 14
cl_altera_compiler_mode  Not Supported
cl_altera_device_temperature  Not Supported
cl_altera_live_object_tracking  Not Supported
cl_amd_bus_addressable_memory  Not Supported
cl_amd_c1x_atomics  Not Supported
cl_amd_compile_options  Not Supported
cl_amd_core_id  Not Supported
cl_amd_d3d10_interop  Not Supported
cl_amd_d3d9_interop  Not Supported
cl_amd_device_attribute_query  Not Supported
cl_amd_device_board_name  Not Supported
cl_amd_device_memory_flags  Not Supported
cl_amd_device_persistent_memory  Not Supported
cl_amd_device_profiling_timer_offset  Not Supported
cl_amd_device_topology  Not Supported
cl_amd_event_callback  Not Supported
cl_amd_fp64  Not Supported
cl_amd_hsa  Not Supported
cl_amd_image2d_from_buffer_read_only  Not Supported
cl_amd_media_ops  Not Supported
cl_amd_media_ops2  Not Supported
cl_amd_offline_devices  Not Supported
cl_amd_popcnt  Not Supported
cl_amd_predefined_macros  Not Supported
cl_amd_printf  Not Supported
cl_amd_svm  Not Supported
cl_amd_vec3  Not Supported
cl_apple_contextloggingfunctions  Not Supported
cl_apple_gl_sharing  Not Supported
cl_apple_setmemobjectdestructor  Not Supported
cl_arm_core_id  Not Supported
cl_arm_printf  Not Supported
cl_ext_atomic_counters_32  Not Supported
cl_ext_atomic_counters_64  Not Supported
cl_ext_device_fission  Not Supported
cl_ext_migrate_memobject  Not Supported
cl_intel_accelerator  Not Supported
cl_intel_advanced_motion_estimation  Not Supported
cl_intel_ctz  Not Supported
cl_intel_d3d11_nv12_media_sharing  Not Supported
cl_intel_device_partition_by_names  Not Supported
cl_intel_dx9_media_sharing  Supported
cl_intel_exec_by_local_thread  Supported
cl_intel_motion_estimation  Not Supported
cl_intel_printf  Not Supported
cl_intel_simultaneous_sharing  Not Supported
cl_intel_subgroups  Not Supported
cl_intel_thread_local_exec  Not Supported
cl_intel_va_api_media_sharing  Not Supported
cl_intel_visual_analytics  Not Supported
cl_khr_3d_image_writes  Supported
cl_khr_byte_addressable_store  Supported
cl_khr_context_abort  Not Supported
cl_khr_d3d10_sharing  Not Supported
cl_khr_d3d11_sharing  Supported
cl_khr_depth_images  Supported
cl_khr_dx9_media_sharing  Supported
cl_khr_egl_event  Not Supported
cl_khr_egl_image  Not Supported
cl_khr_fp16  Not Supported
cl_khr_fp64  Not Supported
cl_khr_gl_depth_images  Not Supported
cl_khr_gl_event  Not Supported
cl_khr_gl_msaa_sharing  Not Supported
cl_khr_gl_sharing  Supported
cl_khr_global_int32_base_atomics  Supported
cl_khr_global_int32_extended_atomics  Supported
cl_khr_icd  Supported
cl_khr_image2d_from_buffer  Not Supported
cl_khr_initialize_memory  Not Supported
cl_khr_int64_base_atomics  Not Supported
cl_khr_int64_extended_atomics  Not Supported
cl_khr_local_int32_base_atomics  Supported
cl_khr_local_int32_extended_atomics  Supported
cl_khr_mipmap_image  Not Supported
cl_khr_mipmap_image_writes  Not Supported
cl_khr_select_fprounding_mode  Not Supported
cl_khr_spir  Supported
cl_khr_srgb_image_writes  Not Supported
cl_khr_subgroups  Not Supported
cl_khr_terminate_context  Not Supported
cl_nv_compiler_options  Not Supported
cl_nv_copy_opts  Not Supported
cl_nv_d3d10_sharing  Not Supported
cl_nv_d3d11_sharing  Not Supported
cl_nv_d3d9_sharing  Not Supported
cl_nv_device_attribute_query  Not Supported
cl_nv_pragma_unroll  Not Supported
cl_qcom_ext_host_ptr  Not Supported
cl_qcom_ion_host_ptr  Not Supported
 
Device Manufacturer:
Company Name  Intel Corporation
Product Information  http://www.intel.com/products/chipsets
Driver Download  http://support.intel.com/support/graphics
Driver Update  http://www.aida64.com/driver-updates


Fonts

 
Font Family  Type  Style  Character Set  Char. Size  Char. Weight
@Malgun Gothic Semilight  Swiss  Regular  Baltic  31 x 43  30 %
@Malgun Gothic Semilight  Swiss  Regular  CHINESE_BIG5  31 x 43  30 %
@Malgun Gothic Semilight  Swiss  Regular  CHINESE_GB2312  31 x 43  30 %
@Malgun Gothic Semilight  Swiss  Regular  Cyrillic  31 x 43  30 %
@Malgun Gothic Semilight  Swiss  Regular  Greek  31 x 43  30 %
@Malgun Gothic Semilight  Swiss  Regular  Hangul(Johab)  31 x 43  30 %
@Malgun Gothic Semilight  Swiss  Regular  Hangul  31 x 43  30 %
@Malgun Gothic Semilight  Swiss  Regular  Hebrew  31 x 43  30 %
@Malgun Gothic Semilight  Swiss  Regular  Japanese  31 x 43  30 %
@Malgun Gothic Semilight  Swiss  Regular  Turkish  31 x 43  30 %
@Malgun Gothic Semilight  Swiss  Regular  Vietnamese  31 x 43  30 %
@Malgun Gothic Semilight  Swiss  Regular  Western  31 x 43  30 %
@Malgun Gothic  Swiss  Regular  Hangul  15 x 43  40 %
@Malgun Gothic  Swiss  Regular  Western  15 x 43  40 %
@Microsoft JhengHei Light  Swiss  Regular  CHINESE_BIG5  32 x 43  29 %
@Microsoft JhengHei Light  Swiss  Regular  Greek  32 x 43  29 %
@Microsoft JhengHei Light  Swiss  Regular  Western  32 x 43  29 %
@Microsoft JhengHei UI Light  Swiss  Regular  CHINESE_BIG5  32 x 41  29 %
@Microsoft JhengHei UI Light  Swiss  Regular  Greek  32 x 41  29 %
@Microsoft JhengHei UI Light  Swiss  Regular  Western  32 x 41  29 %
@Microsoft JhengHei UI  Swiss  Regular  CHINESE_BIG5  15 x 41  40 %
@Microsoft JhengHei UI  Swiss  Regular  Greek  15 x 41  40 %
@Microsoft JhengHei UI  Swiss  Regular  Western  15 x 41  40 %
@Microsoft JhengHei  Swiss  Regular  CHINESE_BIG5  15 x 43  40 %
@Microsoft JhengHei  Swiss  Regular  Greek  15 x 43  40 %
@Microsoft JhengHei  Swiss  Regular  Western  15 x 43  40 %
@Microsoft YaHei Light  Swiss  Regular  Central European  15 x 41  29 %
@Microsoft YaHei Light  Swiss  Regular  CHINESE_GB2312  15 x 41  29 %
@Microsoft YaHei Light  Swiss  Regular  Cyrillic  15 x 41  29 %
@Microsoft YaHei Light  Swiss  Regular  Greek  15 x 41  29 %
@Microsoft YaHei Light  Swiss  Regular  Western  15 x 41  29 %
@Microsoft YaHei UI Light  Swiss  Regular  Central European  15 x 42  29 %
@Microsoft YaHei UI Light  Swiss  Regular  CHINESE_GB2312  15 x 42  29 %
@Microsoft YaHei UI Light  Swiss  Regular  Cyrillic  15 x 42  29 %
@Microsoft YaHei UI Light  Swiss  Regular  Greek  15 x 42  29 %
@Microsoft YaHei UI Light  Swiss  Regular  Western  15 x 42  29 %
@Microsoft YaHei UI  Swiss  Regular  Central European  15 x 41  40 %
@Microsoft YaHei UI  Swiss  Regular  CHINESE_GB2312  15 x 41  40 %
@Microsoft YaHei UI  Swiss  Regular  Cyrillic  15 x 41  40 %
@Microsoft YaHei UI  Swiss  Regular  Greek  15 x 41  40 %
@Microsoft YaHei UI  Swiss  Regular  Turkish  15 x 41  40 %
@Microsoft YaHei UI  Swiss  Regular  Western  15 x 41  40 %
@Microsoft YaHei  Swiss  Regular  Central European  15 x 42  40 %
@Microsoft YaHei  Swiss  Regular  CHINESE_GB2312  15 x 42  40 %
@Microsoft YaHei  Swiss  Regular  Cyrillic  15 x 42  40 %
@Microsoft YaHei  Swiss  Regular  Greek  15 x 42  40 %
@Microsoft YaHei  Swiss  Regular  Turkish  15 x 42  40 %
@Microsoft YaHei  Swiss  Regular  Western  15 x 42  40 %
@MingLiU_HKSCS-ExtB  Roman  Regular  CHINESE_BIG5  16 x 32  40 %
@MingLiU_HKSCS-ExtB  Roman  Regular  Western  16 x 32  40 %
@MingLiU-ExtB  Roman  Regular  CHINESE_BIG5  16 x 32  40 %
@MingLiU-ExtB  Roman  Regular  Western  16 x 32  40 %
@NSimSun  Modern  Regular  CHINESE_GB2312  16 x 32  40 %
@NSimSun  Modern  Regular  Western  16 x 32  40 %
@PMingLiU-ExtB  Roman  Regular  CHINESE_BIG5  16 x 32  40 %
@PMingLiU-ExtB  Roman  Regular  Western  16 x 32  40 %
@SimSun  Special  Regular  CHINESE_GB2312  16 x 32  40 %
@SimSun  Special  Regular  Western  16 x 32  40 %
@SimSun-ExtB  Modern  Regular  CHINESE_GB2312  16 x 32  40 %
@SimSun-ExtB  Modern  Regular  Western  16 x 32  40 %
@Yu Gothic Light  Swiss  Regular  Baltic  31 x 41  30 %
@Yu Gothic Light  Swiss  Regular  Central European  31 x 41  30 %
@Yu Gothic Light  Swiss  Regular  Cyrillic  31 x 41  30 %
@Yu Gothic Light  Swiss  Regular  Greek  31 x 41  30 %
@Yu Gothic Light  Swiss  Regular  Japanese  31 x 41  30 %
@Yu Gothic Light  Swiss  Regular  Turkish  31 x 41  30 %
@Yu Gothic Light  Swiss  Regular  Western  31 x 41  30 %
@Yu Gothic Medium  Swiss  Regular  Baltic  31 x 41  50 %
@Yu Gothic Medium  Swiss  Regular  Central European  31 x 41  50 %
@Yu Gothic Medium  Swiss  Regular  Cyrillic  31 x 41  50 %
@Yu Gothic Medium  Swiss  Regular  Greek  31 x 41  50 %
@Yu Gothic Medium  Swiss  Regular  Japanese  31 x 41  50 %
@Yu Gothic Medium  Swiss  Regular  Turkish  31 x 41  50 %
@Yu Gothic Medium  Swiss  Regular  Western  31 x 41  50 %
@Yu Gothic UI Light  Swiss  Regular  Baltic  17 x 43  30 %
@Yu Gothic UI Light  Swiss  Regular  Central European  17 x 43  30 %
@Yu Gothic UI Light  Swiss  Regular  Cyrillic  17 x 43  30 %
@Yu Gothic UI Light  Swiss  Regular  Greek  17 x 43  30 %
@Yu Gothic UI Light  Swiss  Regular  Japanese  17 x 43  30 %
@Yu Gothic UI Light  Swiss  Regular  Turkish  17 x 43  30 %
@Yu Gothic UI Light  Swiss  Regular  Western  17 x 43  30 %
@Yu Gothic UI Semibold  Swiss  Regular  Baltic  19 x 43  60 %
@Yu Gothic UI Semibold  Swiss  Regular  Central European  19 x 43  60 %
@Yu Gothic UI Semibold  Swiss  Regular  Cyrillic  19 x 43  60 %
@Yu Gothic UI Semibold  Swiss  Regular  Greek  19 x 43  60 %
@Yu Gothic UI Semibold  Swiss  Regular  Japanese  19 x 43  60 %
@Yu Gothic UI Semibold  Swiss  Regular  Turkish  19 x 43  60 %
@Yu Gothic UI Semibold  Swiss  Regular  Western  19 x 43  60 %
@Yu Gothic UI Semilight  Swiss  Regular  Baltic  17 x 43  35 %
@Yu Gothic UI Semilight  Swiss  Regular  Central European  17 x 43  35 %
@Yu Gothic UI Semilight  Swiss  Regular  Cyrillic  17 x 43  35 %
@Yu Gothic UI Semilight  Swiss  Regular  Greek  17 x 43  35 %
@Yu Gothic UI Semilight  Swiss  Regular  Japanese  17 x 43  35 %
@Yu Gothic UI Semilight  Swiss  Regular  Turkish  17 x 43  35 %
@Yu Gothic UI Semilight  Swiss  Regular  Western  17 x 43  35 %
@Yu Gothic UI  Swiss  Regular  Baltic  17 x 43  40 %
@Yu Gothic UI  Swiss  Regular  Central European  17 x 43  40 %
@Yu Gothic UI  Swiss  Regular  Cyrillic  17 x 43  40 %
@Yu Gothic UI  Swiss  Regular  Greek  17 x 43  40 %
@Yu Gothic UI  Swiss  Regular  Japanese  17 x 43  40 %
@Yu Gothic UI  Swiss  Regular  Turkish  17 x 43  40 %
@Yu Gothic UI  Swiss  Regular  Western  17 x 43  40 %
@Yu Gothic  Swiss  Regular  Baltic  31 x 41  40 %
@Yu Gothic  Swiss  Regular  Central European  31 x 41  40 %
@Yu Gothic  Swiss  Regular  Cyrillic  31 x 41  40 %
@Yu Gothic  Swiss  Regular  Greek  31 x 41  40 %
@Yu Gothic  Swiss  Regular  Japanese  31 x 41  40 %
@Yu Gothic  Swiss  Regular  Turkish  31 x 41  40 %
@Yu Gothic  Swiss  Regular  Western  31 x 41  40 %
Arial Black  Swiss  Regular  Baltic  18 x 45  90 %
Arial Black  Swiss  Regular  Central European  18 x 45  90 %
Arial Black  Swiss  Regular  Cyrillic  18 x 45  90 %
Arial Black  Swiss  Regular  Greek  18 x 45  90 %
Arial Black  Swiss  Regular  Turkish  18 x 45  90 %
Arial Black  Swiss  Regular  Western  18 x 45  90 %
Arial  Swiss  Regular  Arabic  14 x 36  40 %
Arial  Swiss  Regular  Baltic  14 x 36  40 %
Arial  Swiss  Regular  Central European  14 x 36  40 %
Arial  Swiss  Regular  Cyrillic  14 x 36  40 %
Arial  Swiss  Regular  Greek  14 x 36  40 %
Arial  Swiss  Regular  Hebrew  14 x 36  40 %
Arial  Swiss  Regular  Turkish  14 x 36  40 %
Arial  Swiss  Regular  Vietnamese  14 x 36  40 %
Arial  Swiss  Regular  Western  14 x 36  40 %
Calibri Light  Swiss  Regular  Baltic  17 x 39  30 %
Calibri Light  Swiss  Regular  Central European  17 x 39  30 %
Calibri Light  Swiss  Regular  Cyrillic  17 x 39  30 %
Calibri Light  Swiss  Regular  Greek  17 x 39  30 %
Calibri Light  Swiss  Regular  Turkish  17 x 39  30 %
Calibri Light  Swiss  Regular  Vietnamese  17 x 39  30 %
Calibri Light  Swiss  Regular  Western  17 x 39  30 %
Calibri  Swiss  Regular  Baltic  17 x 39  40 %
Calibri  Swiss  Regular  Central European  17 x 39  40 %
Calibri  Swiss  Regular  Cyrillic  17 x 39  40 %
Calibri  Swiss  Regular  Greek  17 x 39  40 %
Calibri  Swiss  Regular  Turkish  17 x 39  40 %
Calibri  Swiss  Regular  Vietnamese  17 x 39  40 %
Calibri  Swiss  Regular  Western  17 x 39  40 %
Cambria Math  Roman  Regular  Baltic  20 x 179  40 %
Cambria Math  Roman  Regular  Central European  20 x 179  40 %
Cambria Math  Roman  Regular  Cyrillic  20 x 179  40 %
Cambria Math  Roman  Regular  Greek  20 x 179  40 %
Cambria Math  Roman  Regular  Turkish  20 x 179  40 %
Cambria Math  Roman  Regular  Vietnamese  20 x 179  40 %
Cambria Math  Roman  Regular  Western  20 x 179  40 %
Cambria  Roman  Regular  Baltic  20 x 38  40 %
Cambria  Roman  Regular  Central European  20 x 38  40 %
Cambria  Roman  Regular  Cyrillic  20 x 38  40 %
Cambria  Roman  Regular  Greek  20 x 38  40 %
Cambria  Roman  Regular  Turkish  20 x 38  40 %
Cambria  Roman  Regular  Vietnamese  20 x 38  40 %
Cambria  Roman  Regular  Western  20 x 38  40 %
Candara  Swiss  Regular  Baltic  17 x 39  40 %
Candara  Swiss  Regular  Central European  17 x 39  40 %
Candara  Swiss  Regular  Cyrillic  17 x 39  40 %
Candara  Swiss  Regular  Greek  17 x 39  40 %
Candara  Swiss  Regular  Turkish  17 x 39  40 %
Candara  Swiss  Regular  Vietnamese  17 x 39  40 %
Candara  Swiss  Regular  Western  17 x 39  40 %
Comic Sans MS  Script  Regular  Baltic  15 x 45  40 %
Comic Sans MS  Script  Regular  Central European  15 x 45  40 %
Comic Sans MS  Script  Regular  Cyrillic  15 x 45  40 %
Comic Sans MS  Script  Regular  Greek  15 x 45  40 %
Comic Sans MS  Script  Regular  Turkish  15 x 45  40 %
Comic Sans MS  Script  Regular  Western  15 x 45  40 %
Consolas  Modern  Regular  Baltic  18 x 37  40 %
Consolas  Modern  Regular  Central European  18 x 37  40 %
Consolas  Modern  Regular  Cyrillic  18 x 37  40 %
Consolas  Modern  Regular  Greek  18 x 37  40 %
Consolas  Modern  Regular  Turkish  18 x 37  40 %
Consolas  Modern  Regular  Vietnamese  18 x 37  40 %
Consolas  Modern  Regular  Western  18 x 37  40 %
Constantia  Roman  Regular  Baltic  17 x 39  40 %
Constantia  Roman  Regular  Central European  17 x 39  40 %
Constantia  Roman  Regular  Cyrillic  17 x 39  40 %
Constantia  Roman  Regular  Greek  17 x 39  40 %
Constantia  Roman  Regular  Turkish  17 x 39  40 %
Constantia  Roman  Regular  Vietnamese  17 x 39  40 %
Constantia  Roman  Regular  Western  17 x 39  40 %
Corbel  Swiss  Regular  Baltic  17 x 39  40 %
Corbel  Swiss  Regular  Central European  17 x 39  40 %
Corbel  Swiss  Regular  Cyrillic  17 x 39  40 %
Corbel  Swiss  Regular  Greek  17 x 39  40 %
Corbel  Swiss  Regular  Turkish  17 x 39  40 %
Corbel  Swiss  Regular  Vietnamese  17 x 39  40 %
Corbel  Swiss  Regular  Western  17 x 39  40 %
Courier New  Modern  Regular  Arabic  19 x 36  40 %
Courier New  Modern  Regular  Baltic  19 x 36  40 %
Courier New  Modern  Regular  Central European  19 x 36  40 %
Courier New  Modern  Regular  Cyrillic  19 x 36  40 %
Courier New  Modern  Regular  Greek  19 x 36  40 %
Courier New  Modern  Regular  Hebrew  19 x 36  40 %
Courier New  Modern  Regular  Turkish  19 x 36  40 %
Courier New  Modern  Regular  Vietnamese  19 x 36  40 %
Courier New  Modern  Regular  Western  19 x 36  40 %
Courier  Modern    Western  8 x 13  40 %
Ebrima  Special  Regular  Baltic  19 x 43  40 %
Ebrima  Special  Regular  Central European  19 x 43  40 %
Ebrima  Special  Regular  Turkish  19 x 43  40 %
Ebrima  Special  Regular  Western  19 x 43  40 %
Fixedsys  Modern    Western  8 x 15  40 %
Franklin Gothic Medium  Swiss  Regular  Baltic  14 x 36  40 %
Franklin Gothic Medium  Swiss  Regular  Central European  14 x 36  40 %
Franklin Gothic Medium  Swiss  Regular  Cyrillic  14 x 36  40 %
Franklin Gothic Medium  Swiss  Regular  Greek  14 x 36  40 %
Franklin Gothic Medium  Swiss  Regular  Turkish  14 x 36  40 %
Franklin Gothic Medium  Swiss  Regular  Western  14 x 36  40 %
Gabriola  Decorative  Regular  Baltic  16 x 59  40 %
Gabriola  Decorative  Regular  Central European  16 x 59  40 %
Gabriola  Decorative  Regular  Cyrillic  16 x 59  40 %
Gabriola  Decorative  Regular  Greek  16 x 59  40 %
Gabriola  Decorative  Regular  Turkish  16 x 59  40 %
Gabriola  Decorative  Regular  Western  16 x 59  40 %
Gadugi  Swiss  Regular  Western  18 x 43  40 %
Georgia  Roman  Regular  Baltic  14 x 36  40 %
Georgia  Roman  Regular  Central European  14 x 36  40 %
Georgia  Roman  Regular  Cyrillic  14 x 36  40 %
Georgia  Roman  Regular  Greek  14 x 36  40 %
Georgia  Roman  Regular  Turkish  14 x 36  40 %
Georgia  Roman  Regular  Western  14 x 36  40 %
Impact  Swiss  Regular  Baltic  19 x 39  40 %
Impact  Swiss  Regular  Central European  19 x 39  40 %
Impact  Swiss  Regular  Cyrillic  19 x 39  40 %
Impact  Swiss  Regular  Greek  19 x 39  40 %
Impact  Swiss  Regular  Turkish  19 x 39  40 %
Impact  Swiss  Regular  Western  19 x 39  40 %
Javanese Text  Special  Regular  Western  26 x 73  40 %
Leelawadee UI Semilight  Swiss  Regular  Thai  17 x 43  35 %
Leelawadee UI Semilight  Swiss  Regular  Vietnamese  17 x 43  35 %
Leelawadee UI Semilight  Swiss  Regular  Western  17 x 43  35 %
Leelawadee UI  Swiss  Regular  Thai  17 x 43  40 %
Leelawadee UI  Swiss  Regular  Vietnamese  17 x 43  40 %
Leelawadee UI  Swiss  Regular  Western  17 x 43  40 %
Lucida Console  Modern  Regular  Central European  19 x 32  40 %
Lucida Console  Modern  Regular  Cyrillic  19 x 32  40 %
Lucida Console  Modern  Regular  Greek  19 x 32  40 %
Lucida Console  Modern  Regular  Turkish  19 x 32  40 %
Lucida Console  Modern  Regular  Western  19 x 32  40 %
Lucida Sans Unicode  Swiss  Regular  Baltic  16 x 49  40 %
Lucida Sans Unicode  Swiss  Regular  Central European  16 x 49  40 %
Lucida Sans Unicode  Swiss  Regular  Cyrillic  16 x 49  40 %
Lucida Sans Unicode  Swiss  Regular  Greek  16 x 49  40 %
Lucida Sans Unicode  Swiss  Regular  Hebrew  16 x 49  40 %
Lucida Sans Unicode  Swiss  Regular  Turkish  16 x 49  40 %
Lucida Sans Unicode  Swiss  Regular  Western  16 x 49  40 %
Malgun Gothic Semilight  Swiss  Regular  Baltic  31 x 43  30 %
Malgun Gothic Semilight  Swiss  Regular  CHINESE_BIG5  31 x 43  30 %
Malgun Gothic Semilight  Swiss  Regular  CHINESE_GB2312  31 x 43  30 %
Malgun Gothic Semilight  Swiss  Regular  Cyrillic  31 x 43  30 %
Malgun Gothic Semilight  Swiss  Regular  Greek  31 x 43  30 %
Malgun Gothic Semilight  Swiss  Regular  Hangul(Johab)  31 x 43  30 %
Malgun Gothic Semilight  Swiss  Regular  Hangul  31 x 43  30 %
Malgun Gothic Semilight  Swiss  Regular  Hebrew  31 x 43  30 %
Malgun Gothic Semilight  Swiss  Regular  Japanese  31 x 43  30 %
Malgun Gothic Semilight  Swiss  Regular  Turkish  31 x 43  30 %
Malgun Gothic Semilight  Swiss  Regular  Vietnamese  31 x 43  30 %
Malgun Gothic Semilight  Swiss  Regular  Western  31 x 43  30 %
Malgun Gothic  Swiss  Regular  Hangul  15 x 43  40 %
Malgun Gothic  Swiss  Regular  Western  15 x 43  40 %
Marlett  Special  Regular  Symbol  31 x 32  50 %
Microsoft Himalaya  Special  Regular  Western  13 x 32  40 %
Microsoft JhengHei Light  Swiss  Regular  CHINESE_BIG5  32 x 43  29 %
Microsoft JhengHei Light  Swiss  Regular  Greek  32 x 43  29 %
Microsoft JhengHei Light  Swiss  Regular  Western  32 x 43  29 %
Microsoft JhengHei UI Light  Swiss  Regular  CHINESE_BIG5  32 x 41  29 %
Microsoft JhengHei UI Light  Swiss  Regular  Greek  32 x 41  29 %
Microsoft JhengHei UI Light  Swiss  Regular  Western  32 x 41  29 %
Microsoft JhengHei UI  Swiss  Regular  CHINESE_BIG5  15 x 41  40 %
Microsoft JhengHei UI  Swiss  Regular  Greek  15 x 41  40 %
Microsoft JhengHei UI  Swiss  Regular  Western  15 x 41  40 %
Microsoft JhengHei  Swiss  Regular  CHINESE_BIG5  15 x 43  40 %
Microsoft JhengHei  Swiss  Regular  Greek  15 x 43  40 %
Microsoft JhengHei  Swiss  Regular  Western  15 x 43  40 %
Microsoft New Tai Lue  Swiss  Regular  Western  19 x 42  40 %
Microsoft PhagsPa  Swiss  Regular  Western  24 x 41  40 %
Microsoft Sans Serif  Swiss  Regular  Arabic  14 x 36  40 %
Microsoft Sans Serif  Swiss  Regular  Baltic  14 x 36  40 %
Microsoft Sans Serif  Swiss  Regular  Central European  14 x 36  40 %
Microsoft Sans Serif  Swiss  Regular  Cyrillic  14 x 36  40 %
Microsoft Sans Serif  Swiss  Regular  Greek  14 x 36  40 %
Microsoft Sans Serif  Swiss  Regular  Hebrew  14 x 36  40 %
Microsoft Sans Serif  Swiss  Regular  Thai  14 x 36  40 %
Microsoft Sans Serif  Swiss  Regular  Turkish  14 x 36  40 %
Microsoft Sans Serif  Swiss  Regular  Vietnamese  14 x 36  40 %
Microsoft Sans Serif  Swiss  Regular  Western  14 x 36  40 %
Microsoft Tai Le  Swiss  Regular  Western  19 x 41  40 %
Microsoft YaHei Light  Swiss  Regular  Central European  15 x 41  29 %
Microsoft YaHei Light  Swiss  Regular  CHINESE_GB2312  15 x 41  29 %
Microsoft YaHei Light  Swiss  Regular  Cyrillic  15 x 41  29 %
Microsoft YaHei Light  Swiss  Regular  Greek  15 x 41  29 %
Microsoft YaHei Light  Swiss  Regular  Western  15 x 41  29 %
Microsoft YaHei UI Light  Swiss  Regular  Central European  15 x 42  29 %
Microsoft YaHei UI Light  Swiss  Regular  CHINESE_GB2312  15 x 42  29 %
Microsoft YaHei UI Light  Swiss  Regular  Cyrillic  15 x 42  29 %
Microsoft YaHei UI Light  Swiss  Regular  Greek  15 x 42  29 %
Microsoft YaHei UI Light  Swiss  Regular  Western  15 x 42  29 %
Microsoft YaHei UI  Swiss  Regular  Central European  15 x 41  40 %
Microsoft YaHei UI  Swiss  Regular  CHINESE_GB2312  15 x 41  40 %
Microsoft YaHei UI  Swiss  Regular  Cyrillic  15 x 41  40 %
Microsoft YaHei UI  Swiss  Regular  Greek  15 x 41  40 %
Microsoft YaHei UI  Swiss  Regular  Turkish  15 x 41  40 %
Microsoft YaHei UI  Swiss  Regular  Western  15 x 41  40 %
Microsoft YaHei  Swiss  Regular  Central European  15 x 42  40 %
Microsoft YaHei  Swiss  Regular  CHINESE_GB2312  15 x 42  40 %
Microsoft YaHei  Swiss  Regular  Cyrillic  15 x 42  40 %
Microsoft YaHei  Swiss  Regular  Greek  15 x 42  40 %
Microsoft YaHei  Swiss  Regular  Turkish  15 x 42  40 %
Microsoft YaHei  Swiss  Regular  Western  15 x 42  40 %
Microsoft Yi Baiti  Script  Regular  Western  21 x 32  40 %
MingLiU_HKSCS-ExtB  Roman  Regular  CHINESE_BIG5  16 x 32  40 %
MingLiU_HKSCS-ExtB  Roman  Regular  Western  16 x 32  40 %
MingLiU-ExtB  Roman  Regular  CHINESE_BIG5  16 x 32  40 %
MingLiU-ExtB  Roman  Regular  Western  16 x 32  40 %
Modern  Modern    OEM/DOS  19 x 37  40 %
Mongolian Baiti  Script  Regular  Western  14 x 34  40 %
MS Sans Serif  Swiss    Western  5 x 13  40 %
MS Serif  Roman    Western  5 x 13  40 %
MV Boli  Special  Regular  Western  18 x 52  40 %
Myanmar Text  Swiss  Regular  Western  18 x 60  40 %
Nirmala UI Semilight  Swiss  Regular  Western  17 x 43  35 %
Nirmala UI  Swiss  Regular  Western  31 x 43  40 %
NSimSun  Modern  Regular  CHINESE_GB2312  16 x 32  40 %
NSimSun  Modern  Regular  Western  16 x 32  40 %
Palatino Linotype  Roman  Regular  Baltic  14 x 43  40 %
Palatino Linotype  Roman  Regular  Central European  14 x 43  40 %
Palatino Linotype  Roman  Regular  Cyrillic  14 x 43  40 %
Palatino Linotype  Roman  Regular  Greek  14 x 43  40 %
Palatino Linotype  Roman  Regular  Turkish  14 x 43  40 %
Palatino Linotype  Roman  Regular  Vietnamese  14 x 43  40 %
Palatino Linotype  Roman  Regular  Western  14 x 43  40 %
PMingLiU-ExtB  Roman  Regular  CHINESE_BIG5  16 x 32  40 %
PMingLiU-ExtB  Roman  Regular  Western  16 x 32  40 %
Roman  Roman    OEM/DOS  22 x 37  40 %
Script  Script    OEM/DOS  16 x 36  40 %
Segoe MDL2 Assets  Roman  Regular  Western  33 x 32  40 %
Segoe Print  Special  Regular  Baltic  21 x 56  40 %
Segoe Print  Special  Regular  Central European  21 x 56  40 %
Segoe Print  Special  Regular  Cyrillic  21 x 56  40 %
Segoe Print  Special  Regular  Greek  21 x 56  40 %
Segoe Print  Special  Regular  Turkish  21 x 56  40 %
Segoe Print  Special  Regular  Western  21 x 56  40 %
Segoe Script  Swiss  Regular  Baltic  22 x 51  40 %
Segoe Script  Swiss  Regular  Central European  22 x 51  40 %
Segoe Script  Swiss  Regular  Cyrillic  22 x 51  40 %
Segoe Script  Swiss  Regular  Greek  22 x 51  40 %
Segoe Script  Swiss  Regular  Turkish  22 x 51  40 %
Segoe Script  Swiss  Regular  Western  22 x 51  40 %
Segoe UI Black  Swiss  Regular  Baltic  20 x 43  90 %
Segoe UI Black  Swiss  Regular  Central European  20 x 43  90 %
Segoe UI Black  Swiss  Regular  Cyrillic  20 x 43  90 %
Segoe UI Black  Swiss  Regular  Greek  20 x 43  90 %
Segoe UI Black  Swiss  Regular  Turkish  20 x 43  90 %
Segoe UI Black  Swiss  Regular  Vietnamese  20 x 43  90 %
Segoe UI Black  Swiss  Regular  Western  20 x 43  90 %
Segoe UI Emoji  Swiss  Regular  Western  23 x 43  40 %
Segoe UI Historic  Swiss  Regular  Western  27 x 43  40 %
Segoe UI Light  Swiss  Regular  Arabic  17 x 43  30 %
Segoe UI Light  Swiss  Regular  Baltic  17 x 43  30 %
Segoe UI Light  Swiss  Regular  Central European  17 x 43  30 %
Segoe UI Light  Swiss  Regular  Cyrillic  17 x 43  30 %
Segoe UI Light  Swiss  Regular  Greek  17 x 43  30 %
Segoe UI Light  Swiss  Regular  Hebrew  17 x 43  30 %
Segoe UI Light  Swiss  Regular  Turkish  17 x 43  30 %
Segoe UI Light  Swiss  Regular  Vietnamese  17 x 43  30 %
Segoe UI Light  Swiss  Regular  Western  17 x 43  30 %
Segoe UI Semibold  Swiss  Regular  Arabic  18 x 43  60 %
Segoe UI Semibold  Swiss  Regular  Baltic  18 x 43  60 %
Segoe UI Semibold  Swiss  Regular  Central European  18 x 43  60 %
Segoe UI Semibold  Swiss  Regular  Cyrillic  18 x 43  60 %
Segoe UI Semibold  Swiss  Regular  Greek  18 x 43  60 %
Segoe UI Semibold  Swiss  Regular  Hebrew  18 x 43  60 %
Segoe UI Semibold  Swiss  Regular  Turkish  18 x 43  60 %
Segoe UI Semibold  Swiss  Regular  Vietnamese  18 x 43  60 %
Segoe UI Semibold  Swiss  Regular  Western  18 x 43  60 %
Segoe UI Semilight  Swiss  Regular  Arabic  17 x 43  35 %
Segoe UI Semilight  Swiss  Regular  Baltic  17 x 43  35 %
Segoe UI Semilight  Swiss  Regular  Central European  17 x 43  35 %
Segoe UI Semilight  Swiss  Regular  Cyrillic  17 x 43  35 %
Segoe UI Semilight  Swiss  Regular  Greek  17 x 43  35 %
Segoe UI Semilight  Swiss  Regular  Hebrew  17 x 43  35 %
Segoe UI Semilight  Swiss  Regular  Turkish  17 x 43  35 %
Segoe UI Semilight  Swiss  Regular  Vietnamese  17 x 43  35 %
Segoe UI Semilight  Swiss  Regular  Western  17 x 43  35 %
Segoe UI Symbol  Swiss  Regular  Western  23 x 43  40 %
Segoe UI  Swiss  Regular  Arabic  17 x 43  40 %
Segoe UI  Swiss  Regular  Baltic  17 x 43  40 %
Segoe UI  Swiss  Regular  Central European  17 x 43  40 %
Segoe UI  Swiss  Regular  Cyrillic  17 x 43  40 %
Segoe UI  Swiss  Regular  Greek  17 x 43  40 %
Segoe UI  Swiss  Regular  Hebrew  17 x 43  40 %
Segoe UI  Swiss  Regular  Turkish  17 x 43  40 %
Segoe UI  Swiss  Regular  Vietnamese  17 x 43  40 %
Segoe UI  Swiss  Regular  Western  17 x 43  40 %
SimSun  Special  Regular  CHINESE_GB2312  16 x 32  40 %
SimSun  Special  Regular  Western  16 x 32  40 %
SimSun-ExtB  Modern  Regular  CHINESE_GB2312  16 x 32  40 %
SimSun-ExtB  Modern  Regular  Western  16 x 32  40 %
Sitka Banner  Special  Regular  Baltic  16 x 46  40 %
Sitka Banner  Special  Regular  Central European  16 x 46  40 %
Sitka Banner  Special  Regular  Cyrillic  16 x 46  40 %
Sitka Banner  Special  Regular  Greek  16 x 46  40 %
Sitka Banner  Special  Regular  Turkish  16 x 46  40 %
Sitka Banner  Special  Regular  Vietnamese  16 x 46  40 %
Sitka Banner  Special  Regular  Western  16 x 46  40 %
Sitka Display  Special  Regular  Baltic  17 x 46  40 %
Sitka Display  Special  Regular  Central European  17 x 46  40 %
Sitka Display  Special  Regular  Cyrillic  17 x 46  40 %
Sitka Display  Special  Regular  Greek  17 x 46  40 %
Sitka Display  Special  Regular  Turkish  17 x 46  40 %
Sitka Display  Special  Regular  Vietnamese  17 x 46  40 %
Sitka Display  Special  Regular  Western  17 x 46  40 %
Sitka Heading  Special  Regular  Baltic  17 x 46  40 %
Sitka Heading  Special  Regular  Central European  17 x 46  40 %
Sitka Heading  Special  Regular  Cyrillic  17 x 46  40 %
Sitka Heading  Special  Regular  Greek  17 x 46  40 %
Sitka Heading  Special  Regular  Turkish  17 x 46  40 %
Sitka Heading  Special  Regular  Vietnamese  17 x 46  40 %
Sitka Heading  Special  Regular  Western  17 x 46  40 %
Sitka Small  Special  Regular  Baltic  21 x 47  40 %
Sitka Small  Special  Regular  Central European  21 x 47  40 %
Sitka Small  Special  Regular  Cyrillic  21 x 47  40 %
Sitka Small  Special  Regular  Greek  21 x 47  40 %
Sitka Small  Special  Regular  Turkish  21 x 47  40 %
Sitka Small  Special  Regular  Vietnamese  21 x 47  40 %
Sitka Small  Special  Regular  Western  21 x 47  40 %
Sitka Subheading  Special  Regular  Baltic  18 x 46  40 %
Sitka Subheading  Special  Regular  Central European  18 x 46  40 %
Sitka Subheading  Special  Regular  Cyrillic  18 x 46  40 %
Sitka Subheading  Special  Regular  Greek  18 x 46  40 %
Sitka Subheading  Special  Regular  Turkish  18 x 46  40 %
Sitka Subheading  Special  Regular  Vietnamese  18 x 46  40 %
Sitka Subheading  Special  Regular  Western  18 x 46  40 %
Sitka Text  Special  Regular  Baltic  19 x 46  40 %
Sitka Text  Special  Regular  Central European  19 x 46  40 %
Sitka Text  Special  Regular  Cyrillic  19 x 46  40 %
Sitka Text  Special  Regular  Greek  19 x 46  40 %
Sitka Text  Special  Regular  Turkish  19 x 46  40 %
Sitka Text  Special  Regular  Vietnamese  19 x 46  40 %
Sitka Text  Special  Regular  Western  19 x 46  40 %
Small Fonts  Swiss    Western  1 x 3  40 %
Sylfaen  Roman  Regular  Baltic  13 x 42  40 %
Sylfaen  Roman  Regular  Central European  13 x 42  40 %
Sylfaen  Roman  Regular  Cyrillic  13 x 42  40 %
Sylfaen  Roman  Regular  Greek  13 x 42  40 %
Sylfaen  Roman  Regular  Turkish  13 x 42  40 %
Sylfaen  Roman  Regular  Western  13 x 42  40 %
Symbol  Roman  Regular  Symbol  19 x 39  40 %
System  Swiss    Western  7 x 16  70 %
Tahoma  Swiss  Regular  Arabic  14 x 39  40 %
Tahoma  Swiss  Regular  Baltic  14 x 39  40 %
Tahoma  Swiss  Regular  Central European  14 x 39  40 %
Tahoma  Swiss  Regular  Cyrillic  14 x 39  40 %
Tahoma  Swiss  Regular  Greek  14 x 39  40 %
Tahoma  Swiss  Regular  Hebrew  14 x 39  40 %
Tahoma  Swiss  Regular  Thai  14 x 39  40 %
Tahoma  Swiss  Regular  Turkish  14 x 39  40 %
Tahoma  Swiss  Regular  Vietnamese  14 x 39  40 %
Tahoma  Swiss  Regular  Western  14 x 39  40 %
Terminal  Modern    OEM/DOS  8 x 12  40 %
Times New Roman  Roman  Regular  Arabic  13 x 35  40 %
Times New Roman  Roman  Regular  Baltic  13 x 35  40 %
Times New Roman  Roman  Regular  Central European  13 x 35  40 %
Times New Roman  Roman  Regular  Cyrillic  13 x 35  40 %
Times New Roman  Roman  Regular  Greek  13 x 35  40 %
Times New Roman  Roman  Regular  Hebrew  13 x 35  40 %
Times New Roman  Roman  Regular  Turkish  13 x 35  40 %
Times New Roman  Roman  Regular  Vietnamese  13 x 35  40 %
Times New Roman  Roman  Regular  Western  13 x 35  40 %
Trebuchet MS  Swiss  Regular  Baltic  15 x 37  40 %
Trebuchet MS  Swiss  Regular  Central European  15 x 37  40 %
Trebuchet MS  Swiss  Regular  Cyrillic  15 x 37  40 %
Trebuchet MS  Swiss  Regular  Greek  15 x 37  40 %
Trebuchet MS  Swiss  Regular  Turkish  15 x 37  40 %
Trebuchet MS  Swiss  Regular  Western  15 x 37  40 %
Verdana  Swiss  Regular  Baltic  16 x 39  40 %
Verdana  Swiss  Regular  Central European  16 x 39  40 %
Verdana  Swiss  Regular  Cyrillic  16 x 39  40 %
Verdana  Swiss  Regular  Greek  16 x 39  40 %
Verdana  Swiss  Regular  Turkish  16 x 39  40 %
Verdana  Swiss  Regular  Vietnamese  16 x 39  40 %
Verdana  Swiss  Regular  Western  16 x 39  40 %
Webdings  Roman  Regular  Symbol  31 x 32  40 %
Wingdings  Special  Regular  Symbol  28 x 36  40 %
Yu Gothic Light  Swiss  Regular  Baltic  31 x 41  30 %
Yu Gothic Light  Swiss  Regular  Central European  31 x 41  30 %
Yu Gothic Light  Swiss  Regular  Cyrillic  31 x 41  30 %
Yu Gothic Light  Swiss  Regular  Greek  31 x 41  30 %
Yu Gothic Light  Swiss  Regular  Japanese  31 x 41  30 %
Yu Gothic Light  Swiss  Regular  Turkish  31 x 41  30 %
Yu Gothic Light  Swiss  Regular  Western  31 x 41  30 %
Yu Gothic Medium  Swiss  Regular  Baltic  31 x 41  50 %
Yu Gothic Medium  Swiss  Regular  Central European  31 x 41  50 %
Yu Gothic Medium  Swiss  Regular  Cyrillic  31 x 41  50 %
Yu Gothic Medium  Swiss  Regular  Greek  31 x 41  50 %
Yu Gothic Medium  Swiss  Regular  Japanese  31 x 41  50 %
Yu Gothic Medium  Swiss  Regular  Turkish  31 x 41  50 %
Yu Gothic Medium  Swiss  Regular  Western  31 x 41  50 %
Yu Gothic UI Light  Swiss  Regular  Baltic  17 x 43  30 %
Yu Gothic UI Light  Swiss  Regular  Central European  17 x 43  30 %
Yu Gothic UI Light  Swiss  Regular  Cyrillic  17 x 43  30 %
Yu Gothic UI Light  Swiss  Regular  Greek  17 x 43  30 %
Yu Gothic UI Light  Swiss  Regular  Japanese  17 x 43  30 %
Yu Gothic UI Light  Swiss  Regular  Turkish  17 x 43  30 %
Yu Gothic UI Light  Swiss  Regular  Western  17 x 43  30 %
Yu Gothic UI Semibold  Swiss  Regular  Baltic  19 x 43  60 %
Yu Gothic UI Semibold  Swiss  Regular  Central European  19 x 43  60 %
Yu Gothic UI Semibold  Swiss  Regular  Cyrillic  19 x 43  60 %
Yu Gothic UI Semibold  Swiss  Regular  Greek  19 x 43  60 %
Yu Gothic UI Semibold  Swiss  Regular  Japanese  19 x 43  60 %
Yu Gothic UI Semibold  Swiss  Regular  Turkish  19 x 43  60 %
Yu Gothic UI Semibold  Swiss  Regular  Western  19 x 43  60 %
Yu Gothic UI Semilight  Swiss  Regular  Baltic  17 x 43  35 %
Yu Gothic UI Semilight  Swiss  Regular  Central European  17 x 43  35 %
Yu Gothic UI Semilight  Swiss  Regular  Cyrillic  17 x 43  35 %
Yu Gothic UI Semilight  Swiss  Regular  Greek  17 x 43  35 %
Yu Gothic UI Semilight  Swiss  Regular  Japanese  17 x 43  35 %
Yu Gothic UI Semilight  Swiss  Regular  Turkish  17 x 43  35 %
Yu Gothic UI Semilight  Swiss  Regular  Western  17 x 43  35 %
Yu Gothic UI  Swiss  Regular  Baltic  17 x 43  40 %
Yu Gothic UI  Swiss  Regular  Central European  17 x 43  40 %
Yu Gothic UI  Swiss  Regular  Cyrillic  17 x 43  40 %
Yu Gothic UI  Swiss  Regular  Greek  17 x 43  40 %
Yu Gothic UI  Swiss  Regular  Japanese  17 x 43  40 %
Yu Gothic UI  Swiss  Regular  Turkish  17 x 43  40 %
Yu Gothic UI  Swiss  Regular  Western  17 x 43  40 %
Yu Gothic  Swiss  Regular  Baltic  31 x 41  40 %
Yu Gothic  Swiss  Regular  Central European  31 x 41  40 %
Yu Gothic  Swiss  Regular  Cyrillic  31 x 41  40 %
Yu Gothic  Swiss  Regular  Greek  31 x 41  40 %
Yu Gothic  Swiss  Regular  Japanese  31 x 41  40 %
Yu Gothic  Swiss  Regular  Turkish  31 x 41  40 %
Yu Gothic  Swiss  Regular  Western  31 x 41  40 %


Windows Audio

 
Device  Identifier  Device Description
midi-out.0  0001 001B  Microsoft GS Wavetable Synth
mixer.0  0001 0068  Speakers (Intel SST Audio Devic
mixer.1  0001 0068  Microphone (Intel SST Audio Dev
wave-in.0  0001 0065  Microphone (Intel SST Audio Dev
wave-out.0  0001 0064  Speakers (Intel SST Audio Devic


Audio Codecs

 
[ Fraunhofer IIS MPEG Layer-3 Codec (decode only) ]
 
ACM Driver Properties:
Driver Description  Fraunhofer IIS MPEG Layer-3 Codec (decode only)
Copyright Notice  Copyright © 1996-1999 Fraunhofer Institut Integrierte Schaltungen IIS
Driver Features  decoder only version
Driver Version  1.09
 
[ Microsoft ADPCM CODEC ]
 
ACM Driver Properties:
Driver Description  Microsoft ADPCM CODEC
Copyright Notice  Copyright (C) 1992-1996 Microsoft Corporation
Driver Features  Compresses and decompresses Microsoft ADPCM audio data.
Driver Version  4.00
 
[ Microsoft CCITT G.711 A-Law and u-Law CODEC ]
 
ACM Driver Properties:
Driver Description  Microsoft CCITT G.711 A-Law and u-Law CODEC
Copyright Notice  Copyright (c) 1993-1996 Microsoft Corporation
Driver Features  Compresses and decompresses CCITT G.711 A-Law and u-Law audio data.
Driver Version  4.00
 
[ Microsoft GSM 6.10 Audio CODEC ]
 
ACM Driver Properties:
Driver Description  Microsoft GSM 6.10 Audio CODEC
Copyright Notice  Copyright (C) 1993-1996 Microsoft Corporation
Driver Features  Compresses and decompresses audio data conforming to the ETSI-GSM (European Telecommunications Standards Institute-Groupe Special Mobile) recommendation 6.10.
Driver Version  4.00
 
[ Microsoft IMA ADPCM CODEC ]
 
ACM Driver Properties:
Driver Description  Microsoft IMA ADPCM CODEC
Copyright Notice  Copyright (C) 1992-1996 Microsoft Corporation
Driver Features  Compresses and decompresses IMA ADPCM audio data.
Driver Version  4.00
 
[ Microsoft PCM Converter ]
 
ACM Driver Properties:
Driver Description  Microsoft PCM Converter
Copyright Notice  Copyright (C) 1992-1996 Microsoft Corporation
Driver Features  Converts frequency and bits per sample of PCM audio data.
Driver Version  5.00


Video Codecs

 
Driver  Version  Description
iccvid.dll  1.10.0.11  Cinepak® Codec
iyuv_32.dll  10.0.10240.16384 (th1.150709-1700)  Intel Indeo(R) Video YUV Codec
msrle32.dll  10.0.10240.16384 (th1.150709-1700)  Microsoft RLE Compressor
msvidc32.dll  10.0.10240.16384 (th1.150709-1700)  Microsoft Video 1 Compressor
msyuv.dll  10.0.10240.16384 (th1.150709-1700)  Microsoft UYVY Video Decompressor
tsbyuv.dll  10.0.10240.16384 (th1.150709-1700)  Toshiba Video Codec


MCI

 
[ AVIVideo ]
 
MCI Device Properties:
Device  AVIVideo
Name  Video for Windows
Description  Video For Windows MCI driver
Type  Digital Video Device
Driver  mciavi32.dll
Status  Enabled
 
MCI Device Features:
Compound Device  Yes
File Based Device  Yes
Can Eject  No
Can Play  Yes
Can Play In Reverse  Yes
Can Record  No
Can Save Data  No
Can Freeze Data  No
Can Lock Data  No
Can Stretch Frame  Yes
Can Stretch Input  No
Can Test  Yes
Audio Capable  Yes
Video Capable  Yes
Still Image Capable  No
 
[ CDAudio ]
 
MCI Device Properties:
Device  CDAudio
Description  MCI driver for cdaudio devices
Driver  mcicda.dll
Status  Enabled
 
[ MPEGVideo ]
 
MCI Device Properties:
Device  MPEGVideo
Name  DirectShow
Description  DirectShow MCI Driver
Type  Digital Video Device
Driver  mciqtz32.dll
Status  Enabled
 
MCI Device Features:
Compound Device  Yes
File Based Device  Yes
Can Eject  No
Can Play  Yes
Can Play In Reverse  No
Can Record  No
Can Save Data  No
Can Freeze Data  No
Can Lock Data  No
Can Stretch Frame  Yes
Can Stretch Input  No
Can Test  Yes
Audio Capable  Yes
Video Capable  Yes
Still Image Capable  No
 
[ Sequencer ]
 
MCI Device Properties:
Device  Sequencer
Name  MIDI Sequencer
Description  MCI driver for MIDI sequencer
Type  Sequencer Device
Driver  mciseq.dll
Status  Enabled
 
MCI Device Features:
Compound Device  Yes
File Based Device  Yes
Can Eject  No
Can Play  Yes
Can Record  No
Can Save Data  No
Audio Capable  Yes
Video Capable  No
 
[ WaveAudio ]
 
MCI Device Properties:
Device  WaveAudio
Name  Sound
Description  MCI driver for waveform audio
Type  Waveform Audio Device
Driver  mciwave.dll
Status  Enabled
 
MCI Device Features:
Compound Device  Yes
File Based Device  Yes
Can Eject  No
Can Play  Yes
Can Record  Yes
Can Save Data  Yes
Audio Capable  Yes
Video Capable  No


SAPI

 
SAPI Properties:
SAPI4 Version  -
SAPI5 Version  5.3.18709.0
 
Voice (SAPI5):
Name  Microsoft David Desktop - English (United States)
Voice Path  C:\Windows\Speech\Engines\TTS\en-US\M1033DAV
Age  Adult
Gender  Male
Language  English (United States)
Vendor  Microsoft
Version  11.0
DLL File  C:\Windows\SysWOW64\speech\engines\tts\MSTTSEngine.dll (x86)
CLSID  {C64501F6-E6E6-451f-A150-25D0839BC510}
 
Voice (SAPI5):
Name  Microsoft Zira Desktop - English (United States)
Voice Path  C:\Windows\Speech\Engines\TTS\en-US\M1033ZIR
Age  Adult
Gender  Female
Language  English (United States)
Vendor  Microsoft
Version  11.0
DLL File  C:\Windows\SysWOW64\speech\engines\tts\MSTTSEngine.dll (x86)
CLSID  {C64501F6-E6E6-451f-A150-25D0839BC510}
 
Speech Recognizer (SAPI5):
Name  Microsoft Speech Recognizer 8.0 for Windows (English - US)
Description  Microsoft Speech Recognizer 8.0 for Windows (English - US)
FE Config Data File  C:\Windows\Speech\Engines\SR\en-US\c1033dsk.fe
Language  English (United States); English
Speaking Style  Discrete;Continuous
Supported Locales  English (United States); English (Canada); English (Philippines); English
Vendor  Microsoft
Version  8.0
DLL File  C:\Windows\System32\Speech\Engines\SR\spsreng.dll (x64)
CLSID  {DAC9F469-0C67-4643-9258-87EC128C5941}
RecoExtension  {4F4DB904-CA35-4A3A-90AF-C9D8BE7532AC}


Windows Storage

 
[ Samsung CGND3R ]
 
Device Properties:
Driver Description  Samsung CGND3R
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  disk.inf
 
Device Manufacturer:
Company Name  Samsung
Product Information  http://www.samsung.com/us/computer/solid-state-drives
 
[ Microsoft Storage Spaces Controller ]
 
Device Properties:
Driver Description  Microsoft Storage Spaces Controller
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  spaceport.inf
 
[ SD Storage Class Controller ]
 
Device Properties:
Driver Description  SD Storage Class Controller
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  sdstor.inf


Logical Drives

 
Drive  Drive Type  File System  Total Size  Used Space  Free Space  % Free  Volume Serial
C:  Local Disk  NTFS  58862 MB  22035 MB  36827 MB  63 %  A299-DFFF


Physical Drives

 
[ Drive #1 - CGND3R (58 GB) ]
 
Partition  Partition Type  Drive  Start Offset  Partition Length
#1  EFI System    1 MB  260 MB
#2  MS Reserved    261 MB  16 MB
#3  Basic Data  C:  277 MB  58863 MB
#4  MS Recovery    59140 MB  499 MB


Windows Network

 
[ Bluetooth Device (Personal Area Network) ]
 
Network Adapter Properties:
Network Adapter  Bluetooth Device (Personal Area Network)
Interface Type  Bluetooth Ethernet
Hardware Address  04-E6-76-43-62-CF
Connection Name  Bluetooth Network Connection
Connection Speed  3 Mbps
MTU  1500 bytes
Bytes Received  0
Bytes Sent  0
 
[ Broadcom 802.11abgn Wireless SDIO Adapter ]
 
Network Adapter Properties:
Network Adapter  Broadcom 802.11abgn Wireless SDIO Adapter
Interface Type  802.11 Wireless Ethernet
Hardware Address  04-E6-76-43-62-CE
Connection Name  Wi-Fi
Connection Speed  150 Mbps
MTU  1500 bytes
DHCP Lease Obtained  27/08/2015 16:43:45
DHCP Lease Expires  28/08/2015 16:43:45
Bytes Received  2109418234 (2011.7 MB)
Bytes Sent  45973586 (43.8 MB)
 
Network Adapter Addresses:
IP / Subnet Mask  192.168.1.112 / 255.255.255.0
Gateway  192.168.1.1
DHCP  192.168.1.1
DNS  192.168.1.1
 
Network Adapter Manufacturer:
Company Name  Broadcom Corporation
Product Information  http://www.broadcom.com/products
Driver Download  http://www.broadcom.com/support/?gid=9
Driver Update  http://www.aida64.com/driver-updates
 
[ Microsoft Wi-Fi Direct Virtual Adapter ]
 
Network Adapter Properties:
Network Adapter  Microsoft Wi-Fi Direct Virtual Adapter
Interface Type  802.11 Wireless Ethernet
Hardware Address  06-E6-76-43-62-CE
Connection Name  Local Area Connection* 2
MTU  1500 bytes
Bytes Received  0
Bytes Sent  0


Internet

 
Internet Settings:
Start Page  about:Tabs
Search Page  http://go.microsoft.com/fwlink/?LinkId=54896
Local Page  %11%\blank.htm
Download Folder  
 
Current Proxy:
Proxy Status  Disabled
 
LAN Proxy:
Proxy Status  Disabled


Routes

 
Type  Net Destination  Netmask  Gateway  Metric  Interface
Active  0.0.0.0  0.0.0.0  192.168.1.1  25  192.168.1.112 (Broadcom 802.11abgn Wireless SDIO Adapter)
Active  127.0.0.0  255.0.0.0  127.0.0.1  306  127.0.0.1 (Software Loopback Interface 1)
Active  127.0.0.1  255.255.255.255  127.0.0.1  306  127.0.0.1 (Software Loopback Interface 1)
Active  127.255.255.255  255.255.255.255  127.0.0.1  306  127.0.0.1 (Software Loopback Interface 1)
Active  192.168.1.0  255.255.255.0  192.168.1.112  281  192.168.1.112 (Broadcom 802.11abgn Wireless SDIO Adapter)
Active  192.168.1.112  255.255.255.255  192.168.1.112  281  192.168.1.112 (Broadcom 802.11abgn Wireless SDIO Adapter)
Active  192.168.1.255  255.255.255.255  192.168.1.112  281  192.168.1.112 (Broadcom 802.11abgn Wireless SDIO Adapter)
Active  224.0.0.0  240.0.0.0  127.0.0.1  306  127.0.0.1 (Software Loopback Interface 1)
Active  224.0.0.0  240.0.0.0  192.168.1.112  281  192.168.1.112 (Broadcom 802.11abgn Wireless SDIO Adapter)
Active  255.255.255.255  255.255.255.255  127.0.0.1  306  127.0.0.1 (Software Loopback Interface 1)
Active  255.255.255.255  255.255.255.255  192.168.1.112  281  192.168.1.112 (Broadcom 802.11abgn Wireless SDIO Adapter)


IE Cookie

 
Last Access  URL
2015-08-27 16:43:34  galff@g.live.com/
2015-08-27 16:43:55  galff@login.live.com/
2015-08-27 16:43:59  galff@live.com/


Browser History

 
Last Access  URL
2015-08-20 20:18:32  galff@https://green.erne.co/tags?id1=cm_tc_195430B255D60BE971F81E9C6F9E1E02&id2=cm_uid_298049953804454889&ncm=1&cid=c400d45a
2015-08-20 20:18:32  galff@https://pix.tagcdn.com/cm/c400d45a
2015-08-20 20:54:04  galff@https://p4-ctdzib5cod32c-lcohvigbcihq2nhb-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
2015-08-20 20:54:04  galff@https://p4-ctdzib5cod32c-lcohvigbcihq2nhb-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
2015-08-21 00:49:49  galff@https://huomdgde.hit.gemius.pl/gdejs/xgde.html
2015-08-22 11:40:00  galff@https://vine.co/v/eDpBrmgQXxw
2015-08-22 16:50:49  galff@https://green.erne.co/tags?id1=cm_tc_195430B255D87E3A71FA1E9893367C02&id2=cm_uid_298326098726911546&ncm=1&cid=d9b700c1
2015-08-22 16:50:49  galff@https://pix.tagcdn.com/cm/d9b700c1
2015-08-22 20:09:23  galff@https://apps.skype.com/chatadwidget/?containerType=NR
2015-08-22 20:09:26  galff@https://az361816.vo.msecnd.net/flextag/flextag.html?guid=37778bd6-65e6-49ad-93ca-484ac0865c4e
2015-08-22 21:11:56  galff@https://tap-secure.rubiconproject.com/partner/scripts/rubicon/emily.html?pc=11742/55632&geo=eu&co=hu
2015-08-22 21:11:56  galff@https://tap-secure.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=11742/55632&geo=eu&co=hu
2015-08-22 23:03:13  galff@https://apps.skype.com/incalladwidget/
2015-08-22 23:03:15  galff@https://az361816.vo.msecnd.net/flextag/flextag.html?guid=7ccf551d-173c-4727-9de8-5e70e2001889
2015-08-22 23:03:15  galff@https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
2015-08-22 23:03:15  galff@https://tpc.googlesyndication.com/safeframe/1-0-2/html/container.html?n=2
2015-08-22 23:03:15  galff@https://www.google.com/pagead/drt/ui
2015-08-23 01:12:25  galff@https://pix.tagcdn.com/cm/b31b41f5
2015-08-23 01:12:26  galff@https://green.erne.co/tags?id1=cm_tc_195430B255D8F3CA71F81E9995403202&id2=cm_uid_298034451120190410&ncm=1&cid=b31b41f5
2015-08-23 18:45:55  galff@http://support.amd.com/en-us/download/ccc
2015-08-23 18:45:55  galff@http://support.amd.com/en-us/download/ccc?lang=us
2015-08-23 18:45:55  galff@http://support.amd.com/us/ccc/Pages/index.aspx
2015-08-24 11:31:31  galff@https://apps.skype.com/adcontrol/prelogic.html
2015-08-24 11:31:36  galff@https://apps.skype.com/home/?uiversion=7.8.0.102&language=hu
2015-08-24 11:31:41  galff@https://apps.skype.com/home/index.html
2015-08-24 11:31:41  galff@https://m.hotmail.com/
2015-08-24 11:31:41  galff@https://s-static.ak.facebook.com/connect/xd_arbiter/PqAPbTuc2cR.js?version=41
2015-08-24 11:31:43  galff@http://pbid.fxdepo.com/engine?site=139812;size=300x250;linktarget=_blank;rnd=(randomNumber)
2015-08-24 11:31:44  galff@https://ls.hit.gemius.pl/lsset.html
2015-08-24 11:32:03  galff@https://apps.skype.com/shared/adexpert/frame-hider.html
2015-08-24 11:32:03  galff@https://static.skypeassets.com/adserver/AdLoader.html?version=1.66.17
2015-08-24 11:32:05  galff@https://az361816.vo.msecnd.net/flextag/flextag.html?guid=cd2e0a1f-d251-46d3-8cc6-5aa22bd23662
2015-08-24 11:32:05  galff@https://ls.hit.gemius.pl/lsget.html
2015-08-27 16:43:57  galff@https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srf
2015-08-27 16:43:58  galff@https://login.live.com/oauth20_desktop.srf?lc=2057
2015-08-27 16:44:00  galff@https://login.live.com/oauth20_desktop.srf?lc=1033
2015-08-27 16:53:07  galff@ms-settings:powersleep
2015-08-27 17:10:57  galff@file:///C:/Users/galff/OneDrive/t100.txt
2015-08-27 17:11:42  galff@file:///C:/Users/galff/Downloads
2015-08-27 17:19:15  galff@file:///C:/Users/galff/AppData/Local/Temp/rpt-1.htm


DirectX Files

 
Name  Version  Type  Language  Size  Date
amstream.dll  6.02.10240.16384  Final Retail  English  82944  10/07/2015 14:00:28
bdaplgin.ax  6.02.10240.16384  Final Retail  English  78336  10/07/2015 14:01:12
d2d1.dll  6.02.10240.16384  Final Retail  English  4737024  10/07/2015 14:00:30
d3d10.dll  6.02.10240.16384  Final Retail  English  1060352  10/07/2015 14:00:36
d3d10_1.dll  6.02.10240.16384  Final Retail  English  157696  10/07/2015 14:00:36
d3d10_1core.dll  6.02.10240.16384  Final Retail  English  356352  10/07/2015 14:00:36
d3d10core.dll  6.02.10240.16384  Final Retail  English  320000  10/07/2015 14:00:36
d3d10level9.dll  6.02.10240.16384  Final Retail  English  501992  10/07/2015 14:00:30
d3d10warp.dll  6.02.10240.16384  Final Retail  English  2187960  10/07/2015 14:00:36
d3d11.dll  6.02.10240.16384  Final Retail  English  2158960  10/07/2015 14:00:30
d3d12.dll  6.02.10240.16384  Final Retail  English  632832  10/07/2015 14:00:30
d3d8.dll  6.02.10240.16384  Final Retail  English  1074176  10/07/2015 14:00:34
d3d8thk.dll  6.02.10240.16384  Final Retail  English  12800  10/07/2015 14:00:34
d3d9.dll  6.02.10240.16412  Final Retail  English  1867160  30/07/2015 07:26:17
d3dim.dll  6.02.10240.16384  Final Retail  English  402432  10/07/2015 14:00:34
d3dim700.dll  6.02.10240.16384  Final Retail  English  889856  10/07/2015 14:00:34
d3dramp.dll  6.02.10240.16384  Final Retail  English  595456  10/07/2015 14:00:34
d3dxof.dll  6.02.10240.16384  Final Retail  English  58880  10/07/2015 14:00:34
ddraw.dll  6.02.10240.16384  Final Retail  English  536064  10/07/2015 14:00:34
ddrawex.dll  6.02.10240.16384  Final Retail  English  39936  10/07/2015 14:00:34
devenum.dll  6.02.10240.16384  Final Retail  English  82104  10/07/2015 14:00:28
dinput.dll  6.02.10240.16384  Final Retail  English  136192  10/07/2015 14:00:31
dinput8.dll  6.02.10240.16384  Final Retail  English  172032  10/07/2015 14:00:31
dmband.dll  6.02.10240.16384  Final Retail  English  35328  10/07/2015 14:00:23
dmcompos.dll  6.02.10240.16384  Final Retail  English  75776  10/07/2015 14:00:23
dmime.dll  6.02.10240.16384  Final Retail  English  206848  10/07/2015 14:00:23
dmloader.dll  6.02.10240.16384  Final Retail  English  43008  10/07/2015 14:00:23
dmscript.dll  6.02.10240.16384  Final Retail  English  96256  10/07/2015 14:00:23
dmstyle.dll  6.02.10240.16384  Final Retail  English  121856  10/07/2015 14:00:23
dmsynth.dll  6.02.10240.16384  Final Retail  English  114688  10/07/2015 14:00:23
dmusic.dll  6.02.10240.16384  Final Retail  English  113664  10/07/2015 14:00:23
dplaysvr.exe  10.00.10240.16384  Final Retail  English  8192  10/07/2015 14:00:31
dplayx.dll  10.00.10240.16384  Final Retail  English  8192  10/07/2015 14:00:31
dpmodemx.dll  10.00.10240.16384  Final Retail  English  8192  10/07/2015 14:00:31
dpnaddr.dll  10.00.10240.16384  Final Retail  English  8192  10/07/2015 14:00:31
dpnathlp.dll  10.00.10240.16384  Final Retail  English  8192  10/07/2015 14:00:32
dpnet.dll  10.00.10240.16384  Final Retail  English  8192  10/07/2015 14:00:31
dpnhpast.dll  10.00.10240.16384  Final Retail  English  8192  10/07/2015 14:00:31
dpnhupnp.dll  10.00.10240.16384  Final Retail  English  8192  10/07/2015 14:00:31
dpnlobby.dll  10.00.10240.16384  Final Retail  English  8192  10/07/2015 14:00:31
dpnsvr.exe  10.00.10240.16384  Final Retail  English  8192  10/07/2015 14:00:31
dpwsockx.dll  10.00.10240.16384  Final Retail  English  8192  10/07/2015 14:00:31
dsdmo.dll  6.02.10240.16384  Final Retail  English  186880  10/07/2015 14:00:28
dsound.dll  6.02.10240.16384  Final Retail  English  527360  10/07/2015 14:00:28
dswave.dll  6.02.10240.16384  Final Retail  English  24064  10/07/2015 14:00:23
dwrite.dll  6.02.10240.16430  Final Retail  English  1985024  08/08/2015 09:00:46
dxdiagn.dll  6.02.10240.16384  Final Retail  English  272896  10/07/2015 14:00:34
dxgi.dll  6.02.10240.16412  Final Retail  English  507696  30/07/2015 07:22:32
dxmasf.dll  12.00.10240.16384  Final Retail  English  4608  10/07/2015 14:01:37
dxtmsft.dll  11.00.10240.16384  Final Retail  English  400896  10/07/2015 14:01:20
dxtrans.dll  11.00.10240.16384  Final Retail  English  252928  10/07/2015 14:01:20
dxva2.dll  6.02.10240.16384  Final Retail  English  113112  10/07/2015 14:00:30
encapi.dll  6.02.10240.16384  Final Retail  English  22016  10/07/2015 14:00:28
gcdef.dll  6.02.10240.16384  Final Retail  English  123904  10/07/2015 14:00:31
iac25_32.ax  2.00.0005.0053  Final Retail  English  197632  10/07/2015 14:00:23
ir41_32.ax  6.02.10240.16384  Final Retail  English  9216  10/07/2015 14:00:23
ir41_qc.dll  6.02.10240.16384  Final Retail  English  9216  10/07/2015 14:00:23
ir41_qcx.dll  6.02.10240.16384  Final Retail  English  9216  10/07/2015 14:00:23
ir50_32.dll  6.02.10240.16384  Final Retail  English  9216  10/07/2015 14:00:23
ir50_qc.dll  6.02.10240.16384  Final Retail  English  9216  10/07/2015 14:00:23
ir50_qcx.dll  6.02.10240.16384  Final Retail  English  9216  10/07/2015 14:00:23
ivfsrc.ax  5.10.0002.0051  Final Retail  English  146944  10/07/2015 14:00:23
joy.cpl  6.02.10240.16384  Final Retail  English  137216  10/07/2015 14:00:31
ksproxy.ax  6.02.10240.16384  Final Retail  English  235008  10/07/2015 14:00:28
kstvtune.ax  6.02.10240.16384  Final Retail  English  93696  10/07/2015 14:01:12
ksuser.dll  6.02.10240.16384  Final Retail  English  19136  10/07/2015 14:00:28
kswdmcap.ax  6.02.10240.16384  Final Retail  English  118784  10/07/2015 14:00:28
ksxbar.ax  6.02.10240.16384  Final Retail  English  57856  10/07/2015 14:01:12
mciqtz32.dll  6.02.10240.16384  Final Retail  English  39936  10/07/2015 14:00:28
mfc40.dll  4.01.0000.6140  Final Retail  English  924944  10/07/2015 14:00:27
mfc42.dll  6.06.8063.0000  Beta Retail  English  1206784  10/07/2015 14:00:27
mpeg2data.ax  6.02.10240.16384  Final Retail  English  82944  10/07/2015 14:01:12
mpg2splt.ax  6.02.10240.16384  Final Retail  English  221696  10/07/2015 14:00:31
msdmo.dll  6.02.10240.16384  Final Retail  English  28424  10/07/2015 14:00:28
msdvbnp.ax  6.02.10240.16384  Final Retail  English  72192  10/07/2015 14:01:12
msvidctl.dll  6.05.10240.16384  Final Retail  English  2362368  10/07/2015 14:01:12
msyuv.dll  6.02.10240.16384  Final Retail  English  23552  10/07/2015 14:00:28
pid.dll  6.02.10240.16384  Final Retail  English  37888  10/07/2015 14:00:31
psisdecd.dll  6.02.10240.16384  Final Retail  English  499200  10/07/2015 14:01:12
psisrndr.ax  6.02.10240.16384  Final Retail  English  87552  10/07/2015 14:01:12
qasf.dll  12.00.10240.16384  Final Retail  English  236544  10/07/2015 14:00:31
qcap.dll  6.02.10240.16384  Final Retail  English  218624  10/07/2015 14:00:28
qdv.dll  6.02.10240.16384  Final Retail  English  296960  10/07/2015 14:00:28
qdvd.dll  6.02.10240.16384  Final Retail  English  563200  10/07/2015 14:00:28
qedit.dll  6.02.10240.16384  Final Retail  English  573440  10/07/2015 14:01:12
qedwipes.dll  6.02.10240.16384  Final Retail  English  734208  10/07/2015 14:01:12
quartz.dll  6.02.10240.16384  Final Retail  English  1541632  10/07/2015 14:00:28
vbisurf.ax  6.02.10240.16384  Final Retail  English  40960  10/07/2015 14:01:12
vfwwdm32.dll  6.02.10240.16384  Final Retail  English  58880  10/07/2015 14:00:28
wsock32.dll  6.02.10240.16384  Final Retail  English  16384  10/07/2015 14:00:32


DirectX Video

 
[ Primary Display Driver ]
 
DirectDraw Device Properties:
DirectDraw Driver Name  display
DirectDraw Driver Description  Primary Display Driver
Hardware Driver  igdumdim32.dll (10.18.15.4256)
Hardware Description  Intel(R) HD Graphics
 
Direct3D Device Properties:
Rendering Bit Depths  8, 16, 32
Z-Buffer Bit Depths  16, 24, 32
Multisample Anti-Aliasing Modes  MSAA 2x, MSAA 4x, MSAA 8x
Min Texture Size  1 x 1
Max Texture Size  8192 x 8192
Unified Shader Version  5.1
DirectX Hardware Support  DirectX v11.1
 
Direct3D Device Features:
Additive Texture Blending  Supported
AGP Texturing  Not Supported
Anisotropic Filtering  Supported
Automatic Mipmap Generation  Supported
Bilinear Filtering  Supported
Compute Shader  Supported
Cubic Environment Mapping  Supported
Cubic Filtering  Not Supported
Decal-Alpha Texture Blending  Supported
Decal Texture Blending  Supported
Directional Lights  Supported
DirectX Texture Compression  Not Supported
DirectX Volumetric Texture Compression  Not Supported
Dithering  Supported
Dot3 Texture Blending  Supported
Double-Precision Floating-Point  Supported
Driver Concurrent Creates  Supported
Driver Command Lists  Not Supported
Dynamic Textures  Supported
Edge Anti-Aliasing  Not Supported
Environmental Bump Mapping  Supported
Environmental Bump Mapping + Luminance  Supported
Factor Alpha Blending  Supported
Geometric Hidden-Surface Removal  Not Supported
Geometry Shader  Supported
Guard Band  Supported
Hardware Scene Rasterization  Supported
Hardware Transform & Lighting  Supported
Legacy Depth Bias  Supported
Map On Default Buffers  Supported
Mipmap LOD Bias Adjustments  Supported
Mipmapped Cube Textures  Supported
Mipmapped Volume Textures  Supported
Modulate-Alpha Texture Blending  Supported
Modulate Texture Blending  Supported
Non-Square Textures  Supported
N-Patches  Not Supported
Perspective Texture Correction  Supported
Point Lights  Supported
Point Sampling  Supported
Projective Textures  Supported
Quintic Bezier Curves & B-Splines  Not Supported
Range-Based Fog  Supported
Rectangular & Triangular Patches  Not Supported
Rendering In Windowed Mode  Supported
Runtime Shader Linking  Supported
Scissor Test  Supported
Slope-Scale Based Depth Bias  Supported
Specular Flat Shading  Supported
Specular Gouraud Shading  Supported
Specular Phong Shading  Not Supported
Spherical Mapping  Supported
Spot Lights  Supported
Stencil Buffers  Supported
Sub-Pixel Accuracy  Supported
Subtractive Texture Blending  Supported
Table Fog  Supported
Texture Alpha Blending  Supported
Texture Clamping  Supported
Texture Mirroring  Supported
Texture Transparency  Supported
Texture Wrapping  Supported
Tiled Resources  Not Supported
Triangle Culling  Not Supported
Trilinear Filtering  Supported
Two-Sided Stencil Test  Supported
Vertex Alpha Blending  Supported
Vertex Fog  Supported
Vertex Tweening  Supported
Volume Textures  Supported
W-Based Fog  Supported
W-Buffering  Not Supported
Z-Based Fog  Supported
Z-Bias  Supported
Z-Test  Supported
 
Supported FourCC Codes:
AI44  Supported
AYUV  Supported
I420  Supported
IA44  Supported
IMC1  Supported
IMC2  Supported
IMC3  Supported
IMC4  Supported
IYUV  Supported
NV11  Supported
NV12  Supported
P010  Supported
P016  Supported
P208  Supported
UYVY  Supported
VYUY  Supported
YUY2  Supported
YV12  Supported
YVU9  Supported
YVYU  Supported
 
Video Adapter Manufacturer:
Company Name  Intel Corporation
Product Information  http://www.intel.com/products/chipsets
Driver Download  http://support.intel.com/support/graphics
Driver Update  http://www.aida64.com/driver-updates


DirectX Sound

 
[ Primary Sound Driver ]
 
DirectSound Device Properties:
Device Description  Primary Sound Driver
Driver Module  
Primary Buffers  1
Min / Max Secondary Buffers Sample Rate  100 / 200000 Hz
Primary Buffers Sound Formats  8-bit, 16-bit, Mono, Stereo
Secondary Buffers Sound Formats  8-bit, 16-bit, Mono, Stereo
Total / Free Sound Buffers  1 / 0
Total / Free Static Sound Buffers  1 / 0
Total / Free Streaming Sound Buffers  1 / 0
Total / Free 3D Sound Buffers  0 / 0
Total / Free 3D Static Sound Buffers  0 / 0
Total / Free 3D Streaming Sound Buffers  0 / 0
 
DirectSound Device Features:
Certified Driver  No
Emulated Device  No
Precise Sample Rate  Supported
DirectSound3D  Not Supported
Creative EAX 1.0  Not Supported
Creative EAX 2.0  Not Supported
Creative EAX 3.0  Not Supported
Creative EAX 4.0  Not Supported
Creative EAX 5.0  Not Supported
I3DL2  Not Supported
Sensaura ZoomFX  Not Supported
 
[ Speakers (Intel SST Audio Device (WDM)) ]
 
DirectSound Device Properties:
Device Description  Speakers (Intel SST Audio Device (WDM))
Driver Module  {0.0.0.00000000}.{f27245b5-275c-4919-9d37-093b4165f65b}
Primary Buffers  1
Min / Max Secondary Buffers Sample Rate  100 / 200000 Hz
Primary Buffers Sound Formats  8-bit, 16-bit, Mono, Stereo
Secondary Buffers Sound Formats  8-bit, 16-bit, Mono, Stereo
Total / Free Sound Buffers  1 / 0
Total / Free Static Sound Buffers  1 / 0
Total / Free Streaming Sound Buffers  1 / 0
Total / Free 3D Sound Buffers  0 / 0
Total / Free 3D Static Sound Buffers  0 / 0
Total / Free 3D Streaming Sound Buffers  0 / 0
 
DirectSound Device Features:
Certified Driver  No
Emulated Device  No
Precise Sample Rate  Supported
DirectSound3D  Not Supported
Creative EAX 1.0  Not Supported
Creative EAX 2.0  Not Supported
Creative EAX 3.0  Not Supported
Creative EAX 4.0  Not Supported
Creative EAX 5.0  Not Supported
I3DL2  Not Supported
Sensaura ZoomFX  Not Supported


Windows Devices

 
[ Devices ]
 
Audio inputs and outputs:
Microphone (Intel SST Audio Device (WDM))  10.0.10240.16384
Speakers (Intel SST Audio Device (WDM))  10.0.10240.16384
 
Batteries:
Microsoft AC Adapter  10.0.10240.16384
Microsoft ACPI-Compliant Control Method Battery  10.0.10240.16384
 
Bluetooth:
Bluetooth Radio  10.0.10240.16391
Microsoft Bluetooth Enumerator  10.0.10240.16391
Microsoft Bluetooth LE Enumerator  10.0.10240.16384
 
Computer:
ACPI x64-based PC  10.0.10240.16384
Intel(R) Serial IO DMA Controller  10.0.10240.16384
Intel(R) Serial IO DMA Controller  10.0.10240.16384
 
Disk drives:
Samsung CGND3R  10.0.10240.16384
 
Display adapters:
Intel(R) HD Graphics  10.18.15.4256
 
Firmware:
System Firmware  10.0.10240.16384
 
Human Interface Devices:
Converted Portable Device Control device  10.0.10240.16384
GPIO Laptop or Slate Indicator Driver  10.0.10240.16425
HID Button over Interrupt Driver  10.0.10240.16384
HID PCI Minidriver for ISS  2.0.0.3012
HID PCI Minidriver for ISS  2.0.0.3012
HID PCI Minidriver for ISS  2.0.0.3012
HID PCI Minidriver for ISS  2.0.0.3012
HID PCI Minidriver for ISS  2.0.0.3012
HID-compliant consumer control device  10.0.10240.16384
HID-compliant consumer control device  10.0.10240.16384
HID-compliant consumer control device  10.0.10240.16384
HID-compliant consumer control device  10.0.10240.16384
HID-compliant consumer control device  10.0.10240.16384
HID-compliant consumer control device  10.0.10240.16384
HID-compliant consumer control device  10.0.10240.16384
HID-compliant consumer control device  10.0.10240.16384
HID-compliant consumer control device  10.0.10240.16384
HID-compliant consumer control device  10.0.10240.16384
HID-compliant consumer control device  10.0.10240.16384
HID-compliant device  10.0.10240.16384
HID-compliant system controller  10.0.10240.16384
HID-compliant system controller  10.0.10240.16384
HID-compliant system controller  10.0.10240.16384
HID-compliant system controller  10.0.10240.16384
HID-compliant system controller  10.0.10240.16384
HID-compliant touch screen  10.0.10240.16384
HID-compliant vendor-defined device  10.0.10240.16384
HID-compliant vendor-defined device  10.0.10240.16384
HID-compliant vendor-defined device  10.0.10240.16384
HID-compliant vendor-defined device  10.0.10240.16384
HID-compliant vendor-defined device  10.0.10240.16384
HID-compliant vendor-defined device  10.0.10240.16384
HID-compliant wireless radio controls  10.0.10240.16384
I2C HID Device  10.0.10240.16384
Intel(R) HID Event Filter  604.10146.2708.64268
Portable Device Control device  10.0.10240.16384
USB Input Device  10.0.10240.16384
USB Input Device  10.0.10240.16384
USB Input Device  10.0.10240.16384
USB Input Device  10.0.10240.16384
 
Imaging devices:
Intel(R) AVStream Camera  21.10154.5886.364
 
Keyboards:
HID Keyboard Device  10.0.10240.16384
HID Keyboard Device  10.0.10240.16384
HID Keyboard Device  10.0.10240.16384
 
Mice and other pointing devices:
ASUS Touchpad  8.1.0.16
HID-compliant mouse  10.0.10240.16384
 
Monitors:
Generic PnP Monitor  10.0.10240.16384
 
Network adapters:
Bluetooth Device (Personal Area Network)  10.0.10240.16384
Bluetooth Device (RFCOMM Protocol TDI)  10.0.10240.16384
Broadcom 802.11abgn Wireless SDIO Adapter  5.93.103.20
Microsoft ISATAP Adapter  10.0.10240.16384
Microsoft Kernel Debug Network Adapter  10.0.10240.16384
Microsoft Teredo Tunneling Adapter  10.0.10240.16384
Microsoft Wi-Fi Direct Virtual Adapter  10.0.10240.16384
 
Ports (COM & LPT):
Communications Port (COM1)  10.0.10240.16384
 
Print queues:
Fax  10.0.10240.16384
Microsoft Print to PDF  10.0.10240.16384
Microsoft XPS Document Writer  10.0.10240.16384
Root Print Queue  10.0.10240.16384
 
Processors:
Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz  10.0.10240.16384
Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz  10.0.10240.16384
Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz  10.0.10240.16384
Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz  10.0.10240.16384
 
SD host adapters:
Intel SD Host Controller  10.0.10240.16384
Intel SD Host Controller  10.0.10240.16384
Intel SD Host Controller  10.0.10240.16384
 
Security devices:
Trusted Platform Module 2.0  10.0.10240.16384
 
Sensors:
HID Advanced Sensor Collection V2  2.0.0.3012
HID Advanced Sensor Collection  2.0.0.3012
HID Sensor Collection V2  10.0.10240.16412
HID Sensor Collection V2  10.0.10240.16412
HID Sensor Collection V2  10.0.10240.16412
 
Software devices:
Bluetooth  10.0.10240.16384
Lightweight Sensors Root Enumerator  10.0.10240.16384
Microsoft Device Association Root Enumerator  10.0.10240.16384
Microsoft GS Wavetable Synth  10.0.10240.16384
Microsoft IPv4 IPv6 Transition Adapter Bus  10.0.10240.16384
Microsoft Passport Container Enumeration Bus  10.0.10240.16384
Microsoft Radio Device Enumeration Bus  10.0.10240.16384
Smart Card Device Enumeration Bus  10.0.10240.16384
Wi-Fi  10.0.10240.16384
 
Sound, video and game controllers:
Intel SST Audio Device (WDM)  604.10135.6766.2749
Realtek I2S Audio Codec  6.4.10147.4290
 
Storage controllers:
Microsoft Storage Spaces Controller  10.0.10240.16384
SD Storage Class Controller  10.0.10240.16384
 
Storage volumes:
Generic volume  10.0.10240.16384
Generic volume  10.0.10240.16384
Generic volume  10.0.10240.16384
Generic volume  10.0.10240.16384
 
System devices:
ACPI Fixed Feature Button  10.0.10240.16384
ACPI Lid  10.0.10240.16384
ACPI Power Button  10.0.10240.16384
ACPI Processor Aggregator  10.0.10240.16384
ACPI Sleep Button  10.0.10240.16384
ACPI Thermal Zone  10.0.10240.16384
bcmfn2 Device  5.93.103.20
bcmfn2 Device  5.93.103.20
Broadcom Serial Bus Driver over UART Bus Enumerator  12.0.1.695
Camera Sensor ov5670  21.10130.350.8554
Camera Sensor Unicam hm2051  1.0.10.1
Composite Bus Enumerator  10.0.10240.16384
High precision event timer  10.0.10240.16384
Intel Serial IO GPIO Controller  604.10146.2652.361
Intel Serial IO GPIO Controller  604.10146.2652.361
Intel Serial IO GPIO Controller  604.10146.2652.361
Intel Serial IO GPIO Controller  604.10146.2652.361
Intel Serial IO GPIO Controller  604.10146.2652.361
Intel(R) Dynamic Platform & Thermal Framework Display Participant Driver  604.10146.2651.1559
Intel(R) Dynamic Platform & Thermal Framework Driver  604.10146.2651.1559
Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver  604.10146.2651.1559
Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver  604.10146.2651.1559
Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver  604.10146.2651.1559
Intel(R) Dynamic Platform & Thermal Framework Processor Participant Driver  604.10146.2651.1559
Intel(R) Imaging Signal Processor 2401  21.10154.5886.364
Intel(R) Integrated Sensor Solution  2.0.0.3012
Intel(R) Power Engine Plug-in  10.0.10240.16384
Intel(R) Power Management IC Device  604.10146.2656.541
Intel(R) Serial IO I2C ES Controller  604.10146.2654.2819
Intel(R) Serial IO I2C ES Controller  604.10146.2654.2819
Intel(R) Serial IO I2C ES Controller  604.10146.2654.2819
Intel(R) Serial IO I2C ES Controller  604.10146.2654.2819
Intel(R) Serial IO I2C ES Controller  604.10146.2654.2819
Intel(R) Serial IO I2C ES Controller  604.10146.2654.2819
Intel(R) Serial IO I2C ES Controller  604.10146.2654.2819
Intel(R) Serial IO SPI Controller  604.10146.2657.947
Intel(R) Serial IO SPI Controller  604.10146.2657.947
Intel(R) Serial IO SPI Controller  604.10146.2657.947
Intel(R) Serial IO UART Controller  604.10146.2653.391
Intel(R) Serial IO UART Controller  604.10146.2653.391
Intel(R) Sideband Fabric Device  604.10146.2655.573
Intel(R) Trusted Execution Engine Interface  2.0.0.1067
ISS Dynamic Bus Enumerator  2.0.0.3012
Legacy device  10.0.10240.16384
Microsoft ACPI-Compliant System  10.0.10240.16397
Microsoft Basic Display Driver  10.0.10240.16384
Microsoft Basic Render Driver  10.0.10240.16384
Microsoft System Management BIOS Driver  10.0.10240.16384
Microsoft UEFI-Compliant System  10.0.10240.16384
Microsoft Virtual Drive Enumerator  10.0.10240.16384
Microsoft Windows Management Interface for ACPI  10.0.10240.16384
Motherboard resources  10.0.10240.16384
Motherboard resources  10.0.10240.16384
Motherboard resources  10.0.10240.16384
Motherboard resources  10.0.10240.16384
NDIS Virtual Network Adapter Enumerator  10.0.10240.16384
PCI Express Root Complex  10.0.10240.16390
PCI standard host CPU bridge  10.0.10240.16384
PCI standard ISA bridge  10.0.10240.16384
Plug and Play Software Device Enumerator  10.0.10240.16384
Programmable interrupt controller  10.0.10240.16384
Remote Desktop Device Redirector Bus  10.0.10240.16384
System CMOS/real time clock  10.0.10240.16384
System timer  10.0.10240.16384
UMBus Root Bus Enumerator  10.0.10240.16384
Volume Manager  10.0.10240.16384
 
Universal Serial Bus controllers:
Generic USB Hub  10.0.10240.16425
Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)  10.0.10240.16384
USB Composite Device  10.0.10240.16384
USB Root Hub (xHCI)  10.0.10240.16425
 
Unknown:
Unknown  
 
[ Audio inputs and outputs / Microphone (Intel SST Audio Device (WDM)) ]
 
Device Properties:
Driver Description  Microphone (Intel SST Audio Device (WDM))
Driver Date  09/07/2015
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  audioendpoint.inf
Hardware ID  MMDEVAPI\AudioEndpoints
 
[ Audio inputs and outputs / Speakers (Intel SST Audio Device (WDM)) ]
 
Device Properties:
Driver Description  Speakers (Intel SST Audio Device (WDM))
Driver Date  09/07/2015
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  audioendpoint.inf
Hardware ID  MMDEVAPI\AudioEndpoints
 
[ Batteries / Microsoft AC Adapter ]
 
Device Properties:
Driver Description  Microsoft AC Adapter
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  cmbatt.inf
Hardware ID  ACPI\VEN_ACPI&DEV_0003
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Batteries / Microsoft ACPI-Compliant Control Method Battery ]
 
Device Properties:
Driver Description  Microsoft ACPI-Compliant Control Method Battery
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  cmbatt.inf
Hardware ID  ACPI\VEN_PNP&DEV_0C0A
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Bluetooth / Bluetooth Radio ]
 
Device Properties:
Driver Description  Bluetooth Radio
Driver Date  21/06/2006
Driver Version  10.0.10240.16391
Driver Provider  Microsoft
INF File  bth.inf
Hardware ID  BCMBTBUS\BLUETOOTH
Location Information  Serial HCI Bus - Bluetooth Function
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Bluetooth / Microsoft Bluetooth Enumerator ]
 
Device Properties:
Driver Description  Microsoft Bluetooth Enumerator
Driver Date  21/06/2006
Driver Version  10.0.10240.16391
Driver Provider  Microsoft
INF File  bth.inf
Hardware ID  BTH\MS_BTHBRB
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Bluetooth / Microsoft Bluetooth LE Enumerator ]
 
Device Properties:
Driver Description  Microsoft Bluetooth LE Enumerator
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  bthleenum.inf
Hardware ID  BTH\MS_BTHLE
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Computer / ACPI x64-based PC ]
 
Device Properties:
Driver Description  ACPI x64-based PC
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  hal.inf
Hardware ID  acpiapic
 
[ Computer / Intel(R) Serial IO DMA Controller ]
 
Device Properties:
Driver Description  Intel(R) Serial IO DMA Controller
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  halextintclpiodma.inf
Hardware ID  ACPI\VEN_INTL&DEV_9C60
 
[ Computer / Intel(R) Serial IO DMA Controller ]
 
Device Properties:
Driver Description  Intel(R) Serial IO DMA Controller
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  halextintclpiodma.inf
Hardware ID  ACPI\VEN_INTL&DEV_9C60
 
[ Disk drives / Samsung CGND3R ]
 
Device Properties:
Driver Description  Samsung CGND3R
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  disk.inf
Hardware ID  SD\GenDisk
Location Information  Bus Number 1, Target Id 2, LUN 0
 
Device Manufacturer:
Company Name  Samsung
Product Information  http://www.samsung.com/us/computer/solid-state-drives
Driver Update  http://www.aida64.com/driver-updates
 
[ Display adapters / Intel(R) HD Graphics ]
 
Device Properties:
Driver Description  Intel(R) HD Graphics
Driver Date  17/07/2015
Driver Version  10.18.15.4256
Driver Provider  Intel Corporation
INF File  oem30.inf
Hardware ID  PCI\VEN_8086&DEV_22B0&SUBSYS_1BDD1043&REV_20
Location Information  PCI bus 0, device 2, function 0
PCI Device  Intel Cherry Trail / Braswell SoC - Integrated Graphics Controller (16 EU)
 
Device Resources:
IRQ  65536
Memory  80000000-8FFFFFFF
Memory  90000000-90FFFFFF
Port  F000-F03F
 
Video Adapter Manufacturer:
Company Name  Intel Corporation
Product Information  http://www.intel.com/products/chipsets
Driver Download  http://support.intel.com/support/graphics
Driver Update  http://www.aida64.com/driver-updates
 
[ Firmware / System Firmware ]
 
Device Properties:
Driver Description  System Firmware
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  c_firmware.inf
Hardware ID  UEFI\RES_{7039436b-6acf-433b-86a1-368ec2ef7e1f}&REV_204
 
[ Human Interface Devices / Converted Portable Device Control device ]
 
Device Properties:
Driver Description  Converted Portable Device Control device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  buttonconverter.inf
Hardware ID  ButtonConverter\ConvertedDevice
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / GPIO Laptop or Slate Indicator Driver ]
 
Device Properties:
Driver Description  GPIO Laptop or Slate Indicator Driver
Driver Date  21/06/2006
Driver Version  10.0.10240.16425
Driver Provider  Microsoft
INF File  msgpiowin32.inf
Hardware ID  ACPI\VEN_INT&DEV_33D3
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID Button over Interrupt Driver ]
 
Device Properties:
Driver Description  HID Button over Interrupt Driver
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  hidinterrupt.inf
Hardware ID  ACPI\VEN_ACPI&DEV_0011
 
Device Resources:
IRQ  1031
IRQ  1032
IRQ  1033
IRQ  1034
IRQ  1035
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID PCI Minidriver for ISS ]
 
Device Properties:
Driver Description  HID PCI Minidriver for ISS
Driver Date  02/07/2015
Driver Version  2.0.0.3012
Driver Provider  Vendor Name
INF File  oem3.inf
Hardware ID  {DEA5AE2A-D1FD-438A-A091-CBD484788436}\Vid_8086&Pid_0001
Location Information  ISH Bus 0
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID PCI Minidriver for ISS ]
 
Device Properties:
Driver Description  HID PCI Minidriver for ISS
Driver Date  02/07/2015
Driver Version  2.0.0.3012
Driver Provider  Vendor Name
INF File  oem3.inf
Hardware ID  {DEA5AE2A-D1FD-438A-A091-CBD484788436}\Vid_8086&Pid_0001
Location Information  ISH Bus 0
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID PCI Minidriver for ISS ]
 
Device Properties:
Driver Description  HID PCI Minidriver for ISS
Driver Date  02/07/2015
Driver Version  2.0.0.3012
Driver Provider  Vendor Name
INF File  oem3.inf
Hardware ID  {DEA5AE2A-D1FD-438A-A091-CBD484788436}\Vid_8086&Pid_0001
Location Information  ISH Bus 0
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID PCI Minidriver for ISS ]
 
Device Properties:
Driver Description  HID PCI Minidriver for ISS
Driver Date  02/07/2015
Driver Version  2.0.0.3012
Driver Provider  Vendor Name
INF File  oem3.inf
Hardware ID  {DEA5AE2A-D1FD-438A-A091-CBD484788436}\Vid_8086&Pid_0002
Location Information  ISH Bus 0
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID PCI Minidriver for ISS ]
 
Device Properties:
Driver Description  HID PCI Minidriver for ISS
Driver Date  02/07/2015
Driver Version  2.0.0.3012
Driver Provider  Vendor Name
INF File  oem3.inf
Hardware ID  {DEA5AE2A-D1FD-438A-A091-CBD484788436}\Vid_8086&Pid_8002
Location Information  ISH Bus 0
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant consumer control device ]
 
Device Properties:
Driver Description  HID-compliant consumer control device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  hidserv.inf
Hardware ID  HID\VID_0B05&PID_1807&REV_0011&MI_01&Col02
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant consumer control device ]
 
Device Properties:
Driver Description  HID-compliant consumer control device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  hidserv.inf
Hardware ID  HID\INTC816&Col06
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant consumer control device ]
 
Device Properties:
Driver Description  HID-compliant consumer control device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  hidserv.inf
Hardware ID  HID\INTC816&Col07
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant consumer control device ]
 
Device Properties:
Driver Description  HID-compliant consumer control device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  hidserv.inf
Hardware ID  HID\INTC816&Col08
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant consumer control device ]
 
Device Properties:
Driver Description  HID-compliant consumer control device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  hidserv.inf
Hardware ID  HID\INTC816&Col09
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant consumer control device ]
 
Device Properties:
Driver Description  HID-compliant consumer control device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  hidserv.inf
Hardware ID  HID\INTC816&Col0A
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant consumer control device ]
 
Device Properties:
Driver Description  HID-compliant consumer control device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  hidserv.inf
Hardware ID  HID\INTC816&Col0B
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant consumer control device ]
 
Device Properties:
Driver Description  HID-compliant consumer control device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  hidserv.inf
Hardware ID  HID\INTC816&Col0C
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant consumer control device ]
 
Device Properties:
Driver Description  HID-compliant consumer control device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  hidserv.inf
Hardware ID  HID\INTC816&Col0D
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant consumer control device ]
 
Device Properties:
Driver Description  HID-compliant consumer control device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  hidserv.inf
Hardware ID  HID\INTC816&Col0E
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant consumer control device ]
 
Device Properties:
Driver Description  HID-compliant consumer control device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  hidserv.inf
Hardware ID  HID\ConvertedDevice&Col02
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant device ]
 
Device Properties:
Driver Description  HID-compliant device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  input.inf
Hardware ID  HID\VID_0B05&PID_1807&REV_0011&MI_01&Col03
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant system controller ]
 
Device Properties:
Driver Description  HID-compliant system controller
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  input.inf
Hardware ID  HID\VID_0B05&PID_1807&REV_0011&MI_01&Col04
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant system controller ]
 
Device Properties:
Driver Description  HID-compliant system controller
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  input.inf
Hardware ID  HID\INTC816&Col03
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant system controller ]
 
Device Properties:
Driver Description  HID-compliant system controller
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  input.inf
Hardware ID  HID\INTC816&Col04
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant system controller ]
 
Device Properties:
Driver Description  HID-compliant system controller
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  input.inf
Hardware ID  HID\INTC816&Col05
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant system controller ]
 
Device Properties:
Driver Description  HID-compliant system controller
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  input.inf
Hardware ID  HID\ConvertedDevice&Col03
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant touch screen ]
 
Device Properties:
Driver Description  HID-compliant touch screen
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  input.inf
Hardware ID  HID\VEN_SIS&DEV_0457&Col01
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant vendor-defined device ]
 
Device Properties:
Driver Description  HID-compliant vendor-defined device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  input.inf
Hardware ID  HID\VID_0B05&PID_1807&REV_0011&MI_01&Col01
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant vendor-defined device ]
 
Device Properties:
Driver Description  HID-compliant vendor-defined device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  input.inf
Hardware ID  HID\VID_0B05&PID_1807&REV_0011&MI_02&Col02
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant vendor-defined device ]
 
Device Properties:
Driver Description  HID-compliant vendor-defined device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  input.inf
Hardware ID  HID\INTC816&Col0F
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant vendor-defined device ]
 
Device Properties:
Driver Description  HID-compliant vendor-defined device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  input.inf
Hardware ID  HID\INTC816&Col10
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant vendor-defined device ]
 
Device Properties:
Driver Description  HID-compliant vendor-defined device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  input.inf
Hardware ID  HID\INTC816&Col11
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant vendor-defined device ]
 
Device Properties:
Driver Description  HID-compliant vendor-defined device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  input.inf
Hardware ID  HID\VEN_SIS&DEV_0457&Col02
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / HID-compliant wireless radio controls ]
 
Device Properties:
Driver Description  HID-compliant wireless radio controls
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  input.inf
Hardware ID  HID\INTC816&Col02
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / I2C HID Device ]
 
Device Properties:
Driver Description  I2C HID Device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  hidi2c.inf
Hardware ID  ACPI\VEN_SIS&DEV_0457
 
Device Resources:
IRQ  1039
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / Intel(R) HID Event Filter ]
 
Device Properties:
Driver Description  Intel(R) HID Event Filter
Driver Date  25/04/2015
Driver Version  604.10146.2708.64268
Driver Provider  Intel(R)
INF File  oem6.inf
Hardware ID  ACPI\VEN_INT&DEV_33D5
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / Portable Device Control device ]
 
Device Properties:
Driver Description  Portable Device Control device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  buttonconverter.inf
Hardware ID  HID\VEN_ACPI&DEV_0011
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / USB Input Device ]
 
Device Properties:
Driver Description  USB Input Device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  input.inf
Hardware ID  USB\VID_0B05&PID_1807&REV_0011&MI_00
Location Information  0000.0014.0000.003.003.000.000.000.000
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / USB Input Device ]
 
Device Properties:
Driver Description  USB Input Device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  input.inf
Hardware ID  USB\VID_0B05&PID_1807&REV_0011&MI_01
Location Information  0000.0014.0000.003.003.000.000.000.000
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / USB Input Device ]
 
Device Properties:
Driver Description  USB Input Device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  input.inf
Hardware ID  USB\VID_0B05&PID_1807&REV_0011&MI_02
Location Information  0000.0014.0000.003.003.000.000.000.000
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Human Interface Devices / USB Input Device ]
 
Device Properties:
Driver Description  USB Input Device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  input.inf
Hardware ID  USB\VID_0458&PID_003A&REV_0100
Location Information  Port_#0001.Hub_#0002
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Imaging devices / Intel(R) AVStream Camera ]
 
Device Properties:
Driver Description  Intel(R) AVStream Camera
Driver Date  02/07/2015
Driver Version  21.10154.5886.364
Driver Provider  Intel
INF File  oem25.inf
Hardware ID  VIDEO\VEN_8086&DEV_22B0&SUBSYS_1BDD1043&REV_20&INT22B8
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Keyboards / HID Keyboard Device ]
 
Device Properties:
Driver Description  HID Keyboard Device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  keyboard.inf
Hardware ID  HID\VID_0B05&PID_1807&REV_0011&MI_00
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Keyboards / HID Keyboard Device ]
 
Device Properties:
Driver Description  HID Keyboard Device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  keyboard.inf
Hardware ID  HID\INTC816&Col01
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Keyboards / HID Keyboard Device ]
 
Device Properties:
Driver Description  HID Keyboard Device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  keyboard.inf
Hardware ID  HID\ConvertedDevice&Col01
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Mice and other pointing devices / ASUS Touchpad ]
 
Device Properties:
Driver Description  ASUS Touchpad
Driver Date  18/06/2015
Driver Version  8.1.0.16
Driver Provider  ASUS
INF File  oem29.inf
Hardware ID  HID\VID_0B05&PID_1807&REV_0011&MI_02&Col01
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Mice and other pointing devices / HID-compliant mouse ]
 
Device Properties:
Driver Description  HID-compliant mouse
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  msmouse.inf
Hardware ID  HID\VID_0458&PID_003A&REV_0100
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Monitors / Generic PnP Monitor ]
 
Device Properties:
Driver Description  Generic PnP Monitor
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  monitor.inf
Hardware ID  MONITOR\AUO20D4
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Network adapters / Bluetooth Device (Personal Area Network) ]
 
Device Properties:
Driver Description  Bluetooth Device (Personal Area Network)
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  bthpan.inf
Hardware ID  BTH\MS_BTHPAN
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Network adapters / Bluetooth Device (RFCOMM Protocol TDI) ]
 
Device Properties:
Driver Description  Bluetooth Device (RFCOMM Protocol TDI)
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  tdibth.inf
Hardware ID  BTH\MS_RFCOMM
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Network adapters / Broadcom 802.11abgn Wireless SDIO Adapter ]
 
Device Properties:
Driver Description  Broadcom 802.11abgn Wireless SDIO Adapter
Driver Date  16/07/2015
Driver Version  5.93.103.20
Driver Provider  Broadcom
INF File  oem26.inf
Hardware ID  SD\VID_02d0&PID_a94d&FN_1
 
Device Resources:
IRQ  1040
 
Network Adapter Manufacturer:
Company Name  Broadcom Corporation
Product Information  http://www.broadcom.com/products
Driver Download  http://www.broadcom.com/support/?gid=9
Driver Update  http://www.aida64.com/driver-updates
 
[ Network adapters / Microsoft ISATAP Adapter ]
 
Device Properties:
Driver Description  Microsoft ISATAP Adapter
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  nettun.inf
Hardware ID  *ISATAP
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Network adapters / Microsoft Kernel Debug Network Adapter ]
 
Device Properties:
Driver Description  Microsoft Kernel Debug Network Adapter
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  kdnic.inf
Hardware ID  root\kdnic
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Network adapters / Microsoft Teredo Tunneling Adapter ]
 
Device Properties:
Driver Description  Microsoft Teredo Tunneling Adapter
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  nettun.inf
Hardware ID  *TEREDO
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Network adapters / Microsoft Wi-Fi Direct Virtual Adapter ]
 
Device Properties:
Driver Description  Microsoft Wi-Fi Direct Virtual Adapter
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  netvwifimp.inf
Hardware ID  {5d624f94-8850-40c3-a3fa-a4fd2080baf3}\vwifimp_wfd
Location Information  VWiFi Bus 0
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Ports (COM & LPT) / Communications Port (COM1) ]
 
Device Properties:
Driver Description  Communications Port (COM1)
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  msports.inf
Hardware ID  ACPI\VEN_PNP&DEV_0501
 
Device Resources:
IRQ  04
Port  03F8-03FF
 
[ Print queues / Fax ]
 
Device Properties:
Driver Description  Fax
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  printqueue.inf
Hardware ID  PRINTENUM\microsoftmicrosoft_s7d14
 
[ Print queues / Microsoft Print to PDF ]
 
Device Properties:
Driver Description  Microsoft Print to PDF
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  printqueue.inf
Hardware ID  PRINTENUM\{084f01fa-e634-4d77-83ee-074817c03581}
 
[ Print queues / Microsoft XPS Document Writer ]
 
Device Properties:
Driver Description  Microsoft XPS Document Writer
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  printqueue.inf
Hardware ID  PRINTENUM\{0f4130dd-19c7-7ab6-99a1-980f03b2ee4e}
 
[ Print queues / Root Print Queue ]
 
Device Properties:
Driver Description  Root Print Queue
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  printqueue.inf
Hardware ID  PRINTENUM\LocalPrintQueue
 
[ Processors / Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz ]
 
Device Properties:
Driver Description  Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz
Driver Date  21/04/2009
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  cpu.inf
Hardware ID  ACPI\GenuineIntel_-_Intel64_Family_6_Model_76
 
CPU Manufacturer:
Company Name  Intel Corporation
Product Information  http://ark.intel.com/search.aspx?q=Intel%20Atom%20x5-Z8500
Driver Update  http://www.aida64.com/driver-updates
 
[ Processors / Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz ]
 
Device Properties:
Driver Description  Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz
Driver Date  21/04/2009
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  cpu.inf
Hardware ID  ACPI\GenuineIntel_-_Intel64_Family_6_Model_76
 
CPU Manufacturer:
Company Name  Intel Corporation
Product Information  http://ark.intel.com/search.aspx?q=Intel%20Atom%20x5-Z8500
Driver Update  http://www.aida64.com/driver-updates
 
[ Processors / Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz ]
 
Device Properties:
Driver Description  Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz
Driver Date  21/04/2009
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  cpu.inf
Hardware ID  ACPI\GenuineIntel_-_Intel64_Family_6_Model_76
 
CPU Manufacturer:
Company Name  Intel Corporation
Product Information  http://ark.intel.com/search.aspx?q=Intel%20Atom%20x5-Z8500
Driver Update  http://www.aida64.com/driver-updates
 
[ Processors / Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz ]
 
Device Properties:
Driver Description  Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz
Driver Date  21/04/2009
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  cpu.inf
Hardware ID  ACPI\GenuineIntel_-_Intel64_Family_6_Model_76
 
CPU Manufacturer:
Company Name  Intel Corporation
Product Information  http://ark.intel.com/search.aspx?q=Intel%20Atom%20x5-Z8500
Driver Update  http://www.aida64.com/driver-updates
 
[ SD host adapters / Intel SD Host Controller ]
 
Device Properties:
Driver Description  Intel SD Host Controller
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  sdbus.inf
Hardware ID  ACPI\VEN_8086&DEV_0F14&REV_0001
 
Device Resources:
IRQ  45
Memory  91838000-91838FFF
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ SD host adapters / Intel SD Host Controller ]
 
Device Properties:
Driver Description  Intel SD Host Controller
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  sdbus.inf
Hardware ID  ACPI\VEN_8086&DEV_0F14&REV_0001
 
Device Resources:
IRQ  46
Memory  91836000-91836FFF
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ SD host adapters / Intel SD Host Controller ]
 
Device Properties:
Driver Description  Intel SD Host Controller
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  sdbus.inf
Hardware ID  ACPI\VEN_8086&DEV_0F14&REV_0001
 
Device Resources:
IRQ  1038
IRQ  47
Memory  91834000-91834FFF
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Security devices / Trusted Platform Module 2.0 ]
 
Device Properties:
Driver Description  Trusted Platform Module 2.0
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  tpm.inf
Hardware ID  ACPI\VEN_MSFT&DEV_0101
 
Device Resources:
Memory  7FF00000-7FF00FFF
 
[ Sensors / HID Advanced Sensor Collection V2 ]
 
Device Properties:
Driver Description  HID Advanced Sensor Collection V2
Driver Date  02/07/2015
Driver Version  2.0.0.3012
Driver Provider  Intel Corporation
INF File  oem12.inf
Hardware ID  HID\Vid_8086&Pid_0002
 
[ Sensors / HID Advanced Sensor Collection ]
 
Device Properties:
Driver Description  HID Advanced Sensor Collection
Driver Date  02/07/2015
Driver Version  2.0.0.3012
Driver Provider  Intel Corporation
INF File  oem23.inf
Hardware ID  HID\Vid_8086&Pid_8002
 
[ Sensors / HID Sensor Collection V2 ]
 
Device Properties:
Driver Description  HID Sensor Collection V2
Driver Date  21/04/2009
Driver Version  10.0.10240.16412
Driver Provider  Microsoft
INF File  SensorsHidClassDriver.inf
Hardware ID  HID\Vid_8086&Pid_0001
 
[ Sensors / HID Sensor Collection V2 ]
 
Device Properties:
Driver Description  HID Sensor Collection V2
Driver Date  21/04/2009
Driver Version  10.0.10240.16412
Driver Provider  Microsoft
INF File  SensorsHidClassDriver.inf
Hardware ID  HID\Vid_8086&Pid_0001
 
[ Sensors / HID Sensor Collection V2 ]
 
Device Properties:
Driver Description  HID Sensor Collection V2
Driver Date  21/04/2009
Driver Version  10.0.10240.16412
Driver Provider  Microsoft
INF File  SensorsHidClassDriver.inf
Hardware ID  HID\Vid_8086&Pid_0001
 
[ Software devices / Bluetooth ]
 
Device Properties:
Driver Description  Bluetooth
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  c_swdevice.inf
 
[ Software devices / Lightweight Sensors Root Enumerator ]
 
Device Properties:
Driver Description  Lightweight Sensors Root Enumerator
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  c_swdevice.inf
 
[ Software devices / Microsoft Device Association Root Enumerator ]
 
Device Properties:
Driver Description  Microsoft Device Association Root Enumerator
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  c_swdevice.inf
 
[ Software devices / Microsoft GS Wavetable Synth ]
 
Device Properties:
Driver Description  Microsoft GS Wavetable Synth
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  c_swdevice.inf
 
[ Software devices / Microsoft IPv4 IPv6 Transition Adapter Bus ]
 
Device Properties:
Driver Description  Microsoft IPv4 IPv6 Transition Adapter Bus
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  c_swdevice.inf
 
[ Software devices / Microsoft Passport Container Enumeration Bus ]
 
Device Properties:
Driver Description  Microsoft Passport Container Enumeration Bus
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  c_swdevice.inf
 
[ Software devices / Microsoft Radio Device Enumeration Bus ]
 
Device Properties:
Driver Description  Microsoft Radio Device Enumeration Bus
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  c_swdevice.inf
 
[ Software devices / Smart Card Device Enumeration Bus ]
 
Device Properties:
Driver Description  Smart Card Device Enumeration Bus
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  c_swdevice.inf
 
[ Software devices / Wi-Fi ]
 
Device Properties:
Driver Description  Wi-Fi
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  c_swdevice.inf
 
[ Sound, video and game controllers / Intel SST Audio Device (WDM) ]
 
Device Properties:
Driver Description  Intel SST Audio Device (WDM)
Driver Date  29/06/2015
Driver Version  604.10135.6766.2749
Driver Provider  Intel
INF File  oem18.inf
Hardware ID  ACPI\VEN_8086&DEV_22A8&SUBSYS_10431BDD
 
Device Resources:
IRQ  1025
IRQ  24
IRQ  25
IRQ  26
IRQ  27
IRQ  28
IRQ  29
Memory  20000000-201FFFFF
Memory  91400000-915FFFFF
Memory  91832000-91832FFF
 
Device Manufacturer:
Company Name  Intel Corporation
Product Information  http://www.intel.com/products/chipsets
Driver Download  http://support.intel.com/support/chipsets
Driver Update  http://www.aida64.com/driver-updates
 
[ Sound, video and game controllers / Realtek I2S Audio Codec ]
 
Device Properties:
Driver Description  Realtek I2S Audio Codec
Driver Date  09/07/2015
Driver Version  6.4.10147.4290
Driver Provider  REALTEK
INF File  oem8.inf
Hardware ID  ACPI\VEN_10EC&DEV_3270&SUBSYS_104314FF
 
Device Resources:
IRQ  1029
 
Device Manufacturer:
Company Name  Realtek Semiconductor Corp.
Product Information  http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=8&PFid=14&Level=3&Conn=2
Driver Download  http://www.realtek.com.tw/downloads
Driver Update  http://www.aida64.com/driver-updates
 
[ Storage controllers / Microsoft Storage Spaces Controller ]
 
Device Properties:
Driver Description  Microsoft Storage Spaces Controller
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  spaceport.inf
Hardware ID  Root\Spaceport
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Storage controllers / SD Storage Class Controller ]
 
Device Properties:
Driver Description  SD Storage Class Controller
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  sdstor.inf
Hardware ID  SD\VID_15&OID_0000&PID_CGND3R&REV_0.1
 
Device Manufacturer:
Driver Update  http://www.aida64.com/driver-updates
 
[ Storage volumes / Generic volume ]
 
Device Properties:
Driver Description  Generic volume
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  volume.inf
Hardware ID  STORAGE\Volume
 
[ Storage volumes / Generic volume ]
 
Device Properties:
Driver Description  Generic volume
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  volume.inf
Hardware ID  STORAGE\Volume
 
[ Storage volumes / Generic volume ]
 
Device Properties:
Driver Description  Generic volume
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  volume.inf
Hardware ID  STORAGE\Volume
 
[ Storage volumes / Generic volume ]
 
Device Properties:
Driver Description  Generic volume
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  volume.inf
Hardware ID  STORAGE\Volume
 
[ System devices / ACPI Fixed Feature Button ]
 
Device Properties:
Driver Description  ACPI Fixed Feature Button
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  machine.inf
Hardware ID  ACPI\FixedButton
 
[ System devices / ACPI Lid ]
 
Device Properties:
Driver Description  ACPI Lid
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  machine.inf
Hardware ID  ACPI\VEN_PNP&DEV_0C0D
 
[ System devices / ACPI Power Button ]
 
Device Properties:
Driver Description  ACPI Power Button
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  machine.inf
Hardware ID  ACPI\VEN_PNP&DEV_0C0C
 
[ System devices / ACPI Processor Aggregator ]
 
Device Properties:
Driver Description  ACPI Processor Aggregator
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  acpipagr.inf
Hardware ID  ACPI\VEN_ACPI&DEV_000C
 
[ System devices / ACPI Sleep Button ]
 
Device Properties:
Driver Description  ACPI Sleep Button
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  machine.inf
Hardware ID  ACPI\VEN_PNP&DEV_0C0E
 
[ System devices / ACPI Thermal Zone ]
 
Device Properties:
Driver Description  ACPI Thermal Zone
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  machine.inf
Hardware ID  ACPI\ThermalZone
 
[ System devices / bcmfn2 Device ]
 
Device Properties:
Driver Description  bcmfn2 Device
Driver Date  16/07/2015
Driver Version  5.93.103.20
Driver Provider  Broadcom
INF File  oem27.inf
Hardware ID  SD\VID_02d0&PID_a94d&FN_3
 
[ System devices / bcmfn2 Device ]
 
Device Properties:
Driver Description  bcmfn2 Device
Driver Date  16/07/2015
Driver Version  5.93.103.20
Driver Provider  Broadcom
INF File  oem27.inf
Hardware ID  SD\VID_02d0&PID_a94d&FN_2
 
[ System devices / Broadcom Serial Bus Driver over UART Bus Enumerator ]
 
Device Properties:
Driver Description  Broadcom Serial Bus Driver over UART Bus Enumerator
Driver Date  10/07/2015
Driver Version  12.0.1.695
Driver Provider  Broadcom
INF File  oem7.inf
Hardware ID  ACPI\VEN_BCM&DEV_2E72
 
Device Resources:
IRQ  1028
 
[ System devices / Camera Sensor ov5670 ]
 
Device Properties:
Driver Description  Camera Sensor ov5670
Driver Date  02/07/2015
Driver Version  21.10130.350.8554
Driver Provider  Intel Corporation
INF File  oem14.inf
Hardware ID  ACPI\VEN_OVTI&DEV_5670&SUBSYS_1BDD1043
 
[ System devices / Camera Sensor Unicam hm2051 ]
 
Device Properties:
Driver Description  Camera Sensor Unicam hm2051
Driver Date  30/06/2015
Driver Version  1.0.10.1
Driver Provider  Intel Corporation
INF File  oem9.inf
Hardware ID  ACPI\VEN_HIMX&DEV_2051&SUBSYS_1BDD1043
 
[ System devices / Composite Bus Enumerator ]
 
Device Properties:
Driver Description  Composite Bus Enumerator
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  compositebus.inf
Hardware ID  ROOT\CompositeBus
 
[ System devices / High precision event timer ]
 
Device Properties:
Driver Description  High precision event timer
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  machine.inf
Hardware ID  ACPI\VEN_PNP&DEV_0103
 
[ System devices / Intel Serial IO GPIO Controller ]
 
Device Properties:
Driver Description  Intel Serial IO GPIO Controller
Driver Date  21/05/2015
Driver Version  604.10146.2652.361
Driver Provider  Intel Corporation
INF File  oem11.inf
Hardware ID  ACPI\VEN_INT&DEV_33FF
 
Device Resources:
IRQ  49
Memory  FED80000-FED87FFF
 
[ System devices / Intel Serial IO GPIO Controller ]
 
Device Properties:
Driver Description  Intel Serial IO GPIO Controller
Driver Date  21/05/2015
Driver Version  604.10146.2652.361
Driver Provider  Intel Corporation
INF File  oem11.inf
Hardware ID  ACPI\VEN_INT&DEV_33FF
 
Device Resources:
IRQ  50
Memory  FED90000-FED97FFF
 
[ System devices / Intel Serial IO GPIO Controller ]
 
Device Properties:
Driver Description  Intel Serial IO GPIO Controller
Driver Date  21/05/2015
Driver Version  604.10146.2652.361
Driver Provider  Intel Corporation
INF File  oem11.inf
Hardware ID  ACPI\VEN_INT&DEV_33FF
 
Device Resources:
IRQ  91
Memory  FED98000-FED9FFFF
 
[ System devices / Intel Serial IO GPIO Controller ]
 
Device Properties:
Driver Description  Intel Serial IO GPIO Controller
Driver Date  21/05/2015
Driver Version  604.10146.2652.361
Driver Provider  Intel Corporation
INF File  oem11.inf
Hardware ID  ACPI\VEN_INT&DEV_33FF
 
Device Resources:
IRQ  108
Memory  FEDA0000-FEDA7FFF
 
[ System devices / Intel Serial IO GPIO Controller ]
 
Device Properties:
Driver Description  Intel Serial IO GPIO Controller
Driver Date  21/05/2015
Driver Version  604.10146.2652.361
Driver Provider  Intel Corporation
INF File  oem11.inf
Hardware ID  ACPI\VEN_INT&DEV_33FF
 
Device Resources:
IRQ  48
Memory  FED88000-FED8FFFF
 
[ System devices / Intel(R) Dynamic Platform & Thermal Framework Display Participant Driver ]
 
Device Properties:
Driver Description  Intel(R) Dynamic Platform & Thermal Framework Display Participant Driver
Driver Date  10/06/2015
Driver Version  604.10146.2651.1559
Driver Provider  Intel
INF File  oem19.inf
Hardware ID  ACPI\VEN_INT&DEV_3406
 
[ System devices / Intel(R) Dynamic Platform & Thermal Framework Driver ]
 
Device Properties:
Driver Description  Intel(R) Dynamic Platform & Thermal Framework Driver
Driver Date  10/06/2015
Driver Version  604.10146.2651.1559
Driver Provider  Intel
INF File  oem19.inf
Hardware ID  ACPI\VEN_INT&DEV_3400
 
[ System devices / Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver ]
 
Device Properties:
Driver Description  Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Driver Date  10/06/2015
Driver Version  604.10146.2651.1559
Driver Provider  Intel
INF File  oem19.inf
Hardware ID  ACPI\VEN_INT&DEV_3403
 
Device Resources:
IRQ  1024
 
[ System devices / Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver ]
 
Device Properties:
Driver Description  Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Driver Date  10/06/2015
Driver Version  604.10146.2651.1559
Driver Provider  Intel
INF File  oem19.inf
Hardware ID  ACPI\VEN_INT&DEV_3403
 
Device Resources:
IRQ  1036
 
[ System devices / Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver ]
 
Device Properties:
Driver Description  Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Driver Date  10/06/2015
Driver Version  604.10146.2651.1559
Driver Provider  Intel
INF File  oem19.inf
Hardware ID  ACPI\VEN_INT&DEV_3403
 
Device Resources:
IRQ  1037
 
[ System devices / Intel(R) Dynamic Platform & Thermal Framework Processor Participant Driver ]
 
Device Properties:
Driver Description  Intel(R) Dynamic Platform & Thermal Framework Processor Participant Driver
Driver Date  10/06/2015
Driver Version  604.10146.2651.1559
Driver Provider  Intel
INF File  oem19.inf
Hardware ID  PCI\VEN_8086&DEV_22DC&SUBSYS_1BDD1043&REV_20
Location Information  PCI bus 0, device 11, function 0
PCI Device  Intel Cherry Trail / Braswell SoC - P-Unit
 
Device Resources:
IRQ  65536
Memory  DFBFE000-DFBFEFFF
 
[ System devices / Intel(R) Imaging Signal Processor 2401 ]
 
Device Properties:
Driver Description  Intel(R) Imaging Signal Processor 2401
Driver Date  02/07/2015
Driver Version  21.10154.5886.364
Driver Provider  Intel Corporation
INF File  oem4.inf
Hardware ID  PCI\VEN_8086&DEV_22B8&SUBSYS_1BDD1043&REV_20
Location Information  PCI bus 0, device 3, function 0
PCI Device  Intel Cherry Trail / Braswell SoC - Image Signal Processor
 
Device Resources:
IRQ  65536
Memory  DFC00000-DFFFFFFF
 
[ System devices / Intel(R) Integrated Sensor Solution ]
 
Device Properties:
Driver Description  Intel(R) Integrated Sensor Solution
Driver Date  02/07/2015
Driver Version  2.0.0.3012
Driver Provider  Intel
INF File  oem22.inf
Hardware ID  PCI\VEN_8086&DEV_22D8&SUBSYS_1BDD1043&REV_20
Location Information  PCI bus 0, device 10, function 0
PCI Device  Intel(R) Integrated Sensor Solution [8086-22D8] [NoDB]
 
Device Resources:
IRQ  20
Memory  DFBFF000-DFBFFFFF
 
[ System devices / Intel(R) Power Engine Plug-in ]
 
Device Properties:
Driver Description  Intel(R) Power Engine Plug-in
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  intelpep.inf
Hardware ID  ACPI\VEN_INT&DEV_33A4
 
[ System devices / Intel(R) Power Management IC Device ]
 
Device Properties:
Driver Description  Intel(R) Power Management IC Device
Driver Date  25/05/2015
Driver Version  604.10146.2656.541
Driver Provider  Intel Corporation
INF File  oem1.inf
Hardware ID  ACPI\VEN_INT&DEV_33FD&REV_0003
 
Device Resources:
IRQ  1030
 
[ System devices / Intel(R) Serial IO I2C ES Controller ]
 
Device Properties:
Driver Description  Intel(R) Serial IO I2C ES Controller
Driver Date  30/06/2015
Driver Version  604.10146.2654.2819
Driver Provider  Intel Corporation
INF File  oem10.inf
Hardware ID  ACPI\VEN_8086&DEV_22C1
 
Device Resources:
DMA  00
DMA  01
IRQ  -1853816800
Memory  91830000-91830FFF
 
[ System devices / Intel(R) Serial IO I2C ES Controller ]
 
Device Properties:
Driver Description  Intel(R) Serial IO I2C ES Controller
Driver Date  30/06/2015
Driver Version  604.10146.2654.2819
Driver Provider  Intel Corporation
INF File  oem10.inf
Hardware ID  ACPI\VEN_8086&DEV_22C1
 
Device Resources:
DMA  02
DMA  03
IRQ  4456481
Memory  9182E000-9182EFFF
 
[ System devices / Intel(R) Serial IO I2C ES Controller ]
 
Device Properties:
Driver Description  Intel(R) Serial IO I2C ES Controller
Driver Date  30/06/2015
Driver Version  604.10146.2654.2819
Driver Provider  Intel Corporation
INF File  oem10.inf
Hardware ID  ACPI\VEN_8086&DEV_22C1
 
Device Resources:
DMA  04
DMA  05
IRQ  -1853816798
Memory  9182C000-9182CFFF
 
[ System devices / Intel(R) Serial IO I2C ES Controller ]
 
Device Properties:
Driver Description  Intel(R) Serial IO I2C ES Controller
Driver Date  30/06/2015
Driver Version  604.10146.2654.2819
Driver Provider  Intel Corporation
INF File  oem10.inf
Hardware ID  ACPI\VEN_8086&DEV_22C1
 
Device Resources:
DMA  00
DMA  01
IRQ  4456484
Memory  91828000-91828FFF
 
[ System devices / Intel(R) Serial IO I2C ES Controller ]
 
Device Properties:
Driver Description  Intel(R) Serial IO I2C ES Controller
Driver Date  30/06/2015
Driver Version  604.10146.2654.2819
Driver Provider  Intel Corporation
INF File  oem10.inf
Hardware ID  ACPI\VEN_8086&DEV_22C1
 
Device Resources:
DMA  02
DMA  03
IRQ  37
Memory  91826000-91826FFF
 
[ System devices / Intel(R) Serial IO I2C ES Controller ]
 
Device Properties:
Driver Description  Intel(R) Serial IO I2C ES Controller
Driver Date  30/06/2015
Driver Version  604.10146.2654.2819
Driver Provider  Intel Corporation
INF File  oem10.inf
Hardware ID  ACPI\VEN_8086&DEV_22C1
 
Device Resources:
DMA  04
DMA  05
IRQ  -1853816794
Memory  91824000-91824FFF
 
[ System devices / Intel(R) Serial IO I2C ES Controller ]
 
Device Properties:
Driver Description  Intel(R) Serial IO I2C ES Controller
Driver Date  30/06/2015
Driver Version  604.10146.2654.2819
Driver Provider  Intel Corporation
INF File  oem10.inf
Hardware ID  ACPI\VEN_8086&DEV_22C1
 
Device Resources:
DMA  06
DMA  07
IRQ  7274531
Memory  9182A000-9182AFFF
 
[ System devices / Intel(R) Serial IO SPI Controller ]
 
Device Properties:
Driver Description  Intel(R) Serial IO SPI Controller
Driver Date  01/06/2015
Driver Version  604.10146.2657.947
Driver Provider  Intel Corporation
INF File  oem15.inf
Hardware ID  ACPI\VEN_8086&DEV_228E
 
Device Resources:
DMA  06
DMA  07
IRQ  89
Memory  9181B000-9181BFFF
 
[ System devices / Intel(R) Serial IO SPI Controller ]
 
Device Properties:
Driver Description  Intel(R) Serial IO SPI Controller
Driver Date  01/06/2015
Driver Version  604.10146.2657.947
Driver Provider  Intel Corporation
INF File  oem15.inf
Hardware ID  ACPI\VEN_8086&DEV_228E
 
Device Resources:
DMA  08
DMA  09
IRQ  90
Memory  91819000-91819FFF
 
[ System devices / Intel(R) Serial IO SPI Controller ]
 
Device Properties:
Driver Description  Intel(R) Serial IO SPI Controller
Driver Date  01/06/2015
Driver Version  604.10146.2657.947
Driver Provider  Intel Corporation
INF File  oem15.inf
Hardware ID  ACPI\VEN_8086&DEV_228E
 
Device Resources:
DMA  00
DMA  01
IRQ  41
Memory  9181D000-9181DFFF
 
[ System devices / Intel(R) Serial IO UART Controller ]
 
Device Properties:
Driver Description  Intel(R) Serial IO UART Controller
Driver Date  21/05/2015
Driver Version  604.10146.2653.391
Driver Provider  Intel Corporation
INF File  oem13.inf
Hardware ID  ACPI\VEN_8086&DEV_228A
 
Device Resources:
DMA  02
DMA  03
IRQ  39
Memory  91821000-91821FFF
 
[ System devices / Intel(R) Serial IO UART Controller ]
 
Device Properties:
Driver Description  Intel(R) Serial IO UART Controller
Driver Date  21/05/2015
Driver Version  604.10146.2653.391
Driver Provider  Intel Corporation
INF File  oem13.inf
Hardware ID  ACPI\VEN_8086&DEV_228A
 
Device Resources:
DMA  04
DMA  05
IRQ  40
Memory  9181F000-9181FFFF
 
[ System devices / Intel(R) Sideband Fabric Device ]
 
Device Properties:
Driver Description  Intel(R) Sideband Fabric Device
Driver Date  26/05/2015
Driver Version  604.10146.2655.573
Driver Provider  Intel Corporation
INF File  oem16.inf
Hardware ID  ACPI\VEN_INT&DEV_33BD&REV_0002
 
Device Resources:
Memory  E00000D0-E00000DF
 
[ System devices / Intel(R) Trusted Execution Engine Interface ]
 
Device Properties:
Driver Description  Intel(R) Trusted Execution Engine Interface
Driver Date  16/06/2015
Driver Version  2.0.0.1067
Driver Provider  Intel
INF File  oem24.inf
Hardware ID  PCI\VEN_8086&DEV_2298&SUBSYS_1BDD1043&REV_20
Location Information  PCI bus 0, device 26, function 0
PCI Device  Intel Cherry Trail / Braswell SoC - Trusted Execution Engine
 
Device Resources:
IRQ  65536
Memory  91600000-916FFFFF
Memory  91700000-917FFFFF
 
[ System devices / ISS Dynamic Bus Enumerator ]
 
Device Properties:
Driver Description  ISS Dynamic Bus Enumerator
Driver Date  02/07/2015
Driver Version  2.0.0.3012
Driver Provider  Intel
INF File  oem0.inf
Hardware ID  {DEA5AE2A-D1FD-438A-A091-CBD484788435}\ISH_BUS
Location Information  ISH HECI BUS
 
[ System devices / Legacy device ]
 
Device Properties:
Driver Description  Legacy device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  machine.inf
Hardware ID  ACPI\VEN_INT&DEV_0800
 
[ System devices / Microsoft ACPI-Compliant System ]
 
Device Properties:
Driver Description  Microsoft ACPI-Compliant System
Driver Date  21/06/2006
Driver Version  10.0.10240.16397
Driver Provider  Microsoft
INF File  acpi.inf
Hardware ID  ACPI_HAL\PNP0C08
PnP Device  ACPI Driver/BIOS
 
Device Resources:
IRQ  100
IRQ  101
IRQ  102
IRQ  103
IRQ  104
IRQ  105
IRQ  106
IRQ  107
IRQ  108
IRQ  109
IRQ  110
IRQ  111
IRQ  112
IRQ  113
IRQ  114
IRQ  115
IRQ  116
IRQ  117
IRQ  118
IRQ  119
IRQ  120
IRQ  121
IRQ  122
IRQ  123
IRQ  124
IRQ  125
IRQ  126
IRQ  127
IRQ  128
IRQ  129
IRQ  130
IRQ  131
IRQ  132
IRQ  133
IRQ  134
IRQ  135
IRQ  136
IRQ  137
IRQ  138
IRQ  139
IRQ  140
IRQ  141
IRQ  142
IRQ  143
IRQ  144
IRQ  145
IRQ  146
IRQ  147
IRQ  148
IRQ  149
IRQ  150
IRQ  151
IRQ  152
IRQ  153
IRQ  154
IRQ  155
IRQ  156
IRQ  157
IRQ  158
IRQ  159
IRQ  160
IRQ  161
IRQ  162
IRQ  163
IRQ  164
IRQ  165
IRQ  166
IRQ  167
IRQ  168
IRQ  169
IRQ  170
IRQ  171
IRQ  172
IRQ  173
IRQ  174
IRQ  175
IRQ  176
IRQ  177
IRQ  178
IRQ  179
IRQ  180
IRQ  181
IRQ  182
IRQ  183
IRQ  184
IRQ  185
IRQ  186
IRQ  187
IRQ  188
IRQ  189
IRQ  190
IRQ  191
IRQ  192
IRQ  193
IRQ  194
IRQ  195
IRQ  196
IRQ  197
IRQ  198
IRQ  199
IRQ  200
IRQ  201
IRQ  202
IRQ  203
IRQ  204
IRQ  256
IRQ  257
IRQ  258
IRQ  259
IRQ  260
IRQ  261
IRQ  262
IRQ  263
IRQ  264
IRQ  265
IRQ  266
IRQ  267
IRQ  268
IRQ  269
IRQ  270
IRQ  271
IRQ  272
IRQ  273
IRQ  274
IRQ  275
IRQ  276
IRQ  277
IRQ  278
IRQ  279
IRQ  280
IRQ  281
IRQ  282
IRQ  283
IRQ  284
IRQ  285
IRQ  286
IRQ  287
IRQ  288
IRQ  289
IRQ  290
IRQ  291
IRQ  292
IRQ  293
IRQ  294
IRQ  295
IRQ  296
IRQ  297
IRQ  298
IRQ  299
IRQ  300
IRQ  301
IRQ  302
IRQ  303
IRQ  304
IRQ  305
IRQ  306
IRQ  307
IRQ  308
IRQ  309
IRQ  310
IRQ  311
IRQ  312
IRQ  313
IRQ  314
IRQ  315
IRQ  316
IRQ  317
IRQ  318
IRQ  319
IRQ  320
IRQ  321
IRQ  322
IRQ  323
IRQ  324
IRQ  325
IRQ  326
IRQ  327
IRQ  328
IRQ  329
IRQ  330
IRQ  331
IRQ  332
IRQ  333
IRQ  334
IRQ  335
IRQ  336
IRQ  337
IRQ  338
IRQ  339
IRQ  340
IRQ  341
IRQ  342
IRQ  343
IRQ  344
IRQ  345
IRQ  346
IRQ  347
IRQ  348
IRQ  349
IRQ  350
IRQ  351
IRQ  352
IRQ  353
IRQ  354
IRQ  355
IRQ  356
IRQ  357
IRQ  358
IRQ  359
IRQ  360
IRQ  361
IRQ  362
IRQ  363
IRQ  364
IRQ  365
IRQ  366
IRQ  367
IRQ  368
IRQ  369
IRQ  370
IRQ  371
IRQ  372
IRQ  373
IRQ  374
IRQ  375
IRQ  376
IRQ  377
IRQ  378
IRQ  379
IRQ  380
IRQ  381
IRQ  382
IRQ  383
IRQ  384
IRQ  385
IRQ  386
IRQ  387
IRQ  388
IRQ  389
IRQ  390
IRQ  391
IRQ  392
IRQ  393
IRQ  394
IRQ  395
IRQ  396
IRQ  397
IRQ  398
IRQ  399
IRQ  400
IRQ  401
IRQ  402
IRQ  403
IRQ  404
IRQ  405
IRQ  406
IRQ  407
IRQ  408
IRQ  409
IRQ  410
IRQ  411
IRQ  412
IRQ  413
IRQ  414
IRQ  415
IRQ  416
IRQ  417
IRQ  418
IRQ  419
IRQ  420
IRQ  421
IRQ  422
IRQ  423
IRQ  424
IRQ  425
IRQ  426
IRQ  427
IRQ  428
IRQ  429
IRQ  430
IRQ  431
IRQ  432
IRQ  433
IRQ  434
IRQ  435
IRQ  436
IRQ  437
IRQ  438
IRQ  439
IRQ  440
IRQ  441
IRQ  442
IRQ  443
IRQ  444
IRQ  445
IRQ  446
IRQ  447
IRQ  448
IRQ  449
IRQ  450
IRQ  451
IRQ  452
IRQ  453
IRQ  454
IRQ  455
IRQ  456
IRQ  457
IRQ  458
IRQ  459
IRQ  460
IRQ  461
IRQ  462
IRQ  463
IRQ  464
IRQ  465
IRQ  466
IRQ  467
IRQ  468
IRQ  469
IRQ  470
IRQ  471
IRQ  472
IRQ  473
IRQ  474
IRQ  475
IRQ  476
IRQ  477
IRQ  478
IRQ  479
IRQ  480
IRQ  481
IRQ  482
IRQ  483
IRQ  484
IRQ  485
IRQ  486
IRQ  487
IRQ  488
IRQ  489
IRQ  490
IRQ  491
IRQ  492
IRQ  493
IRQ  494
IRQ  495
IRQ  496
IRQ  497
IRQ  498
IRQ  499
IRQ  500
IRQ  501
IRQ  502
IRQ  503
IRQ  504
IRQ  505
IRQ  506
IRQ  507
IRQ  508
IRQ  509
IRQ  510
IRQ  511
IRQ  54
IRQ  55
IRQ  56
IRQ  57
IRQ  58
IRQ  59
IRQ  60
IRQ  61
IRQ  62
IRQ  63
IRQ  64
IRQ  65
IRQ  66
IRQ  67
IRQ  68
IRQ  69
IRQ  70
IRQ  71
IRQ  72
IRQ  73
IRQ  74
IRQ  75
IRQ  76
IRQ  77
IRQ  78
IRQ  79
IRQ  80
IRQ  81
IRQ  82
IRQ  83
IRQ  84
IRQ  85
IRQ  86
IRQ  87
IRQ  88
IRQ  89
IRQ  90
IRQ  91
IRQ  92
IRQ  93
IRQ  94
IRQ  95
IRQ  96
IRQ  97
IRQ  98
IRQ  99
 
[ System devices / Microsoft Basic Display Driver ]
 
Device Properties:
Driver Description  Microsoft Basic Display Driver
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  basicdisplay.inf
Hardware ID  ROOT\BasicDisplay
 
[ System devices / Microsoft Basic Render Driver ]
 
Device Properties:
Driver Description  Microsoft Basic Render Driver
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  basicrender.inf
Hardware ID  ROOT\BasicRender
 
[ System devices / Microsoft System Management BIOS Driver ]
 
Device Properties:
Driver Description  Microsoft System Management BIOS Driver
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  mssmbios.inf
Hardware ID  ROOT\mssmbios
 
[ System devices / Microsoft UEFI-Compliant System ]
 
Device Properties:
Driver Description  Microsoft UEFI-Compliant System
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  uefi.inf
Hardware ID  ACPI_HAL\UEFI
 
[ System devices / Microsoft Virtual Drive Enumerator ]
 
Device Properties:
Driver Description  Microsoft Virtual Drive Enumerator
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  vdrvroot.inf
Hardware ID  ROOT\vdrvroot
 
[ System devices / Microsoft Windows Management Interface for ACPI ]
 
Device Properties:
Driver Description  Microsoft Windows Management Interface for ACPI
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  wmiacpi.inf
Hardware ID  ACPI\VEN_PNP&DEV_0C14
 
[ System devices / Motherboard resources ]
 
Device Properties:
Driver Description  Motherboard resources
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  machine.inf
Hardware ID  ACPI\VEN_PNP&DEV_0C02
 
[ System devices / Motherboard resources ]
 
Device Properties:
Driver Description  Motherboard resources
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  machine.inf
Hardware ID  ACPI\VEN_PNP&DEV_0C02
 
[ System devices / Motherboard resources ]
 
Device Properties:
Driver Description  Motherboard resources
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  machine.inf
Hardware ID  ACPI\VEN_PNP&DEV_0C02
 
[ System devices / Motherboard resources ]
 
Device Properties:
Driver Description  Motherboard resources
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  machine.inf
Hardware ID  ACPI\VEN_PNP&DEV_0C02
 
[ System devices / NDIS Virtual Network Adapter Enumerator ]
 
Device Properties:
Driver Description  NDIS Virtual Network Adapter Enumerator
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  ndisvirtualbus.inf
Hardware ID  ROOT\NdisVirtualBus
 
[ System devices / PCI Express Root Complex ]
 
Device Properties:
Driver Description  PCI Express Root Complex
Driver Date  21/06/2006
Driver Version  10.0.10240.16390
Driver Provider  Microsoft
INF File  pci.inf
Hardware ID  ACPI\VEN_PNP&DEV_0A08
 
Device Resources:
Memory  000A0000-000BFFFF
Memory  000C0000-000DFFFF
Memory  000E0000-000FFFFF
Memory  20000000-201FFFFF
Memory  7CC00001-7EC00000
Memory  80000000-DFFFFFFF
Port  0000-006F
Port  0078-0CF7
Port  0D00-FFFF
 
[ System devices / PCI standard host CPU bridge ]
 
Device Properties:
Driver Description  PCI standard host CPU bridge
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  machine.inf
Hardware ID  PCI\VEN_8086&DEV_2280&SUBSYS_1BDD1043&REV_20
Location Information  PCI bus 0, device 0, function 0
PCI Device  Intel Cherry Trail / Braswell SoC - Transaction Router
 
[ System devices / PCI standard ISA bridge ]
 
Device Properties:
Driver Description  PCI standard ISA bridge
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  machine.inf
Hardware ID  PCI\VEN_8086&DEV_229C&SUBSYS_1BDD1043&REV_20
Location Information  PCI bus 0, device 31, function 0
PCI Device  Intel Cherry Trail / Braswell SoC - Platform Controller Unit - LPC
 
[ System devices / Plug and Play Software Device Enumerator ]
 
Device Properties:
Driver Description  Plug and Play Software Device Enumerator
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  swenum.inf
Hardware ID  ROOT\SWENUM
 
[ System devices / Programmable interrupt controller ]
 
Device Properties:
Driver Description  Programmable interrupt controller
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  machine.inf
Hardware ID  ACPI\VEN_PNP&DEV_0000
 
[ System devices / Remote Desktop Device Redirector Bus ]
 
Device Properties:
Driver Description  Remote Desktop Device Redirector Bus
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  rdpbus.inf
Hardware ID  ROOT\RDPBUS
 
[ System devices / System CMOS/real time clock ]
 
Device Properties:
Driver Description  System CMOS/real time clock
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  machine.inf
Hardware ID  ACPI\VEN_PNP&DEV_0B00
 
Device Resources:
Port  0070-0077
 
[ System devices / System timer ]
 
Device Properties:
Driver Description  System timer
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  machine.inf
Hardware ID  ACPI\VEN_PNP&DEV_0100
 
[ System devices / UMBus Root Bus Enumerator ]
 
Device Properties:
Driver Description  UMBus Root Bus Enumerator
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  umbus.inf
Hardware ID  root\umbus
 
[ System devices / Volume Manager ]
 
Device Properties:
Driver Description  Volume Manager
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  volmgr.inf
Hardware ID  ROOT\VOLMGR
 
[ Universal Serial Bus controllers / Generic USB Hub ]
 
Device Properties:
Driver Description  Generic USB Hub
Driver Date  02/08/2015
Driver Version  10.0.10240.16425
Driver Provider  Microsoft
INF File  usbhub3.inf
Hardware ID  USB\VID_05E3&PID_0610&REV_3298
Location Information  Port_#0003.Hub_#0001
 
[ Universal Serial Bus controllers / Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft) ]
 
Device Properties:
Driver Description  Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)
Driver Date  09/07/2015
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  usbxhci.inf
Hardware ID  PCI\VEN_8086&DEV_22B5&SUBSYS_1BDD1043&REV_20
Location Information  PCI bus 0, device 20, function 0
PCI Device  Intel Cherry Trail / Braswell SoC - USB 3.0 xHCI Controller
 
Device Resources:
IRQ  65536
Memory  91800000-9180FFFF
 
Chipset Manufacturer:
Company Name  Intel Corporation
Product Information  http://www.intel.com/products/chipsets
Driver Download  http://support.intel.com/support/chipsets
BIOS Upgrades  http://www.aida64.com/bios-updates
Driver Update  http://www.aida64.com/driver-updates
 
[ Universal Serial Bus controllers / USB Composite Device ]
 
Device Properties:
Driver Description  USB Composite Device
Driver Date  21/06/2006
Driver Version  10.0.10240.16384
Driver Provider  Microsoft
INF File  usb.inf
Hardware ID  USB\VID_0B05&PID_1807&REV_0011
Location Information  Port_#0003.Hub_#0002
 
[ Universal Serial Bus controllers / USB Root Hub (xHCI) ]
 
Device Properties:
Driver Description  USB Root Hub (xHCI)
Driver Date  02/08/2015
Driver Version  10.0.10240.16425
Driver Provider  Microsoft
INF File  usbhub3.inf
Hardware ID  USB\ROOT_HUB30&VID8086&PID22B5&REV0020
 
[ Unknown / Unknown ]
 
Device Properties:
Driver Description  Unknown


Physical Devices

 
PCI Devices:
Bus 0, Device 2, Function 0  Intel Cherry Trail / Braswell SoC - Integrated Graphics Controller (16 EU)
Bus 0, Device 31, Function 0  Intel Cherry Trail / Braswell SoC - Platform Controller Unit - LPC
Bus 0, Device 11, Function 0  Intel Cherry Trail / Braswell SoC - P-Unit
Bus 0, Device 0, Function 0  Intel Cherry Trail / Braswell SoC - Transaction Router
Bus 0, Device 26, Function 0  Intel Cherry Trail / Braswell SoC - Trusted Execution Engine
Bus 0, Device 20, Function 0  Intel Cherry Trail / Braswell SoC - USB 3.0 xHCI Controller
Bus 0, Device 10, Function 0  Intel(R) Integrated Sensor Solution [8086-22D8] [NoDB]
 
PnP Devices:
PNP0501  16550A-compatible UART Serial Port
PNP0C08  ACPI Driver/BIOS
FIXEDBUTTON  ACPI Fixed Feature Button
PNP0C14  ACPI Management Interface
ACPI000C  ACPI Processor Aggregator
THERMALZONE  ACPI Thermal Zone
PNP0A08  ACPI Three-wire Device Bus
BCM2E72  Broadcom Serial Bus Driver over UART Bus Enumerator [NoDB]
OVTI5670  Camera Sensor ov5670
HIMX2051  Camera Sensor Unicam hm2051
PNP0C0A  Control Method Battery
ACPI0011  HID Button over Interrupt Driver
PNP0103  High Precision Event Timer
SIS0457  I2C HID Device [NoDB]
INT3406  Intel Dynamic Platform & Thermal Framework Display Participant
INT3403  Intel Dynamic Platform & Thermal Framework Generic Participant
INT3403  Intel Dynamic Platform & Thermal Framework Generic Participant
INT3403  Intel Dynamic Platform & Thermal Framework Generic Participant
INT3400  Intel Dynamic Platform & Thermal Framework
INT0800  Intel Flash EEPROM
INT33D3  Intel GPIO Button
INT33D5  Intel HID Event Filter
INT33BD  Intel MBI Sideband Fabric Device
INT33FD  Intel Power Management IC Device
80860F14  Intel SD Host Controller
80860F14  Intel SD Host Controller
80860F14  Intel SD Host Controller
INT33FF  Intel Serial IO GPIO Controller
INT33FF  Intel Serial IO GPIO Controller
INT33FF  Intel Serial IO GPIO Controller
INT33FF  Intel Serial IO GPIO Controller
INT33FF  Intel Serial IO GPIO Controller
808622A8  Intel SST Audio Device (WDM)
GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_76_-_______INTEL(R)_ATOM(TM)_X5-Z8500__CPU_@_1.44GHZ  Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz
GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_76_-_______INTEL(R)_ATOM(TM)_X5-Z8500__CPU_@_1.44GHZ  Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz
GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_76_-_______INTEL(R)_ATOM(TM)_X5-Z8500__CPU_@_1.44GHZ  Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz
GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_76_-_______INTEL(R)_ATOM(TM)_X5-Z8500__CPU_@_1.44GHZ  Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz
INT33A4  Intel(R) Power Engine Plug-in [NoDB]
INTL9C60  Intel(R) Serial IO DMA Controller
INTL9C60  Intel(R) Serial IO DMA Controller
808622C1  Intel(R) Serial IO I2C ES Controller
808622C1  Intel(R) Serial IO I2C ES Controller
808622C1  Intel(R) Serial IO I2C ES Controller
808622C1  Intel(R) Serial IO I2C ES Controller
808622C1  Intel(R) Serial IO I2C ES Controller
808622C1  Intel(R) Serial IO I2C ES Controller
808622C1  Intel(R) Serial IO I2C ES Controller
8086228E  Intel(R) Serial IO SPI Controller
8086228E  Intel(R) Serial IO SPI Controller
8086228E  Intel(R) Serial IO SPI Controller
8086228A  Intel(R) Serial IO UART Controller
8086228A  Intel(R) Serial IO UART Controller
PNP0C0D  Lid
ACPI0003  Microsoft AC Adapter
UEFI  Microsoft UEFI-Compliant System
PNP0C0C  Power Button
PNP0000  Programmable Interrupt Controller
10EC3270  Realtek I2S Audio Codec
PNP0B00  Real-Time Clock
PNP0C0E  Sleep Button
PNP0100  System Timer
PNP0C02  Thermal Monitoring ACPI Device
PNP0C02  Thermal Monitoring ACPI Device
PNP0C02  Thermal Monitoring ACPI Device
PNP0C02  Thermal Monitoring ACPI Device
MSFT0101  Trusted Platform Module 2.0
 
USB Devices:
05E3 0610  Generic USB Hub
0B05 1807  USB Composite Device
0458 003A  USB Input Device
0B05 1807  USB Input Device
0B05 1807  USB Input Device
0B05 1807  USB Input Device
 
Ports:
COM1  Communications Port (COM1)


PCI Devices

 
[ Intel Cherry Trail / Braswell SoC - Integrated Graphics Controller (16 EU) ]
 
Device Properties:
Device Description  Intel Cherry Trail / Braswell SoC - Integrated Graphics Controller (16 EU)
Bus Type  PCI
Bus / Device / Function  0 / 2 / 0
Device ID  8086-22B0
Subsystem ID  1043-1BDD
Device Class  0300 (VGA Display Controller)
Revision  20
Fast Back-to-Back Transactions  Not Supported
 
Device Features:
66 MHz Operation  Not Supported
Bus Mastering  Enabled
 
Video Adapter Manufacturer:
Company Name  Intel Corporation
Product Information  http://www.intel.com/products/chipsets
Driver Download  http://support.intel.com/support/graphics
Driver Update  http://www.aida64.com/driver-updates
 
[ Intel Cherry Trail / Braswell SoC - Platform Controller Unit - LPC ]
 
Device Properties:
Device Description  Intel Cherry Trail / Braswell SoC - Platform Controller Unit - LPC
Bus Type  PCI
Bus / Device / Function  0 / 31 / 0
Device ID  8086-229C
Subsystem ID  1043-1BDD
Device Class  0601 (PCI/ISA Bridge)
Revision  20
Fast Back-to-Back Transactions  Not Supported
 
Device Features:
66 MHz Operation  Not Supported
Bus Mastering  Enabled
 
[ Intel Cherry Trail / Braswell SoC - P-Unit ]
 
Device Properties:
Device Description  Intel Cherry Trail / Braswell SoC - P-Unit
Bus Type  PCI
Bus / Device / Function  0 / 11 / 0
Device ID  8086-22DC
Subsystem ID  1043-1BDD
Device Class  1180 (Data Acquisition / Signal Processing Controller)
Revision  20
Fast Back-to-Back Transactions  Not Supported
 
Device Features:
66 MHz Operation  Not Supported
Bus Mastering  Enabled
 
[ Intel Cherry Trail / Braswell SoC - Transaction Router ]
 
Device Properties:
Device Description  Intel Cherry Trail / Braswell SoC - Transaction Router
Bus Type  PCI
Bus / Device / Function  0 / 0 / 0
Device ID  8086-2280
Subsystem ID  1043-1BDD
Device Class  0600 (Host/PCI Bridge)
Revision  20
Fast Back-to-Back Transactions  Not Supported
 
Device Features:
66 MHz Operation  Not Supported
Bus Mastering  Enabled
 
[ Intel Cherry Trail / Braswell SoC - Trusted Execution Engine ]
 
Device Properties:
Device Description  Intel Cherry Trail / Braswell SoC - Trusted Execution Engine
Bus Type  PCI
Bus / Device / Function  0 / 26 / 0
Device ID  8086-2298
Subsystem ID  1043-1BDD
Device Class  1080 (En/decryption Controller)
Revision  20
Fast Back-to-Back Transactions  Not Supported
 
Device Features:
66 MHz Operation  Not Supported
Bus Mastering  Disabled
 
[ Intel Cherry Trail / Braswell SoC - USB 3.0 xHCI Controller ]
 
Device Properties:
Device Description  Intel Cherry Trail / Braswell SoC - USB 3.0 xHCI Controller
Bus Type  PCI
Bus / Device / Function  0 / 20 / 0
Device ID  8086-22B5
Subsystem ID  1043-1BDD
Device Class  0C03 (USB Controller)
Revision  20
Fast Back-to-Back Transactions  Supported, Disabled
 
Device Features:
66 MHz Operation  Not Supported
Bus Mastering  Enabled
 
[ Intel(R) Integrated Sensor Solution [8086-22D8] [NoDB] ]
 
Device Properties:
Device Description  Intel(R) Integrated Sensor Solution [8086-22D8] [NoDB]
Bus Type  PCI
Bus / Device / Function  0 / 10 / 0
Device ID  8086-22D8
Subsystem ID  1043-1BDD
Revision  20
Fast Back-to-Back Transactions  Not Supported
 
Device Features:
66 MHz Operation  Not Supported
Bus Mastering  Enabled


USB Devices

 
[ Generic USB Hub (USB2.0 Hub) ]
 
Device Properties:
Device Description  Generic USB Hub
Device ID  05E3-0610
Device Class  09 / 00 (Hi-Speed Hub with multiple TTs)
Device Protocol  02
Product  USB2.0 Hub
Supported USB Version  2.00
Current Speed  High (USB 2.0)
 
[ USB Input Device (Optical Mouse) ]
 
Device Properties:
Device Description  USB Input Device
Device ID  0458-003A
Device Class  03 / 01 (Human Interface Device)
Device Protocol  02
Manufacturer  Genius
Product  Optical Mouse
Supported USB Version  1.10
Current Speed  Low (USB 1.1)
 
[ USB Composite Device ]
 
Device Properties:
Device Description  USB Composite Device
Device ID  0B05-1807
Device Class  03 / 01 (Human Interface Device)
Device Protocol  01
Supported USB Version  2.00
Current Speed  Full (USB 1.1)


Device Resources

 
Resource  Share  Device Description
DMA 00  Exclusive  Intel(R) Serial IO I2C ES Controller
DMA 00  Exclusive  Intel(R) Serial IO I2C ES Controller
DMA 00  Exclusive  Intel(R) Serial IO SPI Controller
DMA 01  Exclusive  Intel(R) Serial IO I2C ES Controller
DMA 01  Exclusive  Intel(R) Serial IO I2C ES Controller
DMA 01  Exclusive  Intel(R) Serial IO SPI Controller
DMA 02  Exclusive  Intel(R) Serial IO I2C ES Controller
DMA 02  Exclusive  Intel(R) Serial IO I2C ES Controller
DMA 02  Exclusive  Intel(R) Serial IO UART Controller
DMA 03  Exclusive  Intel(R) Serial IO I2C ES Controller
DMA 03  Exclusive  Intel(R) Serial IO I2C ES Controller
DMA 03  Exclusive  Intel(R) Serial IO UART Controller
DMA 04  Exclusive  Intel(R) Serial IO I2C ES Controller
DMA 04  Exclusive  Intel(R) Serial IO I2C ES Controller
DMA 04  Exclusive  Intel(R) Serial IO UART Controller
DMA 05  Exclusive  Intel(R) Serial IO I2C ES Controller
DMA 05  Exclusive  Intel(R) Serial IO I2C ES Controller
DMA 05  Exclusive  Intel(R) Serial IO UART Controller
DMA 06  Exclusive  Intel(R) Serial IO I2C ES Controller
DMA 06  Exclusive  Intel(R) Serial IO SPI Controller
DMA 07  Exclusive  Intel(R) Serial IO I2C ES Controller
DMA 07  Exclusive  Intel(R) Serial IO SPI Controller
DMA 08  Exclusive  Intel(R) Serial IO SPI Controller
DMA 09  Exclusive  Intel(R) Serial IO SPI Controller
IRQ 04  Exclusive  Communications Port (COM1)
IRQ 100  Exclusive  Microsoft ACPI-Compliant System
IRQ 101  Exclusive  Microsoft ACPI-Compliant System
IRQ 102  Exclusive  Microsoft ACPI-Compliant System
IRQ 1024  Exclusive  Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
IRQ 1025  Exclusive  Intel SST Audio Device (WDM)
IRQ 1028  Exclusive  Broadcom Serial Bus Driver over UART Bus Enumerator
IRQ 1029  Exclusive  Realtek I2S Audio Codec
IRQ 103  Exclusive  Microsoft ACPI-Compliant System
IRQ 1030  Shared  Intel(R) Power Management IC Device
IRQ 1031  Exclusive  HID Button over Interrupt Driver
IRQ 1032  Exclusive  HID Button over Interrupt Driver
IRQ 1033  Exclusive  HID Button over Interrupt Driver
IRQ 1034  Exclusive  HID Button over Interrupt Driver
IRQ 1035  Exclusive  HID Button over Interrupt Driver
IRQ 1036  Exclusive  Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
IRQ 1037  Exclusive  Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
IRQ 1038  Shared  Intel SD Host Controller
IRQ 1039  Shared  I2C HID Device
IRQ 104  Exclusive  Microsoft ACPI-Compliant System
IRQ 1040  Exclusive  Broadcom 802.11abgn Wireless SDIO Adapter
IRQ 105  Exclusive  Microsoft ACPI-Compliant System
IRQ 106  Exclusive  Microsoft ACPI-Compliant System
IRQ 107  Exclusive  Microsoft ACPI-Compliant System
IRQ 108  Exclusive  Microsoft ACPI-Compliant System
IRQ 108  Shared  Intel Serial IO GPIO Controller
IRQ 109  Exclusive  Microsoft ACPI-Compliant System
IRQ 110  Exclusive  Microsoft ACPI-Compliant System
IRQ 111  Exclusive  Microsoft ACPI-Compliant System
IRQ 112  Exclusive  Microsoft ACPI-Compliant System
IRQ 113  Exclusive  Microsoft ACPI-Compliant System
IRQ 114  Exclusive  Microsoft ACPI-Compliant System
IRQ 115  Exclusive  Microsoft ACPI-Compliant System
IRQ 116  Exclusive  Microsoft ACPI-Compliant System
IRQ 117  Exclusive  Microsoft ACPI-Compliant System
IRQ 118  Exclusive  Microsoft ACPI-Compliant System
IRQ 119  Exclusive  Microsoft ACPI-Compliant System
IRQ 120  Exclusive  Microsoft ACPI-Compliant System
IRQ 121  Exclusive  Microsoft ACPI-Compliant System
IRQ 122  Exclusive  Microsoft ACPI-Compliant System
IRQ 123  Exclusive  Microsoft ACPI-Compliant System
IRQ 124  Exclusive  Microsoft ACPI-Compliant System
IRQ 125  Exclusive  Microsoft ACPI-Compliant System
IRQ 126  Exclusive  Microsoft ACPI-Compliant System
IRQ 127  Exclusive  Microsoft ACPI-Compliant System
IRQ 128  Exclusive  Microsoft ACPI-Compliant System
IRQ 129  Exclusive  Microsoft ACPI-Compliant System
IRQ 130  Exclusive  Microsoft ACPI-Compliant System
IRQ 131  Exclusive  Microsoft ACPI-Compliant System
IRQ 132  Exclusive  Microsoft ACPI-Compliant System
IRQ 133  Exclusive  Microsoft ACPI-Compliant System
IRQ 134  Exclusive  Microsoft ACPI-Compliant System
IRQ 135  Exclusive  Microsoft ACPI-Compliant System
IRQ 136  Exclusive  Microsoft ACPI-Compliant System
IRQ 137  Exclusive  Microsoft ACPI-Compliant System
IRQ 138  Exclusive  Microsoft ACPI-Compliant System
IRQ 139  Exclusive  Microsoft ACPI-Compliant System
IRQ 140  Exclusive  Microsoft ACPI-Compliant System
IRQ 141  Exclusive  Microsoft ACPI-Compliant System
IRQ 142  Exclusive  Microsoft ACPI-Compliant System
IRQ 143  Exclusive  Microsoft ACPI-Compliant System
IRQ 144  Exclusive  Microsoft ACPI-Compliant System
IRQ 145  Exclusive  Microsoft ACPI-Compliant System
IRQ 146  Exclusive  Microsoft ACPI-Compliant System
IRQ 147  Exclusive  Microsoft ACPI-Compliant System
IRQ 148  Exclusive  Microsoft ACPI-Compliant System
IRQ 149  Exclusive  Microsoft ACPI-Compliant System
IRQ 150  Exclusive  Microsoft ACPI-Compliant System
IRQ 151  Exclusive  Microsoft ACPI-Compliant System
IRQ 152  Exclusive  Microsoft ACPI-Compliant System
IRQ 153  Exclusive  Microsoft ACPI-Compliant System
IRQ 154  Exclusive  Microsoft ACPI-Compliant System
IRQ 155  Exclusive  Microsoft ACPI-Compliant System
IRQ 156  Exclusive  Microsoft ACPI-Compliant System
IRQ 157  Exclusive  Microsoft ACPI-Compliant System
IRQ 158  Exclusive  Microsoft ACPI-Compliant System
IRQ 159  Exclusive  Microsoft ACPI-Compliant System
IRQ 160  Exclusive  Microsoft ACPI-Compliant System
IRQ 161  Exclusive  Microsoft ACPI-Compliant System
IRQ 162  Exclusive  Microsoft ACPI-Compliant System
IRQ 163  Exclusive  Microsoft ACPI-Compliant System
IRQ 164  Exclusive  Microsoft ACPI-Compliant System
IRQ 165  Exclusive  Microsoft ACPI-Compliant System
IRQ 166  Exclusive  Microsoft ACPI-Compliant System
IRQ 167  Exclusive  Microsoft ACPI-Compliant System
IRQ 168  Exclusive  Microsoft ACPI-Compliant System
IRQ 169  Exclusive  Microsoft ACPI-Compliant System
IRQ 170  Exclusive  Microsoft ACPI-Compliant System
IRQ 171  Exclusive  Microsoft ACPI-Compliant System
IRQ 172  Exclusive  Microsoft ACPI-Compliant System
IRQ 173  Exclusive  Microsoft ACPI-Compliant System
IRQ 174  Exclusive  Microsoft ACPI-Compliant System
IRQ 175  Exclusive  Microsoft ACPI-Compliant System
IRQ 176  Exclusive  Microsoft ACPI-Compliant System
IRQ 177  Exclusive  Microsoft ACPI-Compliant System
IRQ 178  Exclusive  Microsoft ACPI-Compliant System
IRQ 179  Exclusive  Microsoft ACPI-Compliant System
IRQ 180  Exclusive  Microsoft ACPI-Compliant System
IRQ 181  Exclusive  Microsoft ACPI-Compliant System
IRQ 182  Exclusive  Microsoft ACPI-Compliant System
IRQ 183  Exclusive  Microsoft ACPI-Compliant System
IRQ 184  Exclusive  Microsoft ACPI-Compliant System
IRQ 185  Exclusive  Microsoft ACPI-Compliant System
IRQ -1853816794  Exclusive  Intel(R) Serial IO I2C ES Controller
IRQ -1853816798  Exclusive  Intel(R) Serial IO I2C ES Controller
IRQ -1853816800  Exclusive  Intel(R) Serial IO I2C ES Controller
IRQ 186  Exclusive  Microsoft ACPI-Compliant System
IRQ 187  Exclusive  Microsoft ACPI-Compliant System
IRQ 188  Exclusive  Microsoft ACPI-Compliant System
IRQ 189  Exclusive  Microsoft ACPI-Compliant System
IRQ 190  Exclusive  Microsoft ACPI-Compliant System
IRQ 191  Exclusive  Microsoft ACPI-Compliant System
IRQ 192  Exclusive  Microsoft ACPI-Compliant System
IRQ 193  Exclusive  Microsoft ACPI-Compliant System
IRQ 194  Exclusive  Microsoft ACPI-Compliant System
IRQ 195  Exclusive  Microsoft ACPI-Compliant System
IRQ 196  Exclusive  Microsoft ACPI-Compliant System
IRQ 197  Exclusive  Microsoft ACPI-Compliant System
IRQ 198  Exclusive  Microsoft ACPI-Compliant System
IRQ 199  Exclusive  Microsoft ACPI-Compliant System
IRQ 20  Shared  Intel(R) Integrated Sensor Solution
IRQ 200  Exclusive  Microsoft ACPI-Compliant System
IRQ 201  Exclusive  Microsoft ACPI-Compliant System
IRQ 202  Exclusive  Microsoft ACPI-Compliant System
IRQ 203  Exclusive  Microsoft ACPI-Compliant System
IRQ 204  Exclusive  Microsoft ACPI-Compliant System
IRQ 24  Exclusive  Intel SST Audio Device (WDM)
IRQ 25  Exclusive  Intel SST Audio Device (WDM)
IRQ 256  Exclusive  Microsoft ACPI-Compliant System
IRQ 257  Exclusive  Microsoft ACPI-Compliant System
IRQ 258  Exclusive  Microsoft ACPI-Compliant System
IRQ 259  Exclusive  Microsoft ACPI-Compliant System
IRQ 26  Exclusive  Intel SST Audio Device (WDM)
IRQ 260  Exclusive  Microsoft ACPI-Compliant System
IRQ 261  Exclusive  Microsoft ACPI-Compliant System
IRQ 262  Exclusive  Microsoft ACPI-Compliant System
IRQ 263  Exclusive  Microsoft ACPI-Compliant System
IRQ 264  Exclusive  Microsoft ACPI-Compliant System
IRQ 265  Exclusive  Microsoft ACPI-Compliant System
IRQ 266  Exclusive  Microsoft ACPI-Compliant System
IRQ 267  Exclusive  Microsoft ACPI-Compliant System
IRQ 268  Exclusive  Microsoft ACPI-Compliant System
IRQ 269  Exclusive  Microsoft ACPI-Compliant System
IRQ 27  Exclusive  Intel SST Audio Device (WDM)
IRQ 270  Exclusive  Microsoft ACPI-Compliant System
IRQ 271  Exclusive  Microsoft ACPI-Compliant System
IRQ 272  Exclusive  Microsoft ACPI-Compliant System
IRQ 273  Exclusive  Microsoft ACPI-Compliant System
IRQ 274  Exclusive  Microsoft ACPI-Compliant System
IRQ 275  Exclusive  Microsoft ACPI-Compliant System
IRQ 276  Exclusive  Microsoft ACPI-Compliant System
IRQ 277  Exclusive  Microsoft ACPI-Compliant System
IRQ 278  Exclusive  Microsoft ACPI-Compliant System
IRQ 279  Exclusive  Microsoft ACPI-Compliant System
IRQ 28  Exclusive  Intel SST Audio Device (WDM)
IRQ 280  Exclusive  Microsoft ACPI-Compliant System
IRQ 281  Exclusive  Microsoft ACPI-Compliant System
IRQ 282  Exclusive  Microsoft ACPI-Compliant System
IRQ 283  Exclusive  Microsoft ACPI-Compliant System
IRQ 284  Exclusive  Microsoft ACPI-Compliant System
IRQ 285  Exclusive  Microsoft ACPI-Compliant System
IRQ 286  Exclusive  Microsoft ACPI-Compliant System
IRQ 287  Exclusive  Microsoft ACPI-Compliant System
IRQ 288  Exclusive  Microsoft ACPI-Compliant System
IRQ 289  Exclusive  Microsoft ACPI-Compliant System
IRQ 29  Exclusive  Intel SST Audio Device (WDM)
IRQ 290  Exclusive  Microsoft ACPI-Compliant System
IRQ 291  Exclusive  Microsoft ACPI-Compliant System
IRQ 292  Exclusive  Microsoft ACPI-Compliant System
IRQ 293  Exclusive  Microsoft ACPI-Compliant System
IRQ 294  Exclusive  Microsoft ACPI-Compliant System
IRQ 295  Exclusive  Microsoft ACPI-Compliant System
IRQ 296  Exclusive  Microsoft ACPI-Compliant System
IRQ 297  Exclusive  Microsoft ACPI-Compliant System
IRQ 298  Exclusive  Microsoft ACPI-Compliant System
IRQ 299  Exclusive  Microsoft ACPI-Compliant System
IRQ 300  Exclusive  Microsoft ACPI-Compliant System
IRQ 301  Exclusive  Microsoft ACPI-Compliant System
IRQ 302  Exclusive  Microsoft ACPI-Compliant System
IRQ 303  Exclusive  Microsoft ACPI-Compliant System
IRQ 304  Exclusive  Microsoft ACPI-Compliant System
IRQ 305  Exclusive  Microsoft ACPI-Compliant System
IRQ 306  Exclusive  Microsoft ACPI-Compliant System
IRQ 307  Exclusive  Microsoft ACPI-Compliant System
IRQ 308  Exclusive  Microsoft ACPI-Compliant System
IRQ 309  Exclusive  Microsoft ACPI-Compliant System
IRQ 310  Exclusive  Microsoft ACPI-Compliant System
IRQ 311  Exclusive  Microsoft ACPI-Compliant System
IRQ 312  Exclusive  Microsoft ACPI-Compliant System
IRQ 313  Exclusive  Microsoft ACPI-Compliant System
IRQ 314  Exclusive  Microsoft ACPI-Compliant System
IRQ 315  Exclusive  Microsoft ACPI-Compliant System
IRQ 316  Exclusive  Microsoft ACPI-Compliant System
IRQ 317  Exclusive  Microsoft ACPI-Compliant System
IRQ 318  Exclusive  Microsoft ACPI-Compliant System
IRQ 319  Exclusive  Microsoft ACPI-Compliant System
IRQ 320  Exclusive  Microsoft ACPI-Compliant System
IRQ 321  Exclusive  Microsoft ACPI-Compliant System
IRQ 322  Exclusive  Microsoft ACPI-Compliant System
IRQ 323  Exclusive  Microsoft ACPI-Compliant System
IRQ 324  Exclusive  Microsoft ACPI-Compliant System
IRQ 325  Exclusive  Microsoft ACPI-Compliant System
IRQ 326  Exclusive  Microsoft ACPI-Compliant System
IRQ 327  Exclusive  Microsoft ACPI-Compliant System
IRQ 328  Exclusive  Microsoft ACPI-Compliant System
IRQ 329  Exclusive  Microsoft ACPI-Compliant System
IRQ 330  Exclusive  Microsoft ACPI-Compliant System
IRQ 331  Exclusive  Microsoft ACPI-Compliant System
IRQ 332  Exclusive  Microsoft ACPI-Compliant System
IRQ 333  Exclusive  Microsoft ACPI-Compliant System
IRQ 334  Exclusive  Microsoft ACPI-Compliant System
IRQ 335  Exclusive  Microsoft ACPI-Compliant System
IRQ 336  Exclusive  Microsoft ACPI-Compliant System
IRQ 337  Exclusive  Microsoft ACPI-Compliant System
IRQ 338  Exclusive  Microsoft ACPI-Compliant System
IRQ 339  Exclusive  Microsoft ACPI-Compliant System
IRQ 340  Exclusive  Microsoft ACPI-Compliant System
IRQ 341  Exclusive  Microsoft ACPI-Compliant System
IRQ 342  Exclusive  Microsoft ACPI-Compliant System
IRQ 343  Exclusive  Microsoft ACPI-Compliant System
IRQ 344  Exclusive  Microsoft ACPI-Compliant System
IRQ 345  Exclusive  Microsoft ACPI-Compliant System
IRQ 346  Exclusive  Microsoft ACPI-Compliant System
IRQ 347  Exclusive  Microsoft ACPI-Compliant System
IRQ 348  Exclusive  Microsoft ACPI-Compliant System
IRQ 349  Exclusive  Microsoft ACPI-Compliant System
IRQ 350  Exclusive  Microsoft ACPI-Compliant System
IRQ 351  Exclusive  Microsoft ACPI-Compliant System
IRQ 352  Exclusive  Microsoft ACPI-Compliant System
IRQ 353  Exclusive  Microsoft ACPI-Compliant System
IRQ 354  Exclusive  Microsoft ACPI-Compliant System
IRQ 355  Exclusive  Microsoft ACPI-Compliant System
IRQ 356  Exclusive  Microsoft ACPI-Compliant System
IRQ 357  Exclusive  Microsoft ACPI-Compliant System
IRQ 358  Exclusive  Microsoft ACPI-Compliant System
IRQ 359  Exclusive  Microsoft ACPI-Compliant System
IRQ 360  Exclusive  Microsoft ACPI-Compliant System
IRQ 361  Exclusive  Microsoft ACPI-Compliant System
IRQ 362  Exclusive  Microsoft ACPI-Compliant System
IRQ 363  Exclusive  Microsoft ACPI-Compliant System
IRQ 364  Exclusive  Microsoft ACPI-Compliant System
IRQ 365  Exclusive  Microsoft ACPI-Compliant System
IRQ 366  Exclusive  Microsoft ACPI-Compliant System
IRQ 367  Exclusive  Microsoft ACPI-Compliant System
IRQ 368  Exclusive  Microsoft ACPI-Compliant System
IRQ 369  Exclusive  Microsoft ACPI-Compliant System
IRQ 37  Exclusive  Intel(R) Serial IO I2C ES Controller
IRQ 370  Exclusive  Microsoft ACPI-Compliant System
IRQ 371  Exclusive  Microsoft ACPI-Compliant System
IRQ 372  Exclusive  Microsoft ACPI-Compliant System
IRQ 373  Exclusive  Microsoft ACPI-Compliant System
IRQ 374  Exclusive  Microsoft ACPI-Compliant System
IRQ 375  Exclusive  Microsoft ACPI-Compliant System
IRQ 376  Exclusive  Microsoft ACPI-Compliant System
IRQ 377  Exclusive  Microsoft ACPI-Compliant System
IRQ 378  Exclusive  Microsoft ACPI-Compliant System
IRQ 379  Exclusive  Microsoft ACPI-Compliant System
IRQ 380  Exclusive  Microsoft ACPI-Compliant System
IRQ 381  Exclusive  Microsoft ACPI-Compliant System
IRQ 382  Exclusive  Microsoft ACPI-Compliant System
IRQ 383  Exclusive  Microsoft ACPI-Compliant System
IRQ 384  Exclusive  Microsoft ACPI-Compliant System
IRQ 385  Exclusive  Microsoft ACPI-Compliant System
IRQ 386  Exclusive  Microsoft ACPI-Compliant System
IRQ 387  Exclusive  Microsoft ACPI-Compliant System
IRQ 388  Exclusive  Microsoft ACPI-Compliant System
IRQ 389  Exclusive  Microsoft ACPI-Compliant System
IRQ 39  Exclusive  Intel(R) Serial IO UART Controller
IRQ 390  Exclusive  Microsoft ACPI-Compliant System
IRQ 391  Exclusive  Microsoft ACPI-Compliant System
IRQ 392  Exclusive  Microsoft ACPI-Compliant System
IRQ 393  Exclusive  Microsoft ACPI-Compliant System
IRQ 394  Exclusive  Microsoft ACPI-Compliant System
IRQ 395  Exclusive  Microsoft ACPI-Compliant System
IRQ 396  Exclusive  Microsoft ACPI-Compliant System
IRQ 397  Exclusive  Microsoft ACPI-Compliant System
IRQ 398  Exclusive  Microsoft ACPI-Compliant System
IRQ 399  Exclusive  Microsoft ACPI-Compliant System
IRQ 40  Exclusive  Intel(R) Serial IO UART Controller
IRQ 400  Exclusive  Microsoft ACPI-Compliant System
IRQ 401  Exclusive  Microsoft ACPI-Compliant System
IRQ 402  Exclusive  Microsoft ACPI-Compliant System
IRQ 403  Exclusive  Microsoft ACPI-Compliant System
IRQ 404  Exclusive  Microsoft ACPI-Compliant System
IRQ 405  Exclusive  Microsoft ACPI-Compliant System
IRQ 406  Exclusive  Microsoft ACPI-Compliant System
IRQ 407  Exclusive  Microsoft ACPI-Compliant System
IRQ 408  Exclusive  Microsoft ACPI-Compliant System
IRQ 409  Exclusive  Microsoft ACPI-Compliant System
IRQ 41  Exclusive  Intel(R) Serial IO SPI Controller
IRQ 410  Exclusive  Microsoft ACPI-Compliant System
IRQ 411  Exclusive  Microsoft ACPI-Compliant System
IRQ 412  Exclusive  Microsoft ACPI-Compliant System
IRQ 413  Exclusive  Microsoft ACPI-Compliant System
IRQ 414  Exclusive  Microsoft ACPI-Compliant System
IRQ 415  Exclusive  Microsoft ACPI-Compliant System
IRQ 416  Exclusive  Microsoft ACPI-Compliant System
IRQ 417  Exclusive  Microsoft ACPI-Compliant System
IRQ 418  Exclusive  Microsoft ACPI-Compliant System
IRQ 419  Exclusive  Microsoft ACPI-Compliant System
IRQ 420  Exclusive  Microsoft ACPI-Compliant System
IRQ 421  Exclusive  Microsoft ACPI-Compliant System
IRQ 422  Exclusive  Microsoft ACPI-Compliant System
IRQ 423  Exclusive  Microsoft ACPI-Compliant System
IRQ 424  Exclusive  Microsoft ACPI-Compliant System
IRQ 425  Exclusive  Microsoft ACPI-Compliant System
IRQ 426  Exclusive  Microsoft ACPI-Compliant System
IRQ 427  Exclusive  Microsoft ACPI-Compliant System
IRQ 428  Exclusive  Microsoft ACPI-Compliant System
IRQ 429  Exclusive  Microsoft ACPI-Compliant System
IRQ 430  Exclusive  Microsoft ACPI-Compliant System
IRQ 431  Exclusive  Microsoft ACPI-Compliant System
IRQ 432  Exclusive  Microsoft ACPI-Compliant System
IRQ 433  Exclusive  Microsoft ACPI-Compliant System
IRQ 434  Exclusive  Microsoft ACPI-Compliant System
IRQ 435  Exclusive  Microsoft ACPI-Compliant System
IRQ 436  Exclusive  Microsoft ACPI-Compliant System
IRQ 437  Exclusive  Microsoft ACPI-Compliant System
IRQ 438  Exclusive  Microsoft ACPI-Compliant System
IRQ 439  Exclusive  Microsoft ACPI-Compliant System
IRQ 440  Exclusive  Microsoft ACPI-Compliant System
IRQ 441  Exclusive  Microsoft ACPI-Compliant System
IRQ 442  Exclusive  Microsoft ACPI-Compliant System
IRQ 443  Exclusive  Microsoft ACPI-Compliant System
IRQ 444  Exclusive  Microsoft ACPI-Compliant System
IRQ 445  Exclusive  Microsoft ACPI-Compliant System
IRQ 4456481  Exclusive  Intel(R) Serial IO I2C ES Controller
IRQ 4456484  Exclusive  Intel(R) Serial IO I2C ES Controller
IRQ 446  Exclusive  Microsoft ACPI-Compliant System
IRQ 447  Exclusive  Microsoft ACPI-Compliant System
IRQ 448  Exclusive  Microsoft ACPI-Compliant System
IRQ 449  Exclusive  Microsoft ACPI-Compliant System
IRQ 45  Exclusive  Intel SD Host Controller
IRQ 450  Exclusive  Microsoft ACPI-Compliant System
IRQ 451  Exclusive  Microsoft ACPI-Compliant System
IRQ 452  Exclusive  Microsoft ACPI-Compliant System
IRQ 453  Exclusive  Microsoft ACPI-Compliant System
IRQ 454  Exclusive  Microsoft ACPI-Compliant System
IRQ 455  Exclusive  Microsoft ACPI-Compliant System
IRQ 456  Exclusive  Microsoft ACPI-Compliant System
IRQ 457  Exclusive  Microsoft ACPI-Compliant System
IRQ 458  Exclusive  Microsoft ACPI-Compliant System
IRQ 459  Exclusive  Microsoft ACPI-Compliant System
IRQ 46  Exclusive  Intel SD Host Controller
IRQ 460  Exclusive  Microsoft ACPI-Compliant System
IRQ 461  Exclusive  Microsoft ACPI-Compliant System
IRQ 462  Exclusive  Microsoft ACPI-Compliant System
IRQ 463  Exclusive  Microsoft ACPI-Compliant System
IRQ 464  Exclusive  Microsoft ACPI-Compliant System
IRQ 465  Exclusive  Microsoft ACPI-Compliant System
IRQ 466  Exclusive  Microsoft ACPI-Compliant System
IRQ 467  Exclusive  Microsoft ACPI-Compliant System
IRQ 468  Exclusive  Microsoft ACPI-Compliant System
IRQ 469  Exclusive  Microsoft ACPI-Compliant System
IRQ 47  Exclusive  Intel SD Host Controller
IRQ 470  Exclusive  Microsoft ACPI-Compliant System
IRQ 471  Exclusive  Microsoft ACPI-Compliant System
IRQ 472  Exclusive  Microsoft ACPI-Compliant System
IRQ 473  Exclusive  Microsoft ACPI-Compliant System
IRQ 474  Exclusive  Microsoft ACPI-Compliant System
IRQ 475  Exclusive  Microsoft ACPI-Compliant System
IRQ 476  Exclusive  Microsoft ACPI-Compliant System
IRQ 477  Exclusive  Microsoft ACPI-Compliant System
IRQ 478  Exclusive  Microsoft ACPI-Compliant System
IRQ 479  Exclusive  Microsoft ACPI-Compliant System
IRQ 48  Shared  Intel Serial IO GPIO Controller
IRQ 480  Exclusive  Microsoft ACPI-Compliant System
IRQ 481  Exclusive  Microsoft ACPI-Compliant System
IRQ 482  Exclusive  Microsoft ACPI-Compliant System
IRQ 483  Exclusive  Microsoft ACPI-Compliant System
IRQ 484  Exclusive  Microsoft ACPI-Compliant System
IRQ 485  Exclusive  Microsoft ACPI-Compliant System
IRQ 486  Exclusive  Microsoft ACPI-Compliant System
IRQ 487  Exclusive  Microsoft ACPI-Compliant System
IRQ 488  Exclusive  Microsoft ACPI-Compliant System
IRQ 489  Exclusive  Microsoft ACPI-Compliant System
IRQ 49  Shared  Intel Serial IO GPIO Controller
IRQ 490  Exclusive  Microsoft ACPI-Compliant System
IRQ 491  Exclusive  Microsoft ACPI-Compliant System
IRQ 492  Exclusive  Microsoft ACPI-Compliant System
IRQ 493  Exclusive  Microsoft ACPI-Compliant System
IRQ 494  Exclusive  Microsoft ACPI-Compliant System
IRQ 495  Exclusive  Microsoft ACPI-Compliant System
IRQ 496  Exclusive  Microsoft ACPI-Compliant System
IRQ 497  Exclusive  Microsoft ACPI-Compliant System
IRQ 498  Exclusive  Microsoft ACPI-Compliant System
IRQ 499  Exclusive  Microsoft ACPI-Compliant System
IRQ 50  Shared  Intel Serial IO GPIO Controller
IRQ 500  Exclusive  Microsoft ACPI-Compliant System
IRQ 501  Exclusive  Microsoft ACPI-Compliant System
IRQ 502  Exclusive  Microsoft ACPI-Compliant System
IRQ 503  Exclusive  Microsoft ACPI-Compliant System
IRQ 504  Exclusive  Microsoft ACPI-Compliant System
IRQ 505  Exclusive  Microsoft ACPI-Compliant System
IRQ 506  Exclusive  Microsoft ACPI-Compliant System
IRQ 507  Exclusive  Microsoft ACPI-Compliant System
IRQ 508  Exclusive  Microsoft ACPI-Compliant System
IRQ 509  Exclusive  Microsoft ACPI-Compliant System
IRQ 510  Exclusive  Microsoft ACPI-Compliant System
IRQ 511  Exclusive  Microsoft ACPI-Compliant System
IRQ 54  Exclusive  Microsoft ACPI-Compliant System
IRQ 55  Exclusive  Microsoft ACPI-Compliant System
IRQ 56  Exclusive  Microsoft ACPI-Compliant System
IRQ 57  Exclusive  Microsoft ACPI-Compliant System
IRQ 58  Exclusive  Microsoft ACPI-Compliant System
IRQ 59  Exclusive  Microsoft ACPI-Compliant System
IRQ 60  Exclusive  Microsoft ACPI-Compliant System
IRQ 61  Exclusive  Microsoft ACPI-Compliant System
IRQ 62  Exclusive  Microsoft ACPI-Compliant System
IRQ 63  Exclusive  Microsoft ACPI-Compliant System
IRQ 64  Exclusive  Microsoft ACPI-Compliant System
IRQ 65  Exclusive  Microsoft ACPI-Compliant System
IRQ 65536  Exclusive  Intel(R) HD Graphics
IRQ 65536  Exclusive  Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)
IRQ 65536  Exclusive  Intel(R) Dynamic Platform & Thermal Framework Processor Participant Driver
IRQ 65536  Exclusive  Intel(R) Imaging Signal Processor 2401
IRQ 65536  Exclusive  Intel(R) Trusted Execution Engine Interface
IRQ 66  Exclusive  Microsoft ACPI-Compliant System
IRQ 67  Exclusive  Microsoft ACPI-Compliant System
IRQ 68  Exclusive  Microsoft ACPI-Compliant System
IRQ 69  Exclusive  Microsoft ACPI-Compliant System
IRQ 70  Exclusive  Microsoft ACPI-Compliant System
IRQ 71  Exclusive  Microsoft ACPI-Compliant System
IRQ 72  Exclusive  Microsoft ACPI-Compliant System
IRQ 7274531  Exclusive  Intel(R) Serial IO I2C ES Controller
IRQ 73  Exclusive  Microsoft ACPI-Compliant System
IRQ 74  Exclusive  Microsoft ACPI-Compliant System
IRQ 75  Exclusive  Microsoft ACPI-Compliant System
IRQ 76  Exclusive  Microsoft ACPI-Compliant System
IRQ 77  Exclusive  Microsoft ACPI-Compliant System
IRQ 78  Exclusive  Microsoft ACPI-Compliant System
IRQ 79  Exclusive  Microsoft ACPI-Compliant System
IRQ 80  Exclusive  Microsoft ACPI-Compliant System
IRQ 81  Exclusive  Microsoft ACPI-Compliant System
IRQ 82  Exclusive  Microsoft ACPI-Compliant System
IRQ 83  Exclusive  Microsoft ACPI-Compliant System
IRQ 84  Exclusive  Microsoft ACPI-Compliant System
IRQ 85  Exclusive  Microsoft ACPI-Compliant System
IRQ 86  Exclusive  Microsoft ACPI-Compliant System
IRQ 87  Exclusive  Microsoft ACPI-Compliant System
IRQ 88  Exclusive  Microsoft ACPI-Compliant System
IRQ 89  Exclusive  Intel(R) Serial IO SPI Controller
IRQ 89  Exclusive  Microsoft ACPI-Compliant System
IRQ 90  Exclusive  Intel(R) Serial IO SPI Controller
IRQ 90  Exclusive  Microsoft ACPI-Compliant System
IRQ 91  Exclusive  Microsoft ACPI-Compliant System
IRQ 91  Shared  Intel Serial IO GPIO Controller
IRQ 92  Exclusive  Microsoft ACPI-Compliant System
IRQ 93  Exclusive  Microsoft ACPI-Compliant System
IRQ 94  Exclusive  Microsoft ACPI-Compliant System
IRQ 95  Exclusive  Microsoft ACPI-Compliant System
IRQ 96  Exclusive  Microsoft ACPI-Compliant System
IRQ 97  Exclusive  Microsoft ACPI-Compliant System
IRQ 98  Exclusive  Microsoft ACPI-Compliant System
IRQ 99  Exclusive  Microsoft ACPI-Compliant System
Memory 000A0000-000BFFFF  Shared  PCI Express Root Complex
Memory 000C0000-000DFFFF  Shared  PCI Express Root Complex
Memory 000E0000-000FFFFF  Shared  PCI Express Root Complex
Memory 20000000-201FFFFF  Exclusive  Intel SST Audio Device (WDM)
Memory 20000000-201FFFFF  Shared  PCI Express Root Complex
Memory 7CC00001-7EC00000  Shared  PCI Express Root Complex
Memory 7FF00000-7FF00FFF  Exclusive  Trusted Platform Module 2.0
Memory 80000000-8FFFFFFF  Exclusive  Intel(R) HD Graphics
Memory 80000000-DFFFFFFF  Shared  PCI Express Root Complex
Memory 90000000-90FFFFFF  Exclusive  Intel(R) HD Graphics
Memory 91400000-915FFFFF  Exclusive  Intel SST Audio Device (WDM)
Memory 91600000-916FFFFF  Exclusive  Intel(R) Trusted Execution Engine Interface
Memory 91700000-917FFFFF  Exclusive  Intel(R) Trusted Execution Engine Interface
Memory 91800000-9180FFFF  Exclusive  Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)
Memory 91819000-91819FFF  Exclusive  Intel(R) Serial IO SPI Controller
Memory 9181B000-9181BFFF  Exclusive  Intel(R) Serial IO SPI Controller
Memory 9181D000-9181DFFF  Exclusive  Intel(R) Serial IO SPI Controller
Memory 9181F000-9181FFFF  Exclusive  Intel(R) Serial IO UART Controller
Memory 91821000-91821FFF  Exclusive  Intel(R) Serial IO UART Controller
Memory 91824000-91824FFF  Exclusive  Intel(R) Serial IO I2C ES Controller
Memory 91826000-91826FFF  Exclusive  Intel(R) Serial IO I2C ES Controller
Memory 91828000-91828FFF  Exclusive  Intel(R) Serial IO I2C ES Controller
Memory 9182A000-9182AFFF  Exclusive  Intel(R) Serial IO I2C ES Controller
Memory 9182C000-9182CFFF  Exclusive  Intel(R) Serial IO I2C ES Controller
Memory 9182E000-9182EFFF  Exclusive  Intel(R) Serial IO I2C ES Controller
Memory 91830000-91830FFF  Exclusive  Intel(R) Serial IO I2C ES Controller
Memory 91832000-91832FFF  Exclusive  Intel SST Audio Device (WDM)
Memory 91834000-91834FFF  Exclusive  Intel SD Host Controller
Memory 91836000-91836FFF  Exclusive  Intel SD Host Controller
Memory 91838000-91838FFF  Exclusive  Intel SD Host Controller
Memory DFBFE000-DFBFEFFF  Exclusive  Intel(R) Dynamic Platform & Thermal Framework Processor Participant Driver
Memory DFBFF000-DFBFFFFF  Exclusive  Intel(R) Integrated Sensor Solution
Memory DFC00000-DFFFFFFF  Exclusive  Intel(R) Imaging Signal Processor 2401
Memory E00000D0-E00000DF  Exclusive  Intel(R) Sideband Fabric Device
Memory FED80000-FED87FFF  Exclusive  Intel Serial IO GPIO Controller
Memory FED88000-FED8FFFF  Exclusive  Intel Serial IO GPIO Controller
Memory FED90000-FED97FFF  Exclusive  Intel Serial IO GPIO Controller
Memory FED98000-FED9FFFF  Exclusive  Intel Serial IO GPIO Controller
Memory FEDA0000-FEDA7FFF  Exclusive  Intel Serial IO GPIO Controller
Port 0000-006F  Shared  PCI Express Root Complex
Port 0070-0077  Exclusive  System CMOS/real time clock
Port 0078-0CF7  Shared  PCI Express Root Complex
Port 03F8-03FF  Exclusive  Communications Port (COM1)
Port 0D00-FFFF  Shared  PCI Express Root Complex
Port F000-F03F  Exclusive  Intel(R) HD Graphics


Input

 
[ HID Keyboard Device ]
 
Keyboard Properties:
Keyboard Name  HID Keyboard Device
Keyboard Type  IBM enhanced (101- or 102-key) keyboard
Keyboard Layout  Hungarian
ANSI Code Page  1252 - Western European (Windows)
OEM Code Page  850
Repeat Delay  1
Repeat Rate  31
 
[ ASUS Touchpad ]
 
Mouse Properties:
Mouse Name  ASUS Touchpad
Mouse Buttons  3
Mouse Hand  Right
Pointer Speed  1
Double-Click Time  520 msec
X/Y Threshold  6 / 10
Wheel Scroll Lines  3
 
Mouse Features:
Active Window Tracking  Disabled
ClickLock  Disabled
Hide Pointer While Typing  Enabled
Mouse Wheel  Present
Move Pointer To Default Button  Disabled
Pointer Trails  Disabled
Sonar  Disabled


Printers

 
[ Fax ]
 
Printer Properties:
Printer Name  Fax
Default Printer  No
Share Point  Not shared
Printer Port  SHRFAX:
Printer Driver  Microsoft Shared Fax Driver (v4.00)
Device Name  Fax
Print Processor  winprint
Separator Page  None
Availability  Always
Priority  1
Print Jobs Queued  0
Status  Unknown
 
Paper Properties:
Paper Size  Letter, 8.5 x 11 in
Orientation  Portrait
Print Quality  200 x 200 dpi Mono
 
[ Microsoft Print to PDF (Default) ]
 
Printer Properties:
Printer Name  Microsoft Print to PDF
Default Printer  Yes
Share Point  Not shared
Printer Port  PORTPROMPT:
Printer Driver  Microsoft Print To PDF (v6.03)
Device Name  Microsoft Print to PDF
Print Processor  winprint
Separator Page  None
Availability  Always
Priority  1
Print Jobs Queued  0
Status  Unknown
 
Paper Properties:
Paper Size  Letter, 8.5 x 11 in
Orientation  Portrait
Print Quality  600 x 600 dpi Color
 
[ Microsoft XPS Document Writer ]
 
Printer Properties:
Printer Name  Microsoft XPS Document Writer
Default Printer  No
Share Point  Not shared
Printer Port  PORTPROMPT:
Printer Driver  Microsoft XPS Document Writer v4 (v6.03)
Device Name  Microsoft XPS Document Writer
Print Processor  winprint
Separator Page  None
Availability  Always
Priority  1
Print Jobs Queued  0
Status  Unknown
 
Paper Properties:
Paper Size  Letter, 8.5 x 11 in
Orientation  Portrait
Print Quality  600 x 600 dpi Color


Auto Start

 
Application Description  Start From  Application Command
DptfPolicyLpmServiceHelper  Registry\Common\Run  C:\Windows\system32\DptfPolicyLpmServiceHelper.exe
isa  Registry\Common\Run  C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
OneDrive  Registry\User\Run  C:\Users\galff\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background
RtkNGUI  Registry\Common\Run  C:\Program Files\Realtek\Audio\AP\RtkNGUI64.exe /s


Scheduled

 
[ ASUS Live Update1 ]
 
Task Properties:
Task Name  ASUS Live Update1
Status  Enabled
Application Name  C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
Application Parameters  -critical
Working Folder  
Comment  
Account Name  
Creator  ASUSTek Computer Inc
Last Run  30/11/1999
Next Run  28/08/2015 12:00:00
 
Task Triggers:
Daily  At 12:00:00 every day
 
[ ASUS Live Update2 ]
 
Task Properties:
Task Name  ASUS Live Update2
Status  Enabled
Application Name  C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
Application Parameters  -check
Working Folder  
Comment  
Account Name  
Creator  ASUSTek Computer Inc
Last Run  30/11/1999
Next Run  10/09/2015 16:46:25
 
Task Triggers:
Daily  At 16:46:25 every 14 days
 
[ ASUS Patch for Touch Panel ]
 
Task Properties:
Task Name  ASUS Patch for Touch Panel
Status  Running
Application Name  C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
Application Parameters  
Working Folder  
Comment  
Account Name  
Creator  ASUSTek Computer INC.
Last Run  27/08/2015 16:43:07
Next Run  Unknown
 
Task Triggers:
At log on  At log on of any user
 
[ ASUS Smart Gesture Launcher ]
 
Task Properties:
Task Name  ASUS Smart Gesture Launcher
Status  Enabled
Application Name  C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
Application Parameters  
Working Folder  
Comment  ASUS Smart Gesture Launcher
Account Name  
Creator  ASUS
Last Run  27/08/2015 16:43:11
Next Run  Unknown
 
Task Triggers:
At log on  At log on of any user
 
[ ASUS Splendid ACMON ]
 
Task Properties:
Task Name  ASUS Splendid ACMON
Status  Running
Application Name  C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
Application Parameters  
Working Folder  
Comment  
Account Name  
Creator  ASUSTek Computer INC.
Last Run  27/08/2015 16:43:07
Next Run  Unknown
 
Task Triggers:
At log on  At log on of any user
 
[ ATK Package 36D18D69AFC3 ]
 
Task Properties:
Task Name  ATK Package 36D18D69AFC3
Status  Enabled
Application Name  "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe"
Application Parameters  -CancelShutdown
Working Folder  
Comment  
Account Name  SYSTEM
Creator  ASUSTek Computer Inc.
Last Run  30/11/1999
Next Run  Unknown
 
[ ATK Package A22126881260 ]
 
Task Properties:
Task Name  ATK Package A22126881260
Status  Enabled
Application Name  "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe"
Application Parameters  
Working Folder  
Comment  
Account Name  
Creator  ASUSTek Computer Inc.
Last Run  30/11/1999
Next Run  Unknown
 
[ Update Checker ]
 
Task Properties:
Task Name  Update Checker
Status  Enabled
Application Name  C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
Application Parameters  
Working Folder  
Comment  
Account Name  
Creator  ASUSTek Computer Inc
Last Run  27/08/2015 17:48:09
Next Run  Unknown
 
Task Triggers:
At log on  At log on of any user - After triggered, repeat every 1 hour indefinitely


Installed Programs

 
Program  Version  Inst. Size  GUID  Publisher  Inst. Date
AIDA64 Engineer v5.30  5.30  Unknown  AIDA64 Engineer_is1  FinalWire Ltd.  2015-08-27
ASUS Live Update  3.3.4  Unknown  {FA540E67-095C-4A1B-97BA-4D547DEC9AF4}  ASUS  2015-07-22
ASUS Smart Gesture  4.0.5  Unknown  {4D3286A6-F6AB-498A-82A4-E4F040529F3D}  ASUS  2015-08-20
ASUS Splendid Video Enhancement Technology  3.11.0001  Unknown  {0969AF05-4FF6-4C00-9406-43599238DE0D}  ASUS  2015-07-22
ASUS T100HAN DisplayControl  1.0.3  Unknown  {674F5569-9F39-4597-BC5C-6D4012392147}  ASUS  2015-07-22
ATK Package  1.0.0040  Unknown  {AB5C933E-5C7D-4D30-B314-9C83A49B94BE}  ASUS  2015-07-22
AudioWizard  1.0.0.83  Unknown  {57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}  ICEpower a/s  2015-07-22
Broadcom 802.11 Network Adapter  5.93.103.16  Unknown  Broadcom 802.11 Network Adapter  Broadcom Corporation  
Intel(R) Processor Graphics  10.18.15.4248  Unknown  {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}  Intel Corporation  
Intel(R) Trusted Execution Engine Driver  2.0.0.1067  Unknown  {2EDD6E80-B205-4F86-BAE7-A50AF4355221}  Intel Corporation  2015-07-22
Intel(R) Trusted Execution Engine  1.1.1.1  Unknown  {FF4664C6-6BAF-4C05-9308-86705B2219EF}  Intel Corporation  2015-07-22
Intel(R) Trusted Execution Engine  2.0.0.1067  Unknown  {176E2755-0A17-42C6-88E2-192AB2131278}  Intel Corporation  
Intel® Security Assist  1.0.0.523  Unknown  {84DB01CB-7EB7-4261-9249-99A32768D991}  Intel Corporation  2015-07-22
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219  10.0.40219  Unknown  {1D8E6291-B0D5-35EC-8441-6616F567A0F7}  Microsoft Corporation  2015-07-22
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617  12.0.20617.1  Unknown  {448652c1-f5f3-4230-98c6-68c10c88b1fb}  Microsoft Corporation  
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.20617  12.0.20617  Unknown  {34FE5428-54F4-3883-9372-AD81FFD14F69}  Microsoft Corporation  2015-07-22
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.20617  12.0.20617  Unknown  {8DCF8C8F-4ADA-3395-BF10-A3437F9929D4}  Microsoft Corporation  2015-07-22
Realtek I2S Audio  6.4.10147.4290  Unknown  {89A448AA-3301-46AA-AFC3-34F2D7C670E8}  Realtek Semiconductor Corp.  2015-07-22
Windows Driver Package - ASUS (AsusSGDrv) Mouse (06/18/2015 8.1.0.16)  06/18/2015 8.1.0.16  Unknown  12B91B4BAB23274B49022AAB62465B3556864171  ASUS  
Windows Driver Package - ASUS (AsusSGDrv) Mouse (07/07/2015 8.1.0.17)  07/07/2015 8.1.0.17  Unknown  EF7CD97155A7AF17485F0D87CA84AF5E33EA9386  ASUS  
WinFlash  3.0.1  Unknown  {8F21291E-0444-4B1D-B9F9-4370A73E346D}  ASUS  2015-07-22


Licenses

 
Software  Product Key
Microsoft Internet Explorer 9.11.10240.16384  D6RD9-D4N8T-RT9QX-YW6YT-FCWWJ
Microsoft Windows 10  37GNV-YCQVD-38XP9-T848R-FC2HD


File Types

 
Extension  File Type Description  Content Type
386  Virtual Device Driver  
3G2  3GPP2 Audio/Video  video/3gpp2
3GP  3GPP Audio/Video  video/3gpp
3GP2  3GPP2 Audio/Video  video/3gpp2
3GPP  3GPP Audio/Video  video/3gpp
AAC  ADTS Audio  audio/vnd.dlna.adts
ACCOUNTPICTURE-MS  Account Picture File  application/windows-accountpicture
ADT  ADTS Audio  audio/vnd.dlna.adts
ADTS  ADTS Audio  audio/vnd.dlna.adts
AIF  AIFF Format Sound  audio/aiff
AIFC  AIFF Format Sound  audio/aiff
AIFF  AIFF Format Sound  audio/aiff
ANI  Animated Cursor  
APPCONTENT-MS  Application Content  application/windows-appcontent+xml
APPLICATION  Application Manifest  application/x-ms-application
APPREF-MS  Application Reference  
ASA  ASA File  
ASF  Windows Media Audio/Video file  video/x-ms-asf
ASP  ASP File  
ASX  Windows Media Audio/Video playlist  video/x-ms-asf
AU  AU Format Sound  audio/basic
AVI  Video Clip  video/avi
BAT  Windows Batch File  
BLG  Performance Monitor File  
BMP  Bitmap Image  image/bmp
CAB  Cabinet File  
CAMP  WCS Viewing Condition Profile  
CAT  Security Catalog  application/vnd.ms-pki.seccat
CDA  CD Audio Track  
CDMP  WCS Device Profile  
CDX  CDX File  
CDXML  CDXML File  
CER  Security Certificate  application/x-x509-ca-cert
CHK  Recovered File Fragments  
CHM  Compiled HTML Help file  
CMD  Windows Command Script  
COM  MS-DOS Application  
COMPOSITEFONT  Composite Font File  
CONTACT  Contact File  text/x-ms-contact
CPL  Control Panel Item  
CRL  Certificate Revocation List  application/pkix-crl
CRT  Security Certificate  application/x-x509-ca-cert
CSS  Cascading Style Sheet Document  text/css
CUR  Cursor  
DB  Data Base File  
DCTX  Open Extended Dictionary  
DCTXC  Open Extended Dictionary  
DDS  DDS Image  image/vnd.ms-dds
DER  Security Certificate  application/x-x509-ca-cert
DESKLINK  Desktop Shortcut  
DESKTHEMEPACK  Windows Desktop Theme Pack  
DIAGCAB  Diagnostic Cabinet  
DIAGCFG  Diagnostic Configuration  
DIAGPKG  Diagnostic Document  
DIB  Bitmap Image  image/bmp
DLL  Application Extension  application/x-msdownload
DOCX  OOXML Text Document  
DRV  Device Driver  
DSN  Microsoft OLE DB Provider for ODBC Drivers  
DWFX  XPS Document  model/vnd.dwfx+xps
EASMX  XPS Document  model/vnd.easmx+xps
EDRWX  XPS Document  model/vnd.edrwx+xps
EMF  EMF File  image/x-emf
EML  EML File  
EPRTX  XPS Document  model/vnd.eprtx+xps
EVT  EVT File  
EVTX  EVTX File  
EXE  Application  application/x-msdownload
FLAC  FLAC Audio  audio/x-flac
FON  Font file  
GIF  GIF Image  image/gif
GMMP  WCS Gamut Mapping Profile  
GROUP  Contact Group File  text/x-ms-group
GRP  Microsoft Program Group  
HLP  Help File  
HTA  HTML Application  application/hta
HTM  HTML Document  text/html
HTML  HTML Document  text/html
ICC  ICC Profile  
ICL  Icon Library  
ICM  ICC Profile  
ICO  Icon  image/x-icon
IGP  Intel Graphics Profiles  
IMESX  IME Search provider definition  
IMG  Disc Image File  
INF  Setup Information  
INI  Configuration Settings  
ISO  Disc Image File  
JFIF  JPEG Image  image/jpeg
JNT  Journal Document  
JOB  Task Scheduler Task Object  
JOD  Microsoft.Jet.OLEDB.4.0  
JPE  JPEG Image  image/jpeg
JPEG  JPEG Image  image/jpeg
JPG  JPEG Image  image/jpeg
JS  JavaScript File  
JSE  JScript Encoded File  
JTP  Journal Template  
JTX  XPS Document  application/x-jtx+xps
JXR  Windows Media Photo  image/vnd.ms-photo
LABEL  Property List  
LIBRARY-MS  Library Folder  application/windows-library+xml
LNK  Shortcut  
LOG  Text Document  
M1V  Movie Clip  video/mpeg
M2T  AVCHD Video  video/vnd.dlna.mpeg-tts
M2TS  AVCHD Video  video/vnd.dlna.mpeg-tts
M2V  Movie Clip  video/mpeg
M3U  M3U file  audio/x-mpegurl
M4A  MPEG-4 Audio  audio/mp4
M4V  MP4 Video  video/mp4
MAPIMAIL  Mail Service  
MHT  MHTML Document  message/rfc822
MHTML  MHTML Document  message/rfc822
MID  MIDI Sequence  audio/mid
MIDI  MIDI Sequence  audio/mid
MK3D  MK3D Video  
MKA  MKA Audio  audio/x-matroska
MKV  MKV Video  video/x-matroska
MLC  Language Pack File_  
MOD  Movie Clip  video/mpeg
MOV  QuickTime Movie  video/quicktime
MP2  MP3 Format Sound  audio/mpeg
MP2V  Movie Clip  video/mpeg
MP3  MP3 Format Sound  audio/mpeg
MP4  MP4 Video  video/mp4
MP4V  MP4 Video  video/mp4
MPA  Movie Clip  audio/mpeg
MPE  Movie Clip  video/mpeg
MPEG  Movie Clip  video/mpeg
MPG  Movie Clip  video/mpeg
MPV2  Movie Clip  video/mpeg
MSC  Microsoft Common Console Document  
MSI  Windows Installer Package  
MSP  Windows Installer Patch  
MSRCINCIDENT  Windows Remote Assistance Invitation  
MSSTYLES  Windows Visual Style File  
MSU  Microsoft Update Standalone Package  
MS-WINDOWS-STORE-LICENSE  Windows Store License  
MTS  AVCHD Video  video/vnd.dlna.mpeg-tts
MYDOCS  MyDocs Drop Target  
NFO  MSInfo Configuration File  
OCX  ActiveX control  
ODT  ODF Text Document  
OSDX  OpenSearch Description File  application/opensearchdescription+xml
OTF  OpenType Font file  
OXPS  XPS Document  
P10  Certificate Request  application/pkcs10
P12  Personal Information Exchange  application/x-pkcs12
P7B  PKCS #7 Certificates  application/x-pkcs7-certificates
P7C  Digital ID File  application/pkcs7-mime
P7M  PKCS #7 MIME Message  application/pkcs7-mime
P7R  Certificate Request Response  application/x-pkcs7-certreqresp
P7S  PKCS #7 Signature  application/pkcs7-signature
PANO  PANO File  application/vnd.ms-pano
PARTIAL  Partial Download  
PBK  Dial-Up Phonebook  
PERFMONCFG  Performance Monitor Configuration  
PFM  Type 1 Font file  
PFX  Personal Information Exchange  application/x-pkcs12
PIF  Shortcut to MS-DOS Program  
PKO  Public Key Security Object  application/vnd.ms-pki.pko
PNF  Precompiled Setup Information  
PNG  PNG Image  image/png
PPKG  RunTime Provisioning Tool  
PRF  PICS Rules File  application/pics-rules
PS1  PS1 File  
PS1XML  PS1XML File  
PSC1  PSC1 File  application/PowerShell
PSD1  PSD1 File  
PSM1  PSM1 File  
PSSC  PSSC File  
QDS  Directory Query  
RAT  Rating System File  application/rat-file
RDP  Remote Desktop Connection  
REG  Registration Entries  
RESMONCFG  Resource Monitor Configuration  
RLE  RLE File  
RLL  Application Extension  
RMI  MIDI Sequence  audio/mid
RTF  Rich Text Document  
SCF  File Explorer Command  
SCP  Text Document  
SCR  Screen saver  
SCT  Windows Script Component  text/scriptlet
SEARCHCONNECTOR-MS  Search Connector Folder  application/windows-search-connector+xml
SEARCH-MS  Saved Search  
SETTINGCONTENT-MS  Setting Content  
SFCACHE  ReadyBoost Cache File  
SND  AU Format Sound  audio/basic
SPC  PKCS #7 Certificates  application/x-pkcs7-certificates
SPL  Shockwave Flash Object  application/futuresplash
SST  Microsoft Serialized Certificate Store  application/vnd.ms-pki.certstore
SVG  SVG Document  image/svg+xml
SWF  Shockwave Flash Object  application/x-shockwave-flash
SYMLINK  .symlink  
SYS  System file  
THEME  Windows Theme File  
THEMEPACK  Windows Theme Pack  
TIF  TIF File  image/tiff
TIFF  TIFF File  image/tiff
TS  MPEG-2 TS Video  video/vnd.dlna.mpeg-tts
TTC  TrueType Collection Font file  
TTF  TrueType Font file  
TTS  MPEG-2 TS Video  video/vnd.dlna.mpeg-tts
TXT  Text Document  text/plain
UDL  Microsoft Data Link  
URL  Internet Shortcut  
VBE  VBScript Encoded File  
VBS  VBScript Script File  
VCF  vCard File  text/x-vcard
VHD  Disc Image File  
VHDX  Disc Image File  
VXD  Virtual Device Driver  
WAB  Address Book File  
WAV  Wave Sound  audio/wav
WAX  Windows Media Audio shortcut  audio/x-ms-wax
WBCAT  Windows Backup Catalog File  
WCX  Workspace Configuration File  
WDP  Windows Media Photo  image/vnd.ms-photo
WEBPNP  Web Point And Print File  
WEBSITE  Pinned Site Shortcut  application/x-mswebsite
WM  Windows Media Audio/Video file  video/x-ms-wm
WMA  Windows Media Audio file  audio/x-ms-wma
WMD  Windows Media Player Download Package  application/x-ms-wmd
WMDB  Windows Media Library  
WMF  WMF File  image/x-wmf
WMS  Windows Media Player Skin File  
WMV  Windows Media Audio/Video file  video/x-ms-wmv
WMX  Windows Media Audio/Video playlist  video/x-ms-wmx
WMZ  Windows Media Player Skin Package  application/x-ms-wmz
WPL  Windows Media playlist  application/vnd.ms-wpl
WSC  Windows Script Component  text/scriptlet
WSF  Windows Script File  
WSH  Windows Script Host Settings File  
WTX  Text Document  
WVX  Windows Media Audio/Video playlist  video/x-ms-wvx
XAML  Windows Markup File  application/xaml+xml
XBAP  XAML Browser Application  application/x-ms-xbap
XHT  XHTML Document  application/xhtml+xml
XHTML  XHTML Document  application/xhtml+xml
XML  XML Document  text/xml
XPS  XPS Document  application/vnd.ms-xpsdocument
XRM-MS  XrML Digital License  text/xml
XSL  XSL Stylesheet  text/xml
ZFSENDTOTARGET  Compressed (zipped) Folder SendTo Target  
ZIP  Compressed (zipped) Folder  application/x-zip-compressed


Windows Security

 
Operating System Properties:
OS Name  Microsoft Windows 10
OS Service Pack  -
Winlogon Shell  explorer.exe
User Account Control (UAC)  Enabled
UAC Remote Restrictions  Enabled
System Restore  Enabled
 
Data Execution Prevention (DEP, NX, EDB):
Supported by Operating System  Yes
Supported by CPU  Yes
Active (To Protect Applications)  Yes
Active (To Protect Drivers)  Yes


Windows Update

 
Update Description  Update Type  Inst. Date
(Automatic Update)  Unknown  
Cumulative Update for Windows 10 for x64-based Systems (KB3081444)  Update  20/08/2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.2809.0)  Update  20/08/2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.102.0)  Update  22/08/2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.681.0)  Update  27/08/2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.681.0)  Update  27/08/2015
Intel Corporation driver update for Intel(R) HD Graphics  Update  20/08/2015
Security Update for Internet Explorer Flash Player for Windows 10 for x64-based Systems (KB3087916)  Update  20/08/2015
Update for Windows 10 for x64-based Systems (KB3074678)  Update  20/08/2015
Update for Windows 10 for x64-based Systems (KB3074686)  Update  20/08/2015
Update for Windows 10 for x64-based Systems (KB3081441)  Update  20/08/2015
Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - August 2015 (KB890830)  Update  20/08/2015


Anti-Virus

 
Software Description  Software Version  Virus Database Date  Known Viruses
Windows Defender  4.8.10240.16384(th1.150709-1700)  27/08/2015  ?


Firewall

 
Software Description  Software Version  Status
Windows Firewall  6.2.10240.16384  Enabled


Regional

 
Time Zone:
Current Time Zone  GTB Daylight Time
Current Time Zone Description  (UTC+02:00) Athens, Bucharest
Change To Standard Time  Last Sunday of October 04:00:00
Change To Daylight Saving Time  Last Sunday of March 03:00:00
 
Language:
Language Name (Native)  English
Language Name (English)  English
Language Name (ISO 639)  en
 
Country/Region:
Country Name (Native)  United Kingdom
Country Name (English)  United Kingdom
Country Name (ISO 3166)  GB
Country Code  44
 
Currency:
Currency Name (Native)  Pound Sterling
Currency Name (English)  UK Pound Sterling
Currency Symbol (Native)  £
Currency Symbol (ISO 4217)  GBP
Currency Format  £123,456,789.00
Negative Currency Format  -£123,456,789.00
 
Formatting:
Time Format  HH:mm:ss
Short Date Format  dd/MM/yyyy
Long Date Format  dd MMMM yyyy
Number Format  123,456,789.00
Negative Number Format  -123,456,789.00
List Format  first, second, third
Native Digits  0123456789
 
Days of Week:
Native Name for Monday  Monday / Mon
Native Name for Tuesday  Tuesday / Tue
Native Name for Wednesday  Wednesday / Wed
Native Name for Thursday  Thursday / Thu
Native Name for Friday  Friday / Fri
Native Name for Saturday  Saturday / Sat
Native Name for Sunday  Sunday / Sun
 
Months:
Native Name for January  January / Jan
Native Name for February  February / Feb
Native Name for March  March / Mar
Native Name for April  April / Apr
Native Name for May  May / May
Native Name for June  June / Jun
Native Name for July  July / Jul
Native Name for August  August / Aug
Native Name for September  September / Sep
Native Name for October  October / Oct
Native Name for November  November / Nov
Native Name for December  December / Dec
 
Miscellaneous:
Calendar Type  Gregorian (localized)
Default Paper Size  A4
Measurement System  Metric
 
Display Languages:
LCID 0409h (Active)  English (United States)


Environment

 
Variable  Value
__COMPAT_LAYER  DetectorsWin8
ALLUSERSPROFILE  C:\ProgramData
APPDATA  C:\Users\galff\AppData\Roaming
CommonProgramFiles(x86)  C:\Program Files (x86)\Common Files
CommonProgramFiles  C:\Program Files (x86)\Common Files
CommonProgramW6432  C:\Program Files\Common Files
COMPUTERNAME  LAPTOP-5DNN8R19
ComSpec  C:\Windows\system32\cmd.exe
FPS_BROWSER_APP_PROFILE_STRING  Internet Explorer
FPS_BROWSER_USER_PROFILE_STRING  Default
HOMEDRIVE  C:
HOMEPATH  \Users\galff
LOCALAPPDATA  C:\Users\galff\AppData\Local
LOGONSERVER  \\MicrosoftAccount
NUMBER_OF_PROCESSORS  4
OS  Windows_NT
Path  C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\TXE Components\DAL\;C:\Program Files (x86)\Intel\TXE Components\DAL\;C:\Program Files\Intel\TXE Components\IPT\;C:\Program Files (x86)\Intel\TXE Components\IPT\
PATHEXT  .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE  x86
PROCESSOR_ARCHITEW6432  AMD64
PROCESSOR_IDENTIFIER  Intel64 Family 6 Model 76 Stepping 3, GenuineIntel
PROCESSOR_LEVEL  6
PROCESSOR_REVISION  4c03
ProgramData  C:\ProgramData
ProgramFiles(x86)  C:\Program Files (x86)
ProgramFiles  C:\Program Files (x86)
ProgramW6432  C:\Program Files
PSModulePath  C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
PUBLIC  C:\Users\Public
SystemDrive  C:
SystemRoot  C:\Windows
TEMP  C:\Users\galff\AppData\Local\Temp
TMP  C:\Users\galff\AppData\Local\Temp
USERDOMAIN_ROAMINGPROFILE  LAPTOP-5DNN8R19
USERDOMAIN  LAPTOP-5DNN8R19
USERNAME  galff
USERPROFILE  C:\Users\galff
windir  C:\Windows


Control Panel

 
Name  Comment
Flash Player  Manage Flash Player Settings


Recycle Bin

 
Drive  Items Size  Items Count  Space %  Recycle Bin
C:  0  0  ?  ?


System Files

 
[ system.ini ]
 
; for 16-bit app support
[386Enh]
woafont=dosapp.fon
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
 
[ win.ini ]
 
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
 
[ hosts ]
 
 
[ lmhosts.sam ]
 


System Folders

 
System Folder  Path
Administrative Tools  C:\Users\galff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
AppData  C:\Users\galff\AppData\Roaming
Cache  C:\Users\galff\AppData\Local\Microsoft\Windows\INetCache
CD Burning  C:\Users\galff\AppData\Local\Microsoft\Windows\Burn\Burn
Common Administrative Tools  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
Common AppData  C:\ProgramData
Common Desktop  C:\Users\Public\Desktop
Common Documents  C:\Users\Public\Documents
Common Favorites  C:\Users\galff\Favorites
Common Files (x86)  C:\Program Files (x86)\Common Files
Common Files  C:\Program Files (x86)\Common Files
Common Music  C:\Users\Public\Music
Common Pictures  C:\Users\Public\Pictures
Common Programs  C:\ProgramData\Microsoft\Windows\Start Menu\Programs
Common Start Menu  C:\ProgramData\Microsoft\Windows\Start Menu
Common Startup  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Common Templates  C:\ProgramData\Microsoft\Windows\Templates
Common Video  C:\Users\Public\Videos
Cookies  C:\Users\galff\AppData\Local\Microsoft\Windows\INetCookies
Desktop  C:\Users\galff\Desktop
Device  C:\Windows\inf
Favorites  C:\Users\galff\Favorites
Fonts  C:\Windows\Fonts
History  C:\Users\galff\AppData\Local\Microsoft\Windows\History
Local AppData  C:\Users\galff\AppData\Local
My Documents  C:\Users\galff\Documents
My Music  C:\Users\galff\Music
My Pictures  C:\Users\galff\Pictures
My Video  C:\Users\galff\Videos
NetHood  C:\Users\galff\AppData\Roaming\Microsoft\Windows\Network Shortcuts
PrintHood  C:\Users\galff\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Profile  C:\Users\galff
Program Files (x86)  C:\Program Files (x86)
Program Files  C:\Program Files (x86)
Programs  C:\Users\galff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
Recent  C:\Users\galff\AppData\Roaming\Microsoft\Windows\Recent
Resources  C:\Windows\resources
SendTo  C:\Users\galff\AppData\Roaming\Microsoft\Windows\SendTo
Start Menu  C:\Users\galff\AppData\Roaming\Microsoft\Windows\Start Menu
Startup  C:\Users\galff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
System (x86)  C:\Windows\SysWOW64
System  C:\Windows\system32
Temp  C:\Users\galff\AppData\Local\Temp\
Templates  C:\Users\galff\AppData\Roaming\Microsoft\Windows\Templates
Windows  C:\Windows


Event Logs

 
Log Name  Event Type  Category  Generated On  User  Source  Description
Application  Warning  3  2015-08-20 20:03:33    Windows Search Service  3036: Crawl could not be completed on content source <winrt://{S-1-5-21-1877548631-935440309-1602752157-1001}/>. Context: Application, SystemIndex Catalog Details: The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)
Application  Warning  3  2015-08-20 23:55:44    Windows Search Service  10023: The protocol host process 7420 did not respond and is being forcibly terminated {filter host process 6760}.
Application  Warning  None  2015-08-21 00:25:19    Software Protection Platform Service  1058: Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004E016
Application  Error  None  2015-08-21 00:25:25    DptfParticipantWirelessService  2:
Application  Error  None  2015-08-21 00:25:25    DptfParticipantWirelessService  1:
Application  Error  None  2015-08-21 00:25:25    DptfParticipantWirelessService  1:
Application  Warning  3  2015-08-21 01:26:13    Windows Search Service  3036: Crawl could not be completed on content source <winrt://{S-1-5-21-1877548631-935440309-1602752157-1001}/>. Context: Application, SystemIndex Catalog Details: The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)
Application  Warning  None  2015-08-21 01:27:12    Wlclntfy  6001: The winlogon notification subscriber <Sens> failed a notification event.
Application  Error  None  2015-08-21 01:28:58    DptfParticipantWirelessService  2:
Application  Error  None  2015-08-21 01:28:58    DptfParticipantWirelessService  1:
Application  Error  None  2015-08-21 01:28:58    DptfParticipantWirelessService  1:
Application  Warning  None  2015-08-21 01:29:01    Software Protection Platform Service  1058: Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004E016
Application  Error  None  2015-08-21 01:29:25    Software Protection Platform Service  8200: License acquisition failure details. hr=0xC004C003
Application  Error  None  2015-08-21 01:29:25    Software Protection Platform Service  1014: Acquisition of End User License failed. hr=0xC004C003 Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d
Application  Error  None  2015-08-21 01:29:25    Software Protection Platform Service  8198: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=NetworkAvailable
Application  Error  None  2015-08-21 01:29:42    Software Protection Platform Service  8200: License acquisition failure details. hr=0xC004C003
Application  Error  None  2015-08-21 01:29:42    Software Protection Platform Service  1014: Acquisition of End User License failed. hr=0xC004C003 Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d
Application  Error  None  2015-08-21 01:29:42    Software Protection Platform Service  8198: License Activation (slui.exe) failed with the following error code: hr=0xC004C003 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Application  Warning  None  2015-08-21 01:31:04    Software Protection Platform Service  1058: Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004E016
Application  Error  5973  2015-08-21 02:19:59  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:19:59  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:19:59  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:19:59  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:01  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:03  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:03  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:03  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:04  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:05  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:05  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:05  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:05  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:05  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:06  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:08  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:08  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:09  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:09  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:09  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:09  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:10  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:10  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:10  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:10  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:10  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:11  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:11  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:11  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:11  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:12  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:12  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:12  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:12  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:13  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:13  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:13  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:13  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:13  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:14  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:14  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:14  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:14  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:15  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:15  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:15  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:15  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:15  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:16  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:16  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:16  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:16  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:17  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:17  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:17  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:17  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:18  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:18  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:18  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:18  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:38  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:38  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:38  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:38  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:39  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:39  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:39  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:39  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:40  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:40  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:43  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:43  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:43  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:43  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:43  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:44  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:44  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:44  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:44  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:45  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:45  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:45  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:45  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:46  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:46  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:46  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:46  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:47  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:47  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:47  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:47  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:48  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:48  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:48  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:48  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:48  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:49  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:49  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:49  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:49  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:50  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:50  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:50  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:50  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:51  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:51  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:51  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:51  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:52  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:52  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:52  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:52  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:52  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:53  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:53  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:53  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:53  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:54  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:54  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:54  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:54  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:55  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:55  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:55  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:55  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:55  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:56  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:56  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:56  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:56  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:57  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:57  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:57  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:58  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:58  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:58  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:59  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:59  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:20:59  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:21:00  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:21:00  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:21:00  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:21:03  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:21:03  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:21:03  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:21:03  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:21:04  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:21:04  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:21:04  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:21:04  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:21:05  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:21:05  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:21:05  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:21:05  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:21:05  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:21:06  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:21:06  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:21:06  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:21:06  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:21:07  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:21:07  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:21:07  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:21:07  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 02:24:11  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:48  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:48  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:48  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:48  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:49  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:49  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:49  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:49  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:49  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:50  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:50  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:50  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:50  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:51  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:51  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:51  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:51  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:51  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:52  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:52  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:52  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:52  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:53  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:53  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:53  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:53  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:54  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:54  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:54  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:54  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:54  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:55  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:55  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:55  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:55  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:56  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:56  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:56  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:56  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:57  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:57  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:57  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:57  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:57  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:58  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:58  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:58  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:58  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:59  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:59  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:59  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:09:59  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:00  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:00  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:00  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:00  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:00  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:01  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:01  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:01  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:01  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:02  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:02  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:02  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:02  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:03  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:03  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:03  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:03  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:04  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:04  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:04  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:04  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:05  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:05  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:05  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:05  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:05  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:06  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:06  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:06  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-21 12:10:06  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Warning  None  2015-08-21 17:17:42    Software Protection Platform Service  1058: Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004E016
Application  Warning  3  2015-08-22 00:25:37    Windows Search Service  3036: Crawl could not be completed on content source <winrt://{S-1-5-21-1877548631-935440309-1602752157-1001}/>. Context: Application, SystemIndex Catalog Details: The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)
Application  Warning  None  2015-08-22 00:25:43    Software Protection Platform Service  1058: Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004E016
Application  Warning  2  2015-08-22 00:26:47  galff  Handwriting Recognition  110:
Application  Warning  None  2015-08-22 01:28:44    Software Protection Platform Service  1058: Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004E016
Application  Error  None  2015-08-22 01:29:42    Software Protection Platform Service  8200: License acquisition failure details. hr=0xC004C003
Application  Error  None  2015-08-22 01:29:42    Software Protection Platform Service  1014: Acquisition of End User License failed. hr=0xC004C003 Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d
Application  Error  None  2015-08-22 01:29:44    Software Protection Platform Service  8200: License acquisition failure details. hr=0xC004C003
Application  Error  None  2015-08-22 01:29:44    Software Protection Platform Service  1014: Acquisition of End User License failed. hr=0xC004C003 Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d
Application  Error  None  2015-08-22 01:29:45    Software Protection Platform Service  8198: License Activation (slui.exe) failed with the following error code: hr=0xC004C003 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=TimerEvent
Application  Error  5973  2015-08-22 01:44:51  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-22 01:44:52  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-22 01:44:59  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-22 01:44:59  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-22 01:44:59  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-22 01:44:59  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-22 01:45:00  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-22 01:45:00  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-22 01:45:02  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-22 01:45:02  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-22 01:45:03  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-22 01:45:03  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-22 01:45:03  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-22 01:45:03  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-22 01:45:04  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-22 01:45:04  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-22 01:45:06  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Error  5973  2015-08-22 01:45:08  galff  Microsoft-Windows-Immersive-Shell  5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application  Warning  None  2015-08-23 13:21:57    Software Protection Platform Service  1058: Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004E016
Application  Warning  3  2015-08-23 13:21:58    Windows Search Service  3036: Crawl could not be completed on content source <winrt://{S-1-5-21-1877548631-935440309-1602752157-1001}/>. Context: Application, SystemIndex Catalog Details: The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)
Application  Error  None  2015-08-23 13:22:01    Software Protection Platform Service  8200: License acquisition failure details. hr=0xC004C003
Application  Error  None  2015-08-23 13:22:01    Software Protection Platform Service  1014: Acquisition of End User License failed. hr=0xC004C003 Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d
Application  Warning  3  2015-08-23 15:21:54    Windows Search Service  10023: The protocol host process 8528 did not respond and is being forcibly terminated {filter host process 6052}.
Application  Error  None  2015-08-27 16:42:44    DptfParticipantWirelessService  2:
Application  Error  None  2015-08-27 16:42:44    DptfParticipantWirelessService  1:
Application  Error  None  2015-08-27 16:42:44    DptfParticipantWirelessService  1:
Application  Warning  None  2015-08-27 16:43:24    Software Protection Platform Service  1058: Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004E016
Application  Error  None  2015-08-27 16:43:34    Software Protection Platform Service  8200: License acquisition failure details. hr=0x80072EE7
Application  Error  None  2015-08-27 16:43:34    Software Protection Platform Service  1014: Acquisition of End User License failed. hr=0x80072EE7 Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d
Application  Error  None  2015-08-27 16:43:37    Software Protection Platform Service  8198: License Activation (slui.exe) failed with the following error code: hr=0x80072EE7 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Application  Warning  3  2015-08-27 16:43:38    Windows Search Service  3036: Crawl could not be completed on content source <winrt://{S-1-5-21-1877548631-935440309-1602752157-1001}/>. Context: Application, SystemIndex Catalog Details: The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)
Application  Error  100  2015-08-27 16:44:04    Application Error  1000: Faulting application name: svchost.exe_Wcmsvc, version: 10.0.10240.16384, time stamp: 0x559f38cb Faulting module name: SubscriptionMgr.dll, version: 10.0.10240.16425, time stamp: 0x55bec160 Exception code: 0xe0464645 Fault offset: 0x000000000000a7ef Faulting process id: 0x48c Faulting application start time: 0x01d0e0ce3a617286 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\SubscriptionMgr.dll Report Id: d2b8c538-0a4c-445c-a182-61e13f809e7c Faulting package full name: Faulting package-relative application ID:
Application  Error  None  2015-08-27 16:44:07    Software Protection Platform Service  8200: License acquisition failure details. hr=0xC004C003
Application  Error  None  2015-08-27 16:44:07    Software Protection Platform Service  1014: Acquisition of End User License failed. hr=0xC004C003 Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d
Application  Error  None  2015-08-27 16:44:15    Software Protection Platform Service  8200: License acquisition failure details. hr=0xC004C003
Application  Error  None  2015-08-27 16:44:15    Software Protection Platform Service  1014: Acquisition of End User License failed. hr=0xC004C003 Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d
Application  Error  None  2015-08-27 16:44:15    Software Protection Platform Service  8198: License Activation (slui.exe) failed with the following error code: hr=0xC004E028 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=NetworkAvailable
Application  Error  None  2015-08-27 16:44:18    Software Protection Platform Service  8198: License Activation (slui.exe) failed with the following error code: hr=0xC004C003 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=NetworkAvailable
Application  Error  1  2015-08-27 16:44:39    ESENT  490: SettingSyncHost (6268) {FF293C80-59F1-4839-B025-E2C6199C04F4}: An attempt to open the file "C:\Users\galff\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Application  Error  3  2015-08-27 16:44:39    ESENT  455: SettingSyncHost (6268) {FF293C80-59F1-4839-B025-E2C6199C04F4}: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\galff\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log.
Application  Error  1  2015-08-27 16:44:50    ESENT  488: SettingSyncHost (6268) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Application  Error  3  2015-08-27 16:44:50    ESENT  413: SettingSyncHost (6268) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Application  Error  1  2015-08-27 16:45:00    ESENT  488: SettingSyncHost (6268) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Application  Error  3  2015-08-27 16:45:00    ESENT  413: SettingSyncHost (6268) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Application  Error  1  2015-08-27 16:45:11    ESENT  488: SettingSyncHost (6268) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Application  Error  3  2015-08-27 16:45:11    ESENT  413: SettingSyncHost (6268) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Application  Error  1  2015-08-27 16:45:21    ESENT  488: SettingSyncHost (6268) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Application  Error  3  2015-08-27 16:45:21    ESENT  413: SettingSyncHost (6268) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Application  Error  1  2015-08-27 16:45:31    ESENT  488: SettingSyncHost (6268) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Application  Error  3  2015-08-27 16:45:31    ESENT  413: SettingSyncHost (6268) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Application  Error  1  2015-08-27 16:45:42    ESENT  488: SettingSyncHost (6268) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Application  Error  3  2015-08-27 16:45:42    ESENT  413: SettingSyncHost (6268) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Application  Warning  None  2015-08-27 16:45:44    Software Protection Platform Service  1058: Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004E016
Application  Error  1  2015-08-27 16:45:55    ESENT  488: SettingSyncHost (6268) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Application  Error  3  2015-08-27 16:45:58    ESENT  413: SettingSyncHost (6268) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Application  Error  1  2015-08-27 16:46:10    ESENT  488: SettingSyncHost (6268) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Application  Error  3  2015-08-27 16:46:10    ESENT  413: SettingSyncHost (6268) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Application  Error  1  2015-08-27 16:46:21    ESENT  488: SettingSyncHost (6268) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Application  Error  3  2015-08-27 16:46:21    ESENT  413: SettingSyncHost (6268) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Application  Error  1  2015-08-27 16:46:31    ESENT  488: SettingSyncHost (6268) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Application  Error  3  2015-08-27 16:46:31    ESENT  413: SettingSyncHost (6268) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Application  Warning  None  2015-08-27 17:05:46    Software Protection Platform Service  1058: Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004E016
Application  Warning  None  2015-08-27 17:15:08    Software Protection Platform Service  1058: Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004E016
Application  Warning  None  2015-08-27 17:52:19    Software Protection Platform Service  1058: Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004E016
Security  Audit Success  12544  2015-08-20 20:03:35    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-20 20:03:35    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  13312  2015-08-21 00:25:04    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x150 New Process Name: ??????????????-??6?4?????? ? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????4 Process Command Line: ?????? ? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13312  2015-08-21 00:25:04    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x15c New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x150 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13573  2015-08-21 00:25:04    Microsoft-Windows-Security-Auditing  4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
Security  Audit Success  13312  2015-08-21 00:25:06    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1c4 New Process Name: ??????????????-??6??0?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x150 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13312  2015-08-21 00:25:10    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1fc New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1c4 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  12288  2015-08-21 00:25:11    Microsoft-Windows-Security-Auditing  4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security  Audit Success  12544  2015-08-21 00:25:11    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 00:25:11    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-21 00:25:11    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  13312  2015-08-21 00:25:11    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x240 New Process Name: ??????????????-??6??0?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x150 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13312  2015-08-21 00:25:11    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x248 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1c4 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13312  2015-08-21 00:25:11    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x250 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x240 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13312  2015-08-21 00:25:11    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x29c New Process Name: ????????????????-??6??0?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x240 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13312  2015-08-21 00:25:11    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2d4 New Process Name: ????????????????-??6??8?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x248 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13312  2015-08-21 00:25:11    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2e8 New Process Name: ????????????????-??6??8?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x248 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13312  2015-08-21 00:25:11    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2f8 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x248 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13568  2015-08-21 00:25:11    Microsoft-Windows-Security-Auditing  4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x923a
Security  Audit Success  12544  2015-08-21 00:25:12    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 00:25:12    Microsoft-Windows-Security-Auditing  4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security  Audit Success  12544  2015-08-21 00:25:12    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1060e Linked Logon ID: 0x10620 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 00:25:12    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x10620 Linked Logon ID: 0x1060e Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 00:25:12    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 00:25:12    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-21 00:25:12    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-21 00:25:12    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1060e Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-21 00:25:12    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x10620 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security  Audit Success  12548  2015-08-21 00:25:12    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-21 00:25:12    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security  Audit Success  12544  2015-08-21 00:25:16    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-21 00:25:16    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  101  2015-08-21 00:25:18    Microsoft-Windows-Eventlog  1101: Audit events have been dropped by the transport. 0
Security  Audit Success  12544  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  13824  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-544 Account Domain: Builtin Old Account Name: Administrators New Account Name: Administrators Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-545 Account Domain: Builtin Old Account Name: Users New Account Name: Users Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-546 Account Domain: Builtin Old Account Name: Guests New Account Name: Guests Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-558 Account Domain: Builtin Old Account Name: Performance Monitor Users New Account Name: Performance Monitor Users Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-559 Account Domain: Builtin Old Account Name: Performance Log Users New Account Name: Performance Log Users Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-562 Account Domain: Builtin Old Account Name: Distributed COM Users New Account Name: Distributed COM Users Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-568 Account Domain: Builtin Old Account Name: IIS_IUSRS New Account Name: IIS_IUSRS Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-573 Account Domain: Builtin Old Account Name: Event Log Readers New Account Name: Event Log Readers Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-580 Account Domain: Builtin Old Account Name: Remote Management Users New Account Name: Remote Management Users Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-581 Account Domain: Builtin Old Account Name: System Managed Accounts Group New Account Name: System Managed Accounts Group Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: Administrator Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x211 New UAC Value: 0x211 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: Administrator Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x211 New UAC Value: 0x211 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: Guest Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x215 New UAC Value: 0x215 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: Guest Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x215 New UAC Value: 0x215 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: DefaultAccount Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x215 New UAC Value: 0x215 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: DefaultAccount Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x215 New UAC Value: 0x215 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-513 Account Domain: LAPTOP-5DNN8R19 Old Account Name: None New Account Name: None Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Changed Attributes: SAM Account Name: Administrators SID History: - Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Changed Attributes: SAM Account Name: Users SID History: - Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Changed Attributes: SAM Account Name: Guests SID History: - Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-558 Group Name: Performance Monitor Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-558 Group Name: Performance Monitor Users Group Domain: Builtin Changed Attributes: SAM Account Name: Performance Monitor Users SID History: - Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-559 Group Name: Performance Log Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-559 Group Name: Performance Log Users Group Domain: Builtin Changed Attributes: SAM Account Name: Performance Log Users SID History: - Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-562 Group Name: Distributed COM Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-562 Group Name: Distributed COM Users Group Domain: Builtin Changed Attributes: SAM Account Name: Distributed COM Users SID History: - Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-568 Group Name: IIS_IUSRS Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-568 Group Name: IIS_IUSRS Group Domain: Builtin Changed Attributes: SAM Account Name: IIS_IUSRS SID History: - Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-573 Group Name: Event Log Readers Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-573 Group Name: Event Log Readers Group Domain: Builtin Changed Attributes: SAM Account Name: Event Log Readers SID History: - Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-580 Group Name: Remote Management Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-580 Group Name: Remote Management Users Group Domain: Builtin Changed Attributes: SAM Account Name: Remote Management Users SID History: - Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-581 Group Name: System Managed Accounts Group Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-581 Group Name: System Managed Accounts Group Group Domain: Builtin Changed Attributes: SAM Account Name: System Managed Accounts Group SID History: - Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4737: A security-enabled global group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-21-1877548631-935440309-1602752157-513 Group Name: None Group Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:18    Microsoft-Windows-Security-Auditing  4737: A security-enabled global group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-21-1877548631-935440309-1602752157-513 Group Name: None Group Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: None SID History: - Additional Information: Privileges: -
Security  Audit Success  12544  2015-08-21 00:25:19    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-21 00:25:19    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  13826  2015-08-21 00:25:19    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x49c Process Name: C:\Windows\System32\svchost.exe
Security  Audit Success  13826  2015-08-21 00:25:19    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x530 Process Name: C:\Windows\System32\svchost.exe
Security  Audit Success  12544  2015-08-21 00:25:20    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 00:25:20    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-21 00:25:20    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-21 00:25:20    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12292  2015-08-21 00:25:24    Microsoft-Windows-Security-Auditing  5033: The Windows Firewall Driver started successfully.
Security  Audit Success  12544  2015-08-21 00:25:25    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 00:25:25    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 00:25:25    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x31193 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-21 00:25:25    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-21 00:25:25    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12292  2015-08-21 00:25:26    Microsoft-Windows-Security-Auditing  5024: The Windows Firewall service started successfully.
Security  Audit Success  13568  2015-08-21 00:25:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Temp\winre\ExtractedFromWim Handle ID: 0x978 Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Failure  12290  2015-08-21 00:25:27    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-21 00:25:27    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-21 00:25:28    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-21 00:25:28    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-21 00:25:32    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-21 00:25:43    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-21 00:25:56    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Success  12544  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19 Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security  Audit Success  12544  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x57c2b Linked Logon ID: 0x57c51 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe Network Information: Workstation Name: LAPTOP-OMGARQRN Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x57c51 Linked Logon ID: 0x57c2b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe Network Information: Workstation Name: LAPTOP-OMGARQRN Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12545  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x57c51 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12545  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x57c2b Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12548  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x57c2b Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  13824  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4720: A user account was created. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 New Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19 Attributes: SAM Account Name: defaultuser0 Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 Allowed To Delegate To: - Old UAC Value: 0x0 New UAC Value: 0x15 User Account Control: %%2080 %%2082 %%2084 User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges -
Security  Audit Success  13824  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4722: A user account was enabled. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19
Security  Audit Success  13824  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: defaultuser0 Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x15 New UAC Value: 0x14 User Account Control: %%2048 User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: defaultuser0 Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: 8/21/2015 12:25:57 AM Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x14 New UAC Value: 0x14 User Account Control: - User Parameters: - SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4724: An attempt was made to reset an account's password. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19
Security  Audit Success  13824  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: defaultuser0 Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: 8/21/2015 12:25:57 AM Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x14 New UAC Value: 0x214 User Account Control: %%2089 User Parameters: - SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4724: An attempt was made to reset an account's password. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19
Security  Audit Success  13826  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4728: A member was added to a security-enabled global group. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: - Group: Security ID: S-1-5-21-1877548631-935440309-1602752157-513 Group Name: None Group Domain: LAPTOP-5DNN8R19 Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4732: A member was added to a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: - Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe
Security  Audit Success  13826  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe
Security  Audit Success  13826  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4732: A member was added to a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: - Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe
Security  Audit Success  13826  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe
Security  Audit Success  13826  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe
Security  Audit Success  13826  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe
Security  Audit Success  13826  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe
Security  Audit Success  13826  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4733: A member was removed from a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: - Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe
Security  Audit Success  13826  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe
Security  Audit Success  13826  2015-08-21 00:25:57    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x530 Process Name: C:\Windows\System32\svchost.exe
Security  Audit Failure  12290  2015-08-21 00:26:04    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-21 00:26:13    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Success  12544  2015-08-21 00:26:15    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-21 00:26:15    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  13826  2015-08-21 00:26:16    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xc74 Process Name: C:\Windows\System32\SearchIndexer.exe
Security  Audit Success  12544  2015-08-21 01:26:45    Microsoft-Windows-Security-Auditing  4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x150 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security  Audit Success  12544  2015-08-21 01:26:45    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0xb63363 Linked Logon ID: 0xb6339d Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x150 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 01:26:45    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0xb6339d Linked Logon ID: 0xb63363 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x150 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 01:26:45    Microsoft-Windows-Security-Auditing  4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2f4 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security  Audit Success  12544  2015-08-21 01:26:45    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0xb63700 Linked Logon ID: 0xb63868 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 01:26:45    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0xb63868 Linked Logon ID: 0xb63700 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12545  2015-08-21 01:26:45    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0xb6339d Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12545  2015-08-21 01:26:45    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0xb63363 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12545  2015-08-21 01:26:45    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0xb63868 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12545  2015-08-21 01:26:45    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0xb63700 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12548  2015-08-21 01:26:45    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0xb63363 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-21 01:26:45    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0xb63700 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  13824  2015-08-21 01:26:45    Microsoft-Windows-Security-Auditing  4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - Display Name: Gálffy Csaba User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-21 01:26:45    Microsoft-Windows-Security-Auditing  4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - Display Name: Gálffy Csaba User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security  Audit Success  12544  2015-08-21 01:27:12    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12545  2015-08-21 01:27:12    Microsoft-Windows-Security-Auditing  4647: User initiated logoff: Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x19cbb1 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security  Audit Success  12548  2015-08-21 01:27:12    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  13568  2015-08-21 01:27:23    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntdll.dll Handle ID: 0x3c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:23    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntoskrnl.exe Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:23    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\storport.sys Handle ID: 0x40 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:23    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\ntdll.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:23    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:23    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:23    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_21ffbdd2a2dd92e0.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:23    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_speech_onecore_common_3ac1627a1b848769.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:23    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_oobe_1bf24c07bb30ce37.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:23    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_en-us_9e576ab077991fe8.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:23    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_dism_1bf2381fbb30eb13.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:23    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_0307ca33e1cd9708.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:23    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsappthreshold_0b97cbddb6bef8ee.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:23    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.logon_ed8ece16fb61b4e6.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:23    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_windowsfeedback_cw5n1h2txyewy_e32424584539397a.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:23    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_shellexperiencehost_cw5n1h2txyewy_e21c90d9487ed242.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:23    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_2d6b8920d3f31e0d.cdf-ms Handle ID: 0x44 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:23    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_views_a56f518aba6f0a4b.cdf-ms Handle ID: 0x44 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:23    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.contentdeliverymanager_cw5n1h2txyewy_6369fdd3e5ab0989.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:23    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_43d095bdcce4e130.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:23    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.lockapp_cw5n1h2txyewy_6f26550558264bb4.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:23    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.bioenrollment_cw5n1h2txyewy_0e6f6a5d1f5a1430.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:23    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.aad.brokerplugin_cw5n1h2txyewy_d48a5fb790740a92.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:23    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_contactsupport_cw5n1h2txyewy_9f20cf1a0d04fca1.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_winbioplugins_071a28c5b510fb6a.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_systemresetplatform_14fecc2716acccef.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_ppdlic_0f09ba294211a24b.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_speech_onecore_common_60bf750299e8ab15.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_oobe_06655c95df2fa06f.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migration_927a21df1acd7c18.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_drivers_dc1b782427b5ee1b.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_drivers_umdf_a531b5dc588477d3.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_drivers_en-us_4bb913fc5eb96bcf.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_dism_066548addf2fbd4b.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_boot_06654401df2fc50e.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_appraiser_59bebec9f06db09b.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_resources_fbee56ab048ab239.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_resources_themes_4d0d4910e83c2273.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_resources_themes_aero_3fd78bf4cb5fa2c4.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_purchasedialog_bf454dd5e78ab123.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_provisioning_cc9458acec1840ff.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_083d4e330e766c5d.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_46321ba736a30085.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v3.0_d97e7188b51e6116.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v3.0_wpf_f80a7f17f38f3771.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_83386eac0379231b.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_c40c7a995ddd757b.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v3.0_wpf_b56a2354fbfa0c31.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_immersivecontrolpanel_1e6ccf0e6a91b570.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_globalization_0fc22903a221b67f.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_globalization_sorting_04883de290c6ef1b.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_devicesflow_a24e4906c4ce494f.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_40104b85a18bfcb2.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_pcat_0f8924c0debe64e4.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_efi_0f890f82be247f42.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_apppatch_apppatch64_e39bab3b20714e20.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_fe5c6d762edd2110.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_user_account_pictures_eceaafe818cb6141.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86__676bbe2c7241b694.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_reference_assemblies_41115a5fd4566dab.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_reference_assemblies_microsoft_ad470207ad610db1.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_reference_assemblies_microsoft_framework_b81ea2cfde84fb19.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_reference_assemblies_microsoft_framework_v3.0_1dfad1527dc1078c.cdf-ms Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_internet_explorer_cafab575245eacb0.cdf-ms Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_dfa3680ec228c528.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_microsoft_shared_635c287ec97ec0a5.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_microsoft_shared_vgx_9d0cc8bc56d58860.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_reference_assemblies_f89c5a39d351281a.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_reference_assemblies_microsoft_a4ba21b6f468ca9e.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_reference_assemblies_microsoft_framework_61efdd9e2d0263ca.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_reference_assemblies_microsoft_framework_v3.0_44577d982216c291.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_internet_explorer_a421d1bfaf856e2b.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_vgx_3c86fd9f0b3afd9b.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\ProgramData\Microsoft\User Account Pictures\guest.bmp Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\ProgramData\Microsoft\User Account Pictures\user.bmp Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\explorer.exe Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\AppPatch\drvmain.sdb Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\AppPatch\sysmain.sdb Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\AppPatch\apppatch64\sysmain.sdb Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\DevicesFlow\DevicesFlowUI.dll Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:24    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MbaeApiPublic.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MbaeParserTask.exe Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfcore.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MFMediaEngine.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfplat.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfps.dll Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfsvr.dll Handle ID: 0x68 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mshtml.dll Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mssprxy.dll Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mssrch.dll Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetworkMobileSettings.dll Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OneDriveSettingSyncProvider.dll Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdbui.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RDXService.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ReAgent.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RemoteNaturalLanguage.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SearchProtocolHost.exe Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Notifications.dll Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll Handle ID: 0x40 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppXDeploymentClient.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppXDeploymentExtensions.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppXDeploymentServer.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\atmfd.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\atmlib.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Chakra.dll Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cloudAP.dll Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\diagtrack.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\diagtrack_win.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\diagtrack_wininternal.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\directmanipulation.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dwmcore.dll Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\edgehtml.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\enterprisecsps.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fontdrvhost.exe Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GamePanel.exe Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iertutil.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputService.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LocationFramework.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LocationFrameworkInternalPS.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LocationGeofences.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LocationPermissions.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LockAppHost.exe Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:25    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MbaeApi.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\syncutil.dll Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sysmain.dll Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tetheringclient.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tetheringservice.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TextInputFramework.dll Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tquery.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UIAutomationCore.dll Handle ID: 0x78 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UserMgrProxy.dll Handle ID: 0x78 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wcmsvc.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wifinetworkmanager.dll Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\win32kbase.sys Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\win32kfull.sys Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.Store.dll Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Logon.dll Handle ID: 0x34 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Xaml.dll Handle ID: 0x74 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlidsvc.dll Handle ID: 0x74 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuautoappupdate.dll Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wwansvc.dll Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser\appraiser.sdb Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\ppdlic\explorer-ppdlic.xrm-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceRecognitionEngineAdapter.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceRecognitionSensorAdapter.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AddressBand.xbf Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eModel.dll Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eView.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\F12App2.dll Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\HubPanel.xbf Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\BingIdentityManagerInternal.dll Handle ID: 0x34 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CGSVCBackgroundTask.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.AppToApp.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.winmd Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.ContactPermissions.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.IntentExtraction.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Reminders.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.SmartExtraction.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Sync.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.UI.winmd Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaSpeechux.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PPIVoiceAgents.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ReactiveAgentsCommon.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SAPIBackgroundTask.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe Handle ID: 0x34 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\tws.dll Handle ID: 0x34 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\VoiceAgentsCommon.dll Handle ID: 0x34 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\BatteryFlyoutExperience.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ClockFlyoutExperience.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\DevicesFlowUI.dll Handle ID: 0x34 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\JumpviewUI.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\NetworkUX.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickConnectUI.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\resources.pri Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\StartUI.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.ActionCenter.dll Handle ID: 0x34 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.Logon\Windows.UI.Logon.pri Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\AppXDeploymentClient.dll Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\atmfd.dll Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:26    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\atmlib.dll Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\Chakra.dll Handle ID: 0x74 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\directmanipulation.dll Handle ID: 0x78 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\dwmcore.dll Handle ID: 0x78 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\edgehtml.dll Handle ID: 0x78 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\explorer.exe Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\fontdrvhost.exe Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\GamePanel.exe Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\iertutil.dll Handle ID: 0x78 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\InputService.dll Handle ID: 0x78 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\LockAppHost.exe Handle ID: 0x78 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\MbaeApi.dll Handle ID: 0x78 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\MbaeApiPublic.dll Handle ID: 0x78 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\mfcore.dll Handle ID: 0x78 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\MFMediaEngine.dll Handle ID: 0x78 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\mfplat.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\mfsvr.dll Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\mshtml.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\mssrch.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\OneDriveSettingSyncProvider.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\ReAgent.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\ReInfo.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\RemoteNaturalLanguage.dll Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\SearchProtocolHost.exe Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\tetheringclient.dll Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\TextInputFramework.dll Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\tquery.dll Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\UIAutomationCore.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\UserMgrProxy.dll Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\Windows.ApplicationModel.Store.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\Windows.ApplicationModel.Store.TestingFramework.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\Windows.UI.Core.TextInput.dll Handle ID: 0x34 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\Windows.UI.Logon.dll Handle ID: 0x34 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  13568  2015-08-21 01:27:27    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\Windows.UI.Xaml.dll Handle ID: 0x68 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security  Audit Success  103  2015-08-21 01:28:16    Microsoft-Windows-Eventlog  1100: The event logging service has shut down.
Security  Audit Success  13312  2015-08-21 01:28:34    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x140 New Process Name: ??????????????-??6?4?????? ? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????4 Process Command Line: ?????? ? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13312  2015-08-21 01:28:34    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x14c New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x140 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13573  2015-08-21 01:28:34    Microsoft-Windows-Security-Auditing  4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
Security  Audit Success  13312  2015-08-21 01:28:35    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1ac New Process Name: ??????????????-??6??0?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x140 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13312  2015-08-21 01:28:46    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x200 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1ac Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13312  2015-08-21 01:28:49    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x248 New Process Name: ??????????????-??6??0?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x140 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13312  2015-08-21 01:28:49    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x250 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1ac Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13312  2015-08-21 01:28:49    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x258 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x248 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13312  2015-08-21 01:28:49    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x29c New Process Name: ????????????????-??6??8?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x248 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  12288  2015-08-21 01:28:50    Microsoft-Windows-Security-Auditing  4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security  Audit Success  12544  2015-08-21 01:28:50    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  13312  2015-08-21 01:28:50    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2d0 New Process Name: ????????????????-??6??0?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x250 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13312  2015-08-21 01:28:50    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2d8 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x250 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13568  2015-08-21 01:28:50    Microsoft-Windows-Security-Auditing  4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x8ba9
Security  Audit Success  12544  2015-08-21 01:28:51    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 01:28:51    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 01:28:51    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 01:28:51    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-21 01:28:51    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-21 01:28:51    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-21 01:28:51    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-21 01:28:51    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security  Audit Success  12544  2015-08-21 01:28:52    Microsoft-Windows-Security-Auditing  4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security  Audit Success  12544  2015-08-21 01:28:52    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x12f2b Linked Logon ID: 0x12f5b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 01:28:52    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x12f5b Linked Logon ID: 0x12f2b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 01:28:52    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 01:28:52    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-21 01:28:52    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x12f2b Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-21 01:28:52    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x12f5b Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security  Audit Success  12548  2015-08-21 01:28:52    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-21 01:28:52    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  13826  2015-08-21 01:28:52    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe
Security  Audit Success  12544  2015-08-21 01:28:53    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-21 01:28:53    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12292  2015-08-21 01:28:57    Microsoft-Windows-Security-Auditing  5033: The Windows Firewall Driver started successfully.
Security  Audit Success  12544  2015-08-21 01:28:58    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 01:28:58    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 01:28:58    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 01:28:58    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x28156 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-21 01:28:58    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-21 01:28:58    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-21 01:28:58    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  13826  2015-08-21 01:28:58    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x61c Process Name: C:\Windows\System32\svchost.exe
Security  Audit Success  12292  2015-08-21 01:29:00    Microsoft-Windows-Security-Auditing  5024: The Windows Firewall service started successfully.
Security  Audit Success  12544  2015-08-21 01:29:02    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-21 01:29:02    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12544  2015-08-21 01:29:03    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-21 01:29:03    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12544  2015-08-21 01:29:19    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 01:29:19    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-21 01:29:19    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-21 01:29:19    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  13568  2015-08-21 01:29:19    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x370 Process Information: Process ID: 0x534 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16384_none_115fd2f761f7c508\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:29:19    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x4f4 Process Information: Process ID: 0x534 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16384_none_115fd2f761f7c508\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:29:19    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_fc2045b9046cc796.cdf-ms Handle ID: 0x57c Process Information: Process ID: 0x534 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16384_none_115fd2f761f7c508\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-21 01:29:19    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_version_10.0.10240.16445_3c992a32fa8cfc96.cdf-ms Handle ID: 0x4f4 Process Information: Process ID: 0x534 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16384_none_115fd2f761f7c508\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13826  2015-08-21 01:29:19    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xc34 Process Name: C:\Windows\System32\VSSVC.exe
Security  Audit Success  13826  2015-08-21 01:29:19    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xc34 Process Name: C:\Windows\System32\VSSVC.exe
Security  Audit Success  13826  2015-08-21 01:29:19    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xc34 Process Name: C:\Windows\System32\VSSVC.exe
Security  Audit Success  13826  2015-08-21 01:29:19    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xc34 Process Name: C:\Windows\System32\VSSVC.exe
Security  Audit Success  13824  2015-08-21 01:29:20    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x484 Process Name: C:\Windows\System32\LogonUI.exe
Security  Audit Success  12544  2015-08-21 01:29:36    Microsoft-Windows-Security-Auditing  4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security  Audit Success  12544  2015-08-21 01:29:36    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x781a7 Linked Logon ID: 0x781d7 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 01:29:36    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x781d7 Linked Logon ID: 0x781a7 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 01:29:36    Microsoft-Windows-Security-Auditing  4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security  Audit Success  12544  2015-08-21 01:29:36    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x7840b Linked Logon ID: 0x78433 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 01:29:36    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x78433 Linked Logon ID: 0x7840b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12545  2015-08-21 01:29:36    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x78433 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12545  2015-08-21 01:29:36    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x7840b Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12548  2015-08-21 01:29:36    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x781a7 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-21 01:29:36    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x7840b Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  13824  2015-08-21 01:29:36    Microsoft-Windows-Security-Auditing  4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - Display Name: Gálffy Csaba User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-21 01:29:36    Microsoft-Windows-Security-Auditing  4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - Display Name: Gálffy Csaba User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-21 01:29:36    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe
Security  Audit Success  13826  2015-08-21 01:29:45    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe
Security  Audit Failure  12290  2015-08-21 01:29:47    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-21 01:29:47    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Success  12544  2015-08-21 01:29:47    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-21 01:29:47    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  13826  2015-08-21 01:29:47    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1510 Process Name: C:\Windows\System32\SearchIndexer.exe
Security  Audit Success  12544  2015-08-21 01:31:55    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-21 01:31:55    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Failure  12290  2015-08-21 01:44:00    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Success  12544  2015-08-21 01:51:46    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 01:51:46    Microsoft-Windows-Security-Auditing  4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security  Audit Success  12544  2015-08-21 01:51:46    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1eba84 Linked Logon ID: 0x1ebb3a Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 01:51:46    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1ebb3a Linked Logon ID: 0x1eba84 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12545  2015-08-21 01:51:46    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x12f5b Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12545  2015-08-21 01:51:46    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x12f2b Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12548  2015-08-21 01:51:46    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-21 01:51:46    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1eba84 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-21 01:51:46    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1ebb3a Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security  Audit Success  12544  2015-08-21 01:52:20    Microsoft-Windows-Security-Auditing  4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security  Audit Success  12544  2015-08-21 01:52:20    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1f1fc9 Linked Logon ID: 0x1f20b4 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 01:52:20    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1f20b4 Linked Logon ID: 0x1f1fc9 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-21 01:52:20    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1f1fc9 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-21 01:52:20    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1f20b4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security  Audit Failure  12290  2015-08-21 01:52:43    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-21 01:52:43    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Success  12544  2015-08-21 02:12:10    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 02:12:10    Microsoft-Windows-Security-Auditing  4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security  Audit Success  12544  2015-08-21 02:12:10    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x24f97e Linked Logon ID: 0x24fb90 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 02:12:10    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x24fb90 Linked Logon ID: 0x24f97e Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12545  2015-08-21 02:12:10    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1f20b4 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12545  2015-08-21 02:12:10    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1f1fc9 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12548  2015-08-21 02:12:10    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-21 02:12:10    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x24f97e Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-21 02:12:10    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x24fb90 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security  Audit Success  13824  2015-08-21 02:20:37    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xf08 Process Name: C:\Windows\System32\LogonUI.exe
Security  Audit Success  13824  2015-08-21 02:21:08    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xf08 Process Name: C:\Windows\System32\LogonUI.exe
Security  Audit Success  13824  2015-08-21 02:24:12    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xf08 Process Name: C:\Windows\System32\LogonUI.exe
Security  Audit Success  13824  2015-08-21 02:27:58    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xf08 Process Name: C:\Windows\System32\LogonUI.exe
Security  Audit Success  13824  2015-08-21 03:41:54    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xf08 Process Name: C:\Windows\System32\LogonUI.exe
Security  Audit Success  12544  2015-08-21 11:42:18    Microsoft-Windows-Security-Auditing  4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security  Audit Success  12544  2015-08-21 11:42:18    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x2f53ec Linked Logon ID: 0x2f5426 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 11:42:18    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x2f5426 Linked Logon ID: 0x2f53ec Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 11:42:18    Microsoft-Windows-Security-Auditing  4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security  Audit Success  12544  2015-08-21 11:42:18    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x2f5790 Linked Logon ID: 0x2f5812 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-21 11:42:18    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x2f5812 Linked Logon ID: 0x2f5790 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12545  2015-08-21 11:42:18    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x2f5426 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12545  2015-08-21 11:42:18    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x2f53ec Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12545  2015-08-21 11:42:18    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x2f5812 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12545  2015-08-21 11:42:18    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x2f5790 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12548  2015-08-21 11:42:18    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x2f53ec Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-21 11:42:18    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x2f5790 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  13824  2015-08-21 11:42:18    Microsoft-Windows-Security-Auditing  4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - Display Name: Gálffy Csaba User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-21 11:42:18    Microsoft-Windows-Security-Auditing  4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - Display Name: Gálffy Csaba User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security  Audit Success  12544  2015-08-21 11:57:08    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-21 11:57:08    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  13824  2015-08-21 12:10:07    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x138c Process Name: C:\Windows\System32\LogonUI.exe
Security  Audit Success  13824  2015-08-21 12:17:16    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x138c Process Name: C:\Windows\System32\LogonUI.exe
Security  Audit Success  13824  2015-08-21 12:21:16    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x138c Process Name: C:\Windows\System32\LogonUI.exe
Security  Audit Success  13824  2015-08-21 12:25:16    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x138c Process Name: C:\Windows\System32\LogonUI.exe
Security  Audit Success  13824  2015-08-21 12:28:00    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x138c Process Name: C:\Windows\System32\LogonUI.exe
Security  Audit Success  13824  2015-08-21 12:40:23    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x138c Process Name: C:\Windows\System32\LogonUI.exe
Security  Audit Failure  12290  2015-08-21 16:08:36    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-21 16:08:36    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-21 19:48:42    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-21 19:48:43    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-21 21:03:51    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-21 21:03:51    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-21 23:47:05    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-21 23:47:05    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-22 00:25:39    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-22 00:25:39    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Success  12544  2015-08-22 00:25:40    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-22 00:25:40    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12544  2015-08-22 00:25:52    Microsoft-Windows-Security-Auditing  4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security  Audit Success  12544  2015-08-22 00:25:52    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x468349 Linked Logon ID: 0x468383 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-22 00:25:52    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x468383 Linked Logon ID: 0x468349 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-22 00:25:52    Microsoft-Windows-Security-Auditing  4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security  Audit Success  12544  2015-08-22 00:25:52    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x4688c0 Linked Logon ID: 0x468a7d Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-22 00:25:52    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x468a7d Linked Logon ID: 0x4688c0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12545  2015-08-22 00:25:52    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x468383 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12545  2015-08-22 00:25:52    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x468349 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12545  2015-08-22 00:25:52    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x468a7d Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12545  2015-08-22 00:25:52    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x4688c0 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12548  2015-08-22 00:25:52    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x468349 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-22 00:25:52    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x4688c0 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  13824  2015-08-22 00:25:52    Microsoft-Windows-Security-Auditing  4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - Display Name: Gálffy Csaba User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-22 00:25:52    Microsoft-Windows-Security-Auditing  4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - Display Name: Gálffy Csaba User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security  Audit Failure  12290  2015-08-22 00:56:49    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-22 00:56:49    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-22 01:29:39    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-22 01:29:39    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Success  13824  2015-08-22 01:45:08    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x1ffc Process Name: C:\Windows\System32\LogonUI.exe
Security  Audit Success  13824  2015-08-22 01:46:36    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x1ffc Process Name: C:\Windows\System32\LogonUI.exe
Security  Audit Success  13824  2015-08-22 01:48:26    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x1ffc Process Name: C:\Windows\System32\LogonUI.exe
Security  Audit Success  12544  2015-08-22 01:48:39    Microsoft-Windows-Security-Auditing  4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security  Audit Success  12544  2015-08-22 01:48:39    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x5743b6 Linked Logon ID: 0x5743f0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-22 01:48:39    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x5743f0 Linked Logon ID: 0x5743b6 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-22 01:48:39    Microsoft-Windows-Security-Auditing  4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security  Audit Success  12544  2015-08-22 01:48:39    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x57483f Linked Logon ID: 0x57488e Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-22 01:48:39    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x57488e Linked Logon ID: 0x57483f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12545  2015-08-22 01:48:39    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x5743f0 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12545  2015-08-22 01:48:39    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x5743b6 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12545  2015-08-22 01:48:39    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x57488e Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12545  2015-08-22 01:48:39    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x57483f Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12548  2015-08-22 01:48:39    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x5743b6 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-22 01:48:39    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x57483f Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  13824  2015-08-22 01:48:39    Microsoft-Windows-Security-Auditing  4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - Display Name: Gálffy Csaba User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-22 01:48:39    Microsoft-Windows-Security-Auditing  4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - Display Name: Gálffy Csaba User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security  Audit Success  13824  2015-08-22 02:15:13    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xd00 Process Name: C:\Windows\System32\LogonUI.exe
Security  Audit Success  13824  2015-08-22 04:01:02    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xd00 Process Name: C:\Windows\System32\LogonUI.exe
Security  Audit Success  13824  2015-08-22 04:04:14    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xd00 Process Name: C:\Windows\System32\LogonUI.exe
Security  Audit Success  13824  2015-08-22 04:05:14    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xd00 Process Name: C:\Windows\System32\LogonUI.exe
Security  Audit Success  13824  2015-08-22 04:12:13    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xd00 Process Name: C:\Windows\System32\LogonUI.exe
Security  Audit Failure  12290  2015-08-22 13:14:47    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-22 13:14:47    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Success  12544  2015-08-22 13:15:40    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-22 13:15:40    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12544  2015-08-22 13:16:40    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-22 13:16:40    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12544  2015-08-22 13:18:08    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-22 13:18:08    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12544  2015-08-22 13:18:10    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-22 13:18:10    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Failure  12290  2015-08-22 15:46:27    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-22 15:46:28    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-22 16:28:05    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-22 16:28:05    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-22 19:04:14    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-22 19:04:14    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-23 00:25:09    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-23 00:25:09    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-23 06:24:29    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-23 06:24:29    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-23 09:14:09    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-23 09:14:21    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-23 11:45:50    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-23 11:45:50    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-23 13:21:58    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-23 13:21:58    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Success  12544  2015-08-23 13:22:01    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-23 13:22:01    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Failure  12290  2015-08-23 15:38:05    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-23 15:38:05    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-23 17:09:46    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-23 17:09:46    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-23 18:18:47    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-23 18:18:47    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-23 19:54:50    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-23 19:54:50    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-23 21:05:15    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-23 21:05:16    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-23 22:17:52    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-23 22:17:52    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-24 06:49:01    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-24 06:49:01    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-24 20:00:56    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-24 20:00:56    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Success  13312  2015-08-27 16:42:13    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x148 New Process Name: ??????????????-??6?4?????? ? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????4 Process Command Line: ?????? ? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13312  2015-08-27 16:42:13    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x154 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x148 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13573  2015-08-27 16:42:13    Microsoft-Windows-Security-Auditing  4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
Security  Audit Success  13312  2015-08-27 16:42:21    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1d0 New Process Name: ??????????????-??6??8?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x148 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13312  2015-08-27 16:42:28    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x208 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1d0 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13312  2015-08-27 16:42:29    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x24c New Process Name: ??????????????-??6??8?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x148 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13312  2015-08-27 16:42:29    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x254 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1d0 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13312  2015-08-27 16:42:29    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x260 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x24c Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13312  2015-08-27 16:42:29    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2ac New Process Name: ????????????????-??6??c?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x24c Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  12288  2015-08-27 16:42:30    Microsoft-Windows-Security-Auditing  4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security  Audit Success  12544  2015-08-27 16:42:30    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  13312  2015-08-27 16:42:30    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2e0 New Process Name: ????????????????-??6??4?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x254 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13312  2015-08-27 16:42:30    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2f4 New Process Name: ????????????????-??6??4?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x254 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13312  2015-08-27 16:42:30    Microsoft-Windows-Security-Auditing  4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2fc New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x254 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security  Audit Success  13568  2015-08-27 16:42:30    Microsoft-Windows-Security-Auditing  4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x9020
Security  Audit Success  12544  2015-08-27 16:42:31    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-27 16:42:31    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12544  2015-08-27 16:42:32    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-27 16:42:32    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security  Audit Success  12544  2015-08-27 16:42:33    Microsoft-Windows-Security-Auditing  4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2ac Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security  Audit Success  12544  2015-08-27 16:42:33    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1032f Linked Logon ID: 0x10359 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2ac Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-27 16:42:33    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x10359 Linked Logon ID: 0x1032f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2ac Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-27 16:42:33    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-27 16:42:33    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-27 16:42:33    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-27 16:42:33    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1032f Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-27 16:42:33    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x10359 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security  Audit Success  12548  2015-08-27 16:42:33    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-27 16:42:33    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-27 16:42:33    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  101  2015-08-27 16:42:35    Microsoft-Windows-Eventlog  1101: Audit events have been dropped by the transport. 0
Security  Audit Success  13826  2015-08-27 16:42:35    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x184 Process Name: C:\Windows\System32\svchost.exe
Security  Audit Success  12544  2015-08-27 16:42:36    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-27 16:42:36    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12292  2015-08-27 16:42:43    Microsoft-Windows-Security-Auditing  5033: The Windows Firewall Driver started successfully.
Security  Audit Success  12544  2015-08-27 16:42:44    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-27 16:42:44    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-27 16:42:44    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-27 16:42:44    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x29047 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-27 16:42:44    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-27 16:42:44    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-27 16:42:44    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  13826  2015-08-27 16:42:44    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x640 Process Name: C:\Windows\System32\svchost.exe
Security  Audit Success  13824  2015-08-27 16:42:45    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xf4 Process Name: C:\Windows\System32\LogonUI.exe
Security  Audit Success  12292  2015-08-27 16:42:54    Microsoft-Windows-Security-Auditing  5024: The Windows Firewall service started successfully.
Security  Audit Success  12544  2015-08-27 16:43:05    Microsoft-Windows-Security-Auditing  4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x184 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security  Audit Success  12544  2015-08-27 16:43:05    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x34997 Linked Logon ID: 0x349c9 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x184 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-27 16:43:05    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x349c9 Linked Logon ID: 0x34997 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x184 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-27 16:43:05    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x34997 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  13824  2015-08-27 16:43:05    Microsoft-Windows-Security-Auditing  4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - Display Name: Gálffy Csaba User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security  Audit Success  12544  2015-08-27 16:43:06    Microsoft-Windows-Security-Auditing  4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2fc Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security  Audit Success  12544  2015-08-27 16:43:06    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x34c47 Linked Logon ID: 0x34c6f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2fc Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-27 16:43:06    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x34c6f Linked Logon ID: 0x34c47 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2fc Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12545  2015-08-27 16:43:06    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34c6f Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12545  2015-08-27 16:43:06    Microsoft-Windows-Security-Auditing  4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34c47 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security  Audit Success  12548  2015-08-27 16:43:06    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x34c47 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  13824  2015-08-27 16:43:06    Microsoft-Windows-Security-Auditing  4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - Display Name: Gálffy Csaba User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security  Audit Success  13826  2015-08-27 16:43:06    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x184 Process Name: C:\Windows\System32\svchost.exe
Security  Audit Success  12544  2015-08-27 16:43:07    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-27 16:43:07    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Failure  12290  2015-08-27 16:43:09    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-27 16:43:10    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Success  13826  2015-08-27 16:43:13    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x184 Process Name: C:\Windows\System32\svchost.exe
Security  Audit Success  12544  2015-08-27 16:43:19    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-27 16:43:19    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  13826  2015-08-27 16:43:23    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x12dc Process Name: C:\Windows\System32\SearchIndexer.exe
Security  Audit Success  12544  2015-08-27 16:44:02    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-27 16:44:02    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12544  2015-08-27 16:44:04    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-27 16:44:04    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Failure  12290  2015-08-27 16:52:57    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-27 16:52:58    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-27 17:02:27    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-27 17:02:27    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-27 17:02:28    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-27 17:02:28    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Success  13824  2015-08-27 17:11:36    Microsoft-Windows-Security-Auditing  4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x349c9 Additional Information: Caller Workstation: LAPTOP-5DNN8R19 Target Account Name: Administrator Target Account Domain: LAPTOP-5DNN8R19
Security  Audit Success  13824  2015-08-27 17:11:36    Microsoft-Windows-Security-Auditing  4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x349c9 Additional Information: Caller Workstation: LAPTOP-5DNN8R19 Target Account Name: DefaultAccount Target Account Domain: LAPTOP-5DNN8R19
Security  Audit Success  13824  2015-08-27 17:11:36    Microsoft-Windows-Security-Auditing  4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x349c9 Additional Information: Caller Workstation: LAPTOP-5DNN8R19 Target Account Name: Guest Target Account Domain: LAPTOP-5DNN8R19
Security  Audit Success  13824  2015-08-27 17:11:36    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x349c9 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xe64 Process Name: C:\Windows\explorer.exe
Security  Audit Success  13824  2015-08-27 17:11:36    Microsoft-Windows-Security-Auditing  4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x349c9 Additional Information: Caller Workstation: LAPTOP-5DNN8R19 Target Account Name: Administrator Target Account Domain: LAPTOP-5DNN8R19
Security  Audit Success  13824  2015-08-27 17:11:36    Microsoft-Windows-Security-Auditing  4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x349c9 Additional Information: Caller Workstation: LAPTOP-5DNN8R19 Target Account Name: DefaultAccount Target Account Domain: LAPTOP-5DNN8R19
Security  Audit Success  13824  2015-08-27 17:11:36    Microsoft-Windows-Security-Auditing  4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x349c9 Additional Information: Caller Workstation: LAPTOP-5DNN8R19 Target Account Name: Guest Target Account Domain: LAPTOP-5DNN8R19
Security  Audit Success  13824  2015-08-27 17:11:36    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x349c9 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xe64 Process Name: C:\Windows\explorer.exe
Security  Audit Failure  12290  2015-08-27 17:11:37    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-27 17:14:27    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Success  13824  2015-08-27 17:15:20    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:20    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:20    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:20    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:20    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:20    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:20    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:20    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13826  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13826  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-562 Group Name: Distributed COM Users Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13826  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-573 Group Name: Event Log Readers Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13826  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13826  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-568 Group Name: IIS_IUSRS Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13826  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-559 Group Name: Performance Log Users Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13826  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-558 Group Name: Performance Monitor Users Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13826  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-580 Group Name: Remote Management Users Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13826  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-581 Group Name: System Managed Accounts Group Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13826  2015-08-27 17:15:21    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Failure  12290  2015-08-27 17:24:00    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-27 17:24:01    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Success  12544  2015-08-27 17:35:37    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-27 17:35:37    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12544  2015-08-27 17:35:38    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-27 17:35:38    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  13568  2015-08-27 17:35:45    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x1868 Process Information: Process ID: 0x17c4 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16445_none_1161304761f67502\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  13568  2015-08-27 17:35:45    Microsoft-Windows-Security-Auditing  4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x18e0 Process Information: Process ID: 0x17c4 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16445_none_1161304761f67502\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security  Audit Success  12288  2015-08-27 17:35:46    Microsoft-Windows-Security-Auditing  4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x478 Name: C:\Windows\System32\svchost.exe Previous Time: 2015-08-27T14:35:55.731530000Z New Time: 2015-08-27T14:35:46.950417600Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Security  Audit Success  12288  2015-08-27 17:35:46    Microsoft-Windows-Security-Auditing  4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x478 Name: C:\Windows\System32\svchost.exe Previous Time: 2015-08-27T14:35:46.954400700Z New Time: 2015-08-27T14:35:46.949000000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Security  Audit Success  12288  2015-08-27 17:35:46    Microsoft-Windows-Security-Auditing  4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x478 Name: C:\Windows\System32\svchost.exe Previous Time: 2015-08-27T14:35:46.948448200Z New Time: 2015-08-27T14:35:46.944000000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Security  Audit Success  12544  2015-08-27 17:35:46    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12544  2015-08-27 17:35:46    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-27 17:35:46    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12548  2015-08-27 17:35:46    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  13826  2015-08-27 17:35:46    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d00 Process Name: C:\Windows\System32\VSSVC.exe
Security  Audit Success  13826  2015-08-27 17:35:46    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d00 Process Name: C:\Windows\System32\VSSVC.exe
Security  Audit Success  13826  2015-08-27 17:35:46    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d00 Process Name: C:\Windows\System32\VSSVC.exe
Security  Audit Success  13826  2015-08-27 17:35:46    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d00 Process Name: C:\Windows\System32\VSSVC.exe
Security  Audit Failure  12290  2015-08-27 17:35:56    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Failure  12290  2015-08-27 17:35:57    Microsoft-Windows-Security-Auditing  5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security  Audit Success  12544  2015-08-27 17:45:12    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-27 17:45:12    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  12544  2015-08-27 17:45:13    Microsoft-Windows-Security-Auditing  4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security  Audit Success  12548  2015-08-27 17:45:13    Microsoft-Windows-Security-Auditing  4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security  Audit Success  13826  2015-08-27 17:45:13    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x514 Process Name: C:\Windows\System32\VSSVC.exe
Security  Audit Success  13826  2015-08-27 17:45:13    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x514 Process Name: C:\Windows\System32\VSSVC.exe
Security  Audit Success  13826  2015-08-27 17:45:13    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x514 Process Name: C:\Windows\System32\VSSVC.exe
Security  Audit Success  13826  2015-08-27 17:45:13    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x514 Process Name: C:\Windows\System32\VSSVC.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13824  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13826  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13826  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-562 Group Name: Distributed COM Users Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13826  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-573 Group Name: Event Log Readers Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13826  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13826  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-568 Group Name: IIS_IUSRS Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13826  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-559 Group Name: Performance Log Users Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13826  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-558 Group Name: Performance Monitor Users Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13826  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-580 Group Name: Remote Management Users Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13826  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-581 Group Name: System Managed Accounts Group Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security  Audit Success  13826  2015-08-27 17:52:31    Microsoft-Windows-Security-Auditing  4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
System  Error  None  2015-08-20 18:33:07  galff  DCOM  10010: The server {9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C} did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 00:25:01  SYSTEM  Microsoft-Windows-Kernel-Boot  16: The directory cannot be removed.
System  Warning  None  2015-08-21 00:25:10    ISH  1: Incorrect function.
System  Warning  212  2015-08-21 00:25:10  SYSTEM  Microsoft-Windows-Kernel-PnP  219: The driver \Driver\WudfRd failed to load for the device HID\Vid_8086&Pid_0001\6&2b15ee36&0&0000.
System  Warning  212  2015-08-21 00:25:10  SYSTEM  Microsoft-Windows-Kernel-PnP  219: The driver \Driver\WudfRd failed to load for the device HID\Vid_8086&Pid_0001\6&234d4d4&0&0000.
System  Warning  212  2015-08-21 00:25:10  SYSTEM  Microsoft-Windows-Kernel-PnP  219: The driver \Driver\WudfRd failed to load for the device HID\Vid_8086&Pid_0001\6&14ee8579&0&0000.
System  Warning  212  2015-08-21 00:25:10  SYSTEM  Microsoft-Windows-Kernel-PnP  219: The driver \Driver\WUDFRd failed to load for the device HID\Vid_8086&Pid_0002\6&39116f9a&0&0000.
System  Warning  212  2015-08-21 00:25:10  SYSTEM  Microsoft-Windows-Kernel-PnP  219: The driver \Driver\WUDFRd failed to load for the device HID\Vid_8086&Pid_8002\6&797b031&0&0000.
System  Error  None  2015-08-21 00:25:18    EventLog  6008: The previous system shutdown at 8:17:39 PM on ?8/?16/?2015 was unexpected.
System  Error  None  2015-08-21 00:25:18    BugCheck  1001: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xffffe0019adfec20, 0xffffd0018ee5bad0, 0xffffe0019b526b80). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082015-11031-01.
System  Warning  None  2015-08-21 00:25:19  LOCAL SERVICE  Microsoft-Windows-Time-Service  134: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
System  Warning  None  2015-08-21 00:25:20  LOCAL SERVICE  Microsoft-Windows-Time-Service  134: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
System  Error  None  2015-08-21 01:27:01    Service Control Manager  7031: The Sync Host_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
System  Error  None  2015-08-21 01:27:01    Service Control Manager  7031: The Contact Data_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
System  Error  None  2015-08-21 01:27:01    Service Control Manager  7031: The User Data Storage_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
System  Error  None  2015-08-21 01:27:01    Service Control Manager  7031: The User Data Access_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
System  Error  None  2015-08-21 01:27:11    Service Control Manager  7032: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_Session2 service, but this action failed with the following error: %%1056
System  Error  None  2015-08-21 01:27:11    Service Control Manager  7009: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_Session2 service to connect.
System  Error  None  2015-08-21 01:27:11    Service Control Manager  7009: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_Session2 service to connect.
System  Warning  None  2015-08-21 01:28:17  SYSTEM  Microsoft-Windows-WLAN-AutoConfig  10002: WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll
System  Warning  None  2015-08-21 01:28:40    ISH  1: Incorrect function.
System  Warning  212  2015-08-21 01:28:46  SYSTEM  Microsoft-Windows-Kernel-PnP  219: The driver \Driver\WudfRd failed to load for the device HID\Vid_8086&Pid_0001\6&2b15ee36&0&0000.
System  Warning  212  2015-08-21 01:28:46  SYSTEM  Microsoft-Windows-Kernel-PnP  219: The driver \Driver\WudfRd failed to load for the device HID\Vid_8086&Pid_0001\6&234d4d4&0&0000.
System  Warning  212  2015-08-21 01:28:46  SYSTEM  Microsoft-Windows-Kernel-PnP  219: The driver \Driver\WudfRd failed to load for the device HID\Vid_8086&Pid_0001\6&14ee8579&0&0000.
System  Warning  212  2015-08-21 01:28:46  SYSTEM  Microsoft-Windows-Kernel-PnP  219: The driver \Driver\WUDFRd failed to load for the device HID\Vid_8086&Pid_0002\6&39116f9a&0&0000.
System  Warning  212  2015-08-21 01:28:46  SYSTEM  Microsoft-Windows-Kernel-PnP  219: The driver \Driver\WUDFRd failed to load for the device HID\Vid_8086&Pid_8002\6&797b031&0&0000.
System  Warning  None  2015-08-21 01:51:47    Display  4101: Display driver igfxLP stopped responding and has successfully recovered.
System  Warning  None  2015-08-21 01:52:21    Display  4101: Display driver igfxLP stopped responding and has successfully recovered.
System  Warning  None  2015-08-21 02:12:10    Display  4101: Display driver igfxLP stopped responding and has successfully recovered.
System  Error  None  2015-08-21 02:19:59  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:19:59  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:19:59  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:19:59  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:01  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:03  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:03  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:03  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:04  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:05  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:05  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:05  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:05  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:05  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:06  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:08  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:08  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:09  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:09  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:09  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:09  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:10  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:10  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:10  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:10  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:10  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:11  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:11  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:11  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:11  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:12  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:12  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:12  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:12  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:13  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:13  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:13  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:13  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:13  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:14  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:14  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:14  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:14  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:15  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:15  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:15  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:15  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:15  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:16  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:16  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:16  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:16  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:17  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:17  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:17  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:17  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:18  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:18  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:18  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:18  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:37  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:38  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:38  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:38  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:39  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:39  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:39  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:39  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:40  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:40  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:43  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:43  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:43  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:43  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:43  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:44  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:44  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:44  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:44  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:45  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:45  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:45  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:45  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:46  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:46  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:46  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:46  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:47  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:47  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:47  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:47  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:48  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:48  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:48  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:48  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:48  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:49  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:49  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:49  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:49  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:50  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:50  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:50  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:50  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:51  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:51  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:51  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:51  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:52  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:52  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:52  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:52  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:52  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:53  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:53  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:53  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:53  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:54  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:54  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:54  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:54  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:55  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:55  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:55  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:55  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:55  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:56  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:56  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:56  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:56  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:57  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:57  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:57  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:58  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:58  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:58  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:59  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:59  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:20:59  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:21:00  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:21:00  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:21:00  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:21:03  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:21:03  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:21:03  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:21:03  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:21:04  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:21:04  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:21:04  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:21:04  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:21:05  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:21:05  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:21:05  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:21:05  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:21:05  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:21:06  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:21:06  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:21:06  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:21:06  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:21:07  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:21:07  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:21:07  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:21:07  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 02:24:11  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 07:25:56  SYSTEM  DCOM  10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System  Warning  None  2015-08-21 11:57:09    Display  4101: Display driver igfxLP stopped responding and has successfully recovered.
System  Error  None  2015-08-21 12:09:48  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:48  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:48  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:48  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:49  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:49  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:49  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:49  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:49  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:50  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:50  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:50  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:50  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:51  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:51  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:51  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:51  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:51  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:52  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:52  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:52  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:52  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:53  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:53  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:53  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:53  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:54  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:54  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:54  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:54  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:54  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:55  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:55  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:55  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:55  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:56  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:56  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:56  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:56  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:56  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:57  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:57  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:57  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:57  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:58  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:58  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:58  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:58  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:59  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:59  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:59  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:09:59  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:00  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:00  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:00  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:00  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:00  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:01  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:01  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:01  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:01  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:02  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:02  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:02  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:02  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:03  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:03  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:03  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:03  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:04  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:04  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:04  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:04  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:05  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:05  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:05  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:05  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:05  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:06  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:06  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:06  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 12:10:06  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 16:48:04  SYSTEM  DCOM  10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 17:09:57  SYSTEM  DCOM  10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 21:52:48  SYSTEM  DCOM  10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System  Error  None  2015-08-21 22:12:28  SYSTEM  DCOM  10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System  Error  None  2015-08-22 01:29:40  NETWORK SERVICE  DCOM  10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
System  Error  None  2015-08-22 01:44:51  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-22 01:44:59  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-22 01:44:59  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-22 01:44:59  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-22 01:44:59  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-22 01:45:00  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-22 01:45:02  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-22 01:45:02  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-22 01:45:03  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-22 01:45:03  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-22 01:45:03  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-22 01:45:03  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-22 01:45:04  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-22 01:45:04  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-22 01:45:06  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-22 01:45:08  galff  DCOM  10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System  Error  None  2015-08-22 13:14:46    Service Control Manager  7023: The Data Sharing Service service terminated with the following error: %%3239247876
System  Error  None  2015-08-22 13:19:46    Service Control Manager  7023: The Data Sharing Service service terminated with the following error: %%3239247876
System  Error  None  2015-08-22 13:19:46    Service Control Manager  7023: The Data Sharing Service service terminated with the following error: %%3239247876
System  Error  None  2015-08-22 13:19:46    Service Control Manager  7023: The Data Sharing Service service terminated with the following error: %%3239247876
System  Error  None  2015-08-22 13:46:17  SYSTEM  DCOM  10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System  Error  None  2015-08-22 13:47:52  SYSTEM  DCOM  10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System  Error  None  2015-08-22 14:30:43  SYSTEM  DCOM  10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System  Error  None  2015-08-22 14:32:18  SYSTEM  DCOM  10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System  Error  None  2015-08-22 15:15:08  SYSTEM  DCOM  10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System  Error  None  2015-08-22 15:16:43  SYSTEM  DCOM  10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System  Error  None  2015-08-22 15:31:54  SYSTEM  DCOM  10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System  Error  None  2015-08-23 13:21:59  NETWORK SERVICE  DCOM  10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
System  Error  None  2015-08-23 18:30:18  SYSTEM  DCOM  10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System  Error  None  2015-08-23 23:36:52  SYSTEM  DCOM  10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System  Error  None  2015-08-24 04:39:42  SYSTEM  DCOM  10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System  Error  None  2015-08-25 04:30:24  SYSTEM  DCOM  10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System  Warning  None  2015-08-26 23:40:43    HID_PCI  4: The system cannot open the file.
System  Warning  None  2015-08-26 23:40:43    HID_PCI  4: The system cannot open the file.
System  Warning  None  2015-08-26 23:40:43    HID_PCI  4: The system cannot open the file.
System  Warning  None  2015-08-26 23:40:43    HID_PCI  4: The system cannot open the file.
System  Warning  None  2015-08-26 23:40:43    HID_PCI  4: The system cannot open the file.
System  Error  None  2015-08-27 16:42:07  SYSTEM  Microsoft-Windows-Kernel-Boot  16: The directory cannot be removed.
System  Warning  None  2015-08-27 16:42:26    ISH  1: Incorrect function.
System  Warning  212  2015-08-27 16:42:27  SYSTEM  Microsoft-Windows-Kernel-PnP  219: The driver \Driver\WudfRd failed to load for the device HID\Vid_8086&Pid_0001\6&2b15ee36&0&0000.
System  Warning  212  2015-08-27 16:42:27  SYSTEM  Microsoft-Windows-Kernel-PnP  219: The driver \Driver\WudfRd failed to load for the device HID\Vid_8086&Pid_0001\6&234d4d4&0&0000.
System  Warning  212  2015-08-27 16:42:27  SYSTEM  Microsoft-Windows-Kernel-PnP  219: The driver \Driver\WudfRd failed to load for the device HID\Vid_8086&Pid_0001\6&14ee8579&0&0000.
System  Warning  212  2015-08-27 16:42:27  SYSTEM  Microsoft-Windows-Kernel-PnP  219: The driver \Driver\WUDFRd failed to load for the device HID\Vid_8086&Pid_0002\6&39116f9a&0&0000.
System  Warning  212  2015-08-27 16:42:27  SYSTEM  Microsoft-Windows-Kernel-PnP  219: The driver \Driver\WUDFRd failed to load for the device HID\Vid_8086&Pid_8002\6&797b031&0&0000.
System  Error  None  2015-08-27 16:42:34    EventLog  6008: The previous system shutdown at 22:04:39 on ?26/?08/?2015 was unexpected.
System  Error  None  2015-08-27 16:42:39    BugCheck  1001: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xffffe000d28e6a00, 0xfffff802308e3ad0, 0xffffe000d2f2a010). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082715-28140-01.
System  Error  None  2015-08-27 16:44:04  NETWORK SERVICE  DCOM  10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
System  Error  None  2015-08-27 16:44:32  LOCAL SERVICE  DCOM  10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Database Software

 
Database Drivers:
Borland Database Engine  -
Borland InterBase Client  -
Easysoft ODBC-InterBase 6  -
Easysoft ODBC-InterBase 7  -
Firebird Client  -
Jet Engine  4.00.9765.0
MDAC  10.0.10240.16384 (th1.150709-1700)
ODBC  10.0.10240.16384 (th1.150709-1700)
MySQL Connector/ODBC  -
Oracle Client  -
PsqlODBC  -
Sybase ASE ODBC  -
 
Database Servers:
Borland InterBase Server  -
Firebird Server  -
Microsoft SQL Server  -
Microsoft SQL Server Compact Edition  -
Microsoft SQL Server Express Edition  -
MySQL Server  -
Oracle Server  -
PostgreSQL Server  -
Sybase SQL Server  -


ODBC Drivers

 
Driver Description  File Name  Version  File Extensions Supported
Driver da Microsoft para arquivos texto (*.txt; *.csv)  odbcjt32.dll  10.0.10240.16384 (th1.150709-1700)  *.,*.asc,*.csv,*.tab,*.txt,*.csv
Driver do Microsoft Access (*.mdb)  odbcjt32.dll  10.0.10240.16384 (th1.150709-1700)  *.mdb
Driver do Microsoft dBase (*.dbf)  odbcjt32.dll  10.0.10240.16384 (th1.150709-1700)  *.dbf,*.ndx,*.mdx
Driver do Microsoft Excel(*.xls)  odbcjt32.dll  10.0.10240.16384 (th1.150709-1700)  *.xls
Driver do Microsoft Paradox (*.db )  odbcjt32.dll  10.0.10240.16384 (th1.150709-1700)  *.db
Microsoft Access Driver (*.mdb)  odbcjt32.dll  10.0.10240.16384 (th1.150709-1700)  *.mdb
Microsoft Access-Treiber (*.mdb)  odbcjt32.dll  10.0.10240.16384 (th1.150709-1700)  *.mdb
Microsoft dBase Driver (*.dbf)  odbcjt32.dll  10.0.10240.16384 (th1.150709-1700)  *.dbf,*.ndx,*.mdx
Microsoft dBase-Treiber (*.dbf)  odbcjt32.dll  10.0.10240.16384 (th1.150709-1700)  *.dbf,*.ndx,*.mdx
Microsoft Excel Driver (*.xls)  odbcjt32.dll  10.0.10240.16384 (th1.150709-1700)  *.xls
Microsoft Excel-Treiber (*.xls)  odbcjt32.dll  10.0.10240.16384 (th1.150709-1700)  *.xls
Microsoft ODBC for Oracle  msorcl32.dll  10.0.10240.16384 (th1.150709-1700)  
Microsoft Paradox Driver (*.db )  odbcjt32.dll  10.0.10240.16384 (th1.150709-1700)  *.db
Microsoft Paradox-Treiber (*.db )  odbcjt32.dll  10.0.10240.16384 (th1.150709-1700)  *.db
Microsoft Text Driver (*.txt; *.csv)  odbcjt32.dll  10.0.10240.16384 (th1.150709-1700)  *.,*.asc,*.csv,*.tab,*.txt,*.csv
Microsoft Text-Treiber (*.txt; *.csv)  odbcjt32.dll  10.0.10240.16384 (th1.150709-1700)  *.,*.asc,*.csv,*.tab,*.txt,*.csv
SQL Server  sqlsrv32.dll  10.0.10240.16384 (th1.150709-1700)  


Memory Read

 
CPU  CPU Clock  Motherboard  Chipset  Memory  CL-RCD-RP-RAS  Read Speed
20x Xeon E5-2660 v3 HT  2600 MHz  Supermicro X10DRi  C612  Octal DDR4-1866  13-13-13-31 CR1  111449 MB/s
16x Xeon E5-2670 HT  2600 MHz  Supermicro X9DR6-F  C600  Octal DDR3-1333  9-9-9-24 CR1  77243 MB/s
32x Opteron 6274  2200 MHz  Supermicro H8DGI-F  SR5690  Octal DDR3-1600R  11-11-11-28 CR1  67619 MB/s
6x Core i7-4930K HT  3400 MHz  Gigabyte GA-X79-UD3  X79  Quad DDR3-1866  9-10-9-27 CR2  52396 MB/s
6x Core i7-3960X Extreme HT  3300 MHz  Intel DX79SI  X79  Quad DDR3-1600  9-9-9-24 CR2  45162 MB/s
6x Core i7-5820K HT  3300 MHz  Gigabyte GA-X99-UD4  X99  Quad DDR4-2133  15-15-15-36 CR2  42431 MB/s
8x Xeon X5550 HT  2666 MHz  Supermicro X8DTN+  i5520  Hexa DDR3-1333  9-9-9-24 CR1  37831 MB/s
8x FX-8150  3600 MHz  Asus M5A97  AMD970  Dual DDR3-1866  9-10-9-27 CR2  26428 MB/s
8x FX-8350  4000 MHz  Asus M5A99X Evo R2.0  AMD990X  Dual DDR3-1866  9-10-9-27 CR2  26020 MB/s
4x Core i7-3770K HT  3500 MHz  MSI Z77A-GD55  Z77 Int.  Dual DDR3-1600  9-9-9-24 CR2  23559 MB/s
4x Core i7-4770 HT  3400 MHz  Intel DZ87KLT-75K  Z87 Int.  Dual DDR3-1600  9-9-9-27 CR2  23218 MB/s
4x Xeon E3-1245 v3 HT  3400 MHz  Supermicro X10SAE  C226 Int.  Dual DDR3-1600  11-11-11-28 CR1  23157 MB/s
8x Atom C2750  2400 MHz  Supermicro A1SAi-2750F  Avoton  Dual DDR3-1600  11-11-11-28 CR1  21726 MB/s
4x A10-5800K  3800 MHz  Asus F2A55-M  A55 Int.  Dual DDR3-1866  9-10-9-27 CR2  21404 MB/s
4x A10-6800K  4100 MHz  Gigabyte GA-F2A85X-UP4  A85X Int.  Dual DDR3-2133  9-11-10-27 CR2  21284 MB/s
4x Core i7-965 Extreme HT  3200 MHz  Asus P6T Deluxe  X58  Triple DDR3-1333  9-9-9-24 CR1  21210 MB/s
6x Core i7-990X Extreme HT  3466 MHz  Intel DX58SO2  X58  Triple DDR3-1333  9-9-9-24 CR1  21110 MB/s
4x A10-7850K  3700 MHz  Gigabyte GA-F2A88XM-D3H  A88X Int.  Dual DDR3-2133  9-11-10-31 CR2  21006 MB/s
12x Opteron 2431  2400 MHz  Supermicro H8DI3+-F  SR5690  Unganged Quad DDR2-800R  6-6-6-18 CR1  19763 MB/s
4x Core i7-2600 HT  3400 MHz  Asus P8P67  P67  Dual DDR3-1333  9-9-9-24 CR1  19552 MB/s
8x Opteron 2378  2400 MHz  Tyan Thunder n3600R  nForcePro-3600  Unganged Quad DDR2-800R  6-6-6-18 CR1  18834 MB/s
4x Xeon X3430  2400 MHz  Supermicro X8SIL-F  i3420  Dual DDR3-1333  9-9-9-24 CR1  17639 MB/s
4x A8-3850  2900 MHz  Gigabyte GA-A75M-UD2H  A75 Int.  Dual DDR3-1333  9-9-9-24 CR1  16638 MB/s
6x Phenom II X6 Black 1100T  3300 MHz  Gigabyte GA-890GPA-UD3H v2  AMD890GX Int.  Unganged Dual DDR3-1333  9-9-9-24 CR2  14730 MB/s
Celeron J1900  2000 MHz  Gigabyte GA-J1900N-D3V  BayTrailD Int.  Dual DDR3-1333  9-9-9-24 CR1  13453 MB/s
8x Opteron 2344 HE  1700 MHz  Supermicro H8DME-2  nForcePro-3600  Unganged Quad DDR2-667R  5-5-5-15 CR1  13118 MB/s
4x Opteron 2210 HE  1800 MHz  Tyan Thunder h2000M  BCM5785  Quad DDR2-600R  5-5-5-15 CR1  11534 MB/s
2x Core i5-650 HT  3200 MHz  Supermicro C7SIM-Q  Q57 Int.  Dual DDR3-1333  9-9-9-24 CR1  11178 MB/s
4x Atom x5-Z8500  2233 MHz  ASUSTeK COMPUTER INC. T100HAN  CherryTrail Int.  Dual DDR3-1600  12-15-20-34 CR1  10129 MB/s
4x Phenom II X4 Black 940  3000 MHz  Asus M3N78-EM  GeForce8300 Int.  Ganged Dual DDR2-800  5-5-5-18 CR2  10112 MB/s
2x Athlon64 X2 Black 6400+  3200 MHz  MSI K9N SLI Platinum  nForce570SLI  Dual DDR2-800  4-4-4-11 CR1  9714 MB/s
4x Core 2 Extreme QX9650  3000 MHz  Gigabyte GA-EP35C-DS3R  P35  Dual DDR3-1066  8-8-8-20 CR2  9037 MB/s
4x Athlon 5350  2050 MHz  ASRock AM1B-ITX  Yangtze Int.  DDR3-1600 SDRAM  11-11-11-28 CR2  8716 MB/s
4x Phenom X4 9500  2200 MHz  Asus M3A  AMD770  Ganged Dual DDR2-800  5-5-5-18 CR2  8709 MB/s
2x Opteron 240  1400 MHz  MSI K8D Master3-133 FS  AMD8100  Quad DDR400R  3-4-4-8 CR1  8366 MB/s
2x Pentium EE 955 HT  3466 MHz  Intel D955XBK  i955X  Dual DDR2-667  4-4-4-11  8096 MB/s
P4EE HT  3733 MHz  Intel SE7230NH1LX  iE7230  Dual DDR2-667  5-5-5-15  7965 MB/s
8x Xeon E5462  2800 MHz  Intel S5400SF  i5400  Quad DDR2-640FB  5-5-5-15  7646 MB/s
2x Core 2 Extreme X6800  2933 MHz  Abit AB9  P965  Dual DDR2-800  5-5-5-18 CR2  7627 MB/s
2x Athlon64 X2 4000+  2100 MHz  ASRock ALiveNF7G-HDready  nForce7050-630a Int.  Dual DDR2-700  5-5-5-18 CR2  7616 MB/s
2x Core 2 Duo P8400  2266 MHz  MSI MegaBook PR201  GM45 Int.  Dual DDR2-667  5-5-5-15  6989 MB/s
4x Core 2 Extreme QX6700  2666 MHz  Intel D975XBX2  i975X  Dual DDR2-667  5-5-5-15  6593 MB/s
Nano X2 L4350  1600 MHz  VIA EPIA-M900  VX900H Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  6414 MB/s
2x Pentium D 820  2800 MHz  Abit Fatal1ty F-I90HD  RS600 Int.  Dual DDR2-800  5-5-5-18 CR2  6206 MB/s
2x Atom D2500  1866 MHz  Intel D2500CC  NM10 Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  6104 MB/s
2x E-350  1600 MHz  ASRock E350M1  A50M Int.  DDR3-1066 SDRAM  8-8-8-20 CR1  6082 MB/s
Athlon64 3200+  2000 MHz  ASRock 939S56-M  SiS756  Dual DDR400  2.5-3-3-8 CR2  6009 MB/s
Celeron 420  1600 MHz  Intel DQ965GF  Q965 Int.  Dual DDR2-667  5-5-5-15  5353 MB/s
2x Xeon HT  3400 MHz  Intel SE7320SP2  iE7320  Dual DDR333R  2.5-3-3-7  4539 MB/s
Celeron D 326  2533 MHz  ASRock 775Twins-HDTV  RC410 Ext.  DDR2-533 SDRAM  4-4-4-11  3967 MB/s
Opteron 248  2200 MHz  MSI K8T Master1-FAR  K8T800  Dual DDR266R  2-3-3-6 CR1  3907 MB/s
8x Xeon L5320  1866 MHz  Intel S5000VCL  i5000V  Dual DDR2-533FB  4-4-4-12  3672 MB/s
Atom 230 HT  1600 MHz  Intel D945GCLF  i945GC Int.  DDR2-533 SDRAM  4-4-4-12  3593 MB/s
Nano L2200  1600 MHz  VIA VB8001  CN896 Int.  DDR2-667 SDRAM  5-5-5-15 CR2  3362 MB/s
4x Xeon 5140  2333 MHz  Intel S5000VSA  i5000V  Dual DDR2-667FB  5-5-5-15  3323 MB/s
Sempron 2600+  1600 MHz  ASRock K8NF4G-SATA2  GeForce6100 Int.  DDR400 SDRAM  2.5-3-3-8 CR2  2919 MB/s


Memory Write

 
CPU  CPU Clock  Motherboard  Chipset  Memory  CL-RCD-RP-RAS  Write Speed
20x Xeon E5-2660 v3 HT  2600 MHz  Supermicro X10DRi  C612  Octal DDR4-1866  13-13-13-31 CR1  93980 MB/s
16x Xeon E5-2670 HT  2600 MHz  Supermicro X9DR6-F  C600  Octal DDR3-1333  9-9-9-24 CR1  77060 MB/s
32x Opteron 6274  2200 MHz  Supermicro H8DGI-F  SR5690  Octal DDR3-1600R  11-11-11-28 CR1  57844 MB/s
6x Core i7-4930K HT  3400 MHz  Gigabyte GA-X79-UD3  X79  Quad DDR3-1866  9-10-9-27 CR2  52243 MB/s
6x Core i7-3960X Extreme HT  3300 MHz  Intel DX79SI  X79  Quad DDR3-1600  9-9-9-24 CR2  45588 MB/s
6x Core i7-5820K HT  3300 MHz  Gigabyte GA-X99-UD4  X99  Quad DDR4-2133  15-15-15-36 CR2  45249 MB/s
8x Xeon X5550 HT  2666 MHz  Supermicro X8DTN+  i5520  Hexa DDR3-1333  9-9-9-24 CR1  27392 MB/s
4x Core i7-3770K HT  3500 MHz  MSI Z77A-GD55  Z77 Int.  Dual DDR3-1600  9-9-9-24 CR2  24093 MB/s
4x Core i7-4770 HT  3400 MHz  Intel DZ87KLT-75K  Z87 Int.  Dual DDR3-1600  9-9-9-27 CR2  23672 MB/s
4x Xeon E3-1245 v3 HT  3400 MHz  Supermicro X10SAE  C226 Int.  Dual DDR3-1600  11-11-11-28 CR1  23649 MB/s
4x Core i7-2600 HT  3400 MHz  Asus P8P67  P67  Dual DDR3-1333  9-9-9-24 CR1  19528 MB/s
8x FX-8150  3600 MHz  Asus M5A97  AMD970  Dual DDR3-1866  9-10-9-27 CR2  18063 MB/s
8x FX-8350  4000 MHz  Asus M5A99X Evo R2.0  AMD990X  Dual DDR3-1866  9-10-9-27 CR2  17607 MB/s
4x Core i7-965 Extreme HT  3200 MHz  Asus P6T Deluxe  X58  Triple DDR3-1333  9-9-9-24 CR1  17088 MB/s
6x Core i7-990X Extreme HT  3466 MHz  Intel DX58SO2  X58  Triple DDR3-1333  9-9-9-24 CR1  16673 MB/s
4x A8-3850  2900 MHz  Gigabyte GA-A75M-UD2H  A75 Int.  Dual DDR3-1333  9-9-9-24 CR1  14866 MB/s
12x Opteron 2431  2400 MHz  Supermicro H8DI3+-F  SR5690  Unganged Quad DDR2-800R  6-6-6-18 CR1  14492 MB/s
4x Xeon X3430  2400 MHz  Supermicro X8SIL-F  i3420  Dual DDR3-1333  9-9-9-24 CR1  13215 MB/s
8x Opteron 2378  2400 MHz  Tyan Thunder n3600R  nForcePro-3600  Unganged Quad DDR2-800R  6-6-6-18 CR1  12776 MB/s
8x Atom C2750  2400 MHz  Supermicro A1SAi-2750F  Avoton  Dual DDR3-1600  11-11-11-28 CR1  12328 MB/s
4x A10-7850K  3700 MHz  Gigabyte GA-F2A88XM-D3H  A88X Int.  Dual DDR3-2133  9-11-10-31 CR2  11995 MB/s
4x A10-6800K  4100 MHz  Gigabyte GA-F2A85X-UP4  A85X Int.  Dual DDR3-2133  9-11-10-27 CR2  10777 MB/s
4x Atom x5-Z8500  2233 MHz  ASUSTeK COMPUTER INC. T100HAN  CherryTrail Int.  Dual DDR3-1600  12-15-20-34 CR1  10221 MB/s
Celeron J1900  2000 MHz  Gigabyte GA-J1900N-D3V  BayTrailD Int.  Dual DDR3-1333  9-9-9-24 CR1  10154 MB/s
4x A10-5800K  3800 MHz  Asus F2A55-M  A55 Int.  Dual DDR3-1866  9-10-9-27 CR2  9970 MB/s
2x Core i5-650 HT  3200 MHz  Supermicro C7SIM-Q  Q57 Int.  Dual DDR3-1333  9-9-9-24 CR1  9937 MB/s
2x Athlon64 X2 Black 6400+  3200 MHz  MSI K9N SLI Platinum  nForce570SLI  Dual DDR2-800  4-4-4-11 CR1  8869 MB/s
8x Opteron 2344 HE  1700 MHz  Supermicro H8DME-2  nForcePro-3600  Unganged Quad DDR2-667R  5-5-5-15 CR1  8662 MB/s
Nano X2 L4350  1600 MHz  VIA EPIA-M900  VX900H Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  7913 MB/s
4x Opteron 2210 HE  1800 MHz  Tyan Thunder h2000M  BCM5785  Quad DDR2-600R  5-5-5-15 CR1  7779 MB/s
4x Phenom II X4 Black 940  3000 MHz  Asus M3N78-EM  GeForce8300 Int.  Ganged Dual DDR2-800  5-5-5-18 CR2  7115 MB/s
6x Phenom II X6 Black 1100T  3300 MHz  Gigabyte GA-890GPA-UD3H v2  AMD890GX Int.  Unganged Dual DDR3-1333  9-9-9-24 CR2  7091 MB/s
4x Core 2 Extreme QX9650  3000 MHz  Gigabyte GA-EP35C-DS3R  P35  Dual DDR3-1066  8-8-8-20 CR2  7083 MB/s
8x Xeon E5462  2800 MHz  Intel S5400SF  i5400  Quad DDR2-640FB  5-5-5-15  6733 MB/s
2x Athlon64 X2 4000+  2100 MHz  ASRock ALiveNF7G-HDready  nForce7050-630a Int.  Dual DDR2-700  5-5-5-18 CR2  5762 MB/s
2x Pentium EE 955 HT  3466 MHz  Intel D955XBK  i955X  Dual DDR2-667  4-4-4-11  5654 MB/s
P4EE HT  3733 MHz  Intel SE7230NH1LX  iE7230  Dual DDR2-667  5-5-5-15  5639 MB/s
4x Phenom X4 9500  2200 MHz  Asus M3A  AMD770  Ganged Dual DDR2-800  5-5-5-18 CR2  5504 MB/s
2x Core 2 Duo P8400  2266 MHz  MSI MegaBook PR201  GM45 Int.  Dual DDR2-667  5-5-5-15  5461 MB/s
2x Core 2 Extreme X6800  2933 MHz  Abit AB9  P965  Dual DDR2-800  5-5-5-18 CR2  4869 MB/s
4x Core 2 Extreme QX6700  2666 MHz  Intel D975XBX2  i975X  Dual DDR2-667  5-5-5-15  4856 MB/s
2x Atom D2500  1866 MHz  Intel D2500CC  NM10 Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  4712 MB/s
4x Athlon 5350  2050 MHz  ASRock AM1B-ITX  Yangtze Int.  DDR3-1600 SDRAM  11-11-11-28 CR2  4694 MB/s
2x Pentium D 820  2800 MHz  Abit Fatal1ty F-I90HD  RS600 Int.  Dual DDR2-800  5-5-5-18 CR2  4260 MB/s
2x Xeon HT  3400 MHz  Intel SE7320SP2  iE7320  Dual DDR333R  2.5-3-3-7  4220 MB/s
2x E-350  1600 MHz  ASRock E350M1  A50M Int.  DDR3-1066 SDRAM  8-8-8-20 CR1  4117 MB/s
Athlon64 3200+  2000 MHz  ASRock 939S56-M  SiS756  Dual DDR400  2.5-3-3-8 CR2  4093 MB/s
2x Opteron 240  1400 MHz  MSI K8D Master3-133 FS  AMD8100  Quad DDR400R  3-4-4-8 CR1  4029 MB/s
Opteron 248  2200 MHz  MSI K8T Master1-FAR  K8T800  Dual DDR266R  2-3-3-6 CR1  3800 MB/s
Celeron 420  1600 MHz  Intel DQ965GF  Q965 Int.  Dual DDR2-667  5-5-5-15  3568 MB/s
Nano L2200  1600 MHz  VIA VB8001  CN896 Int.  DDR2-667 SDRAM  5-5-5-15 CR2  3159 MB/s
Atom 230 HT  1600 MHz  Intel D945GCLF  i945GC Int.  DDR2-533 SDRAM  4-4-4-12  2831 MB/s
Celeron D 326  2533 MHz  ASRock 775Twins-HDTV  RC410 Ext.  DDR2-533 SDRAM  4-4-4-11  2796 MB/s
4x Xeon 5140  2333 MHz  Intel S5000VSA  i5000V  Dual DDR2-667FB  5-5-5-15  2474 MB/s
8x Xeon L5320  1866 MHz  Intel S5000VCL  i5000V  Dual DDR2-533FB  4-4-4-12  2348 MB/s
Sempron 2600+  1600 MHz  ASRock K8NF4G-SATA2  GeForce6100 Int.  DDR400 SDRAM  2.5-3-3-8 CR2  2337 MB/s


Memory Copy

 
CPU  CPU Clock  Motherboard  Chipset  Memory  CL-RCD-RP-RAS  Copy Speed
20x Xeon E5-2660 v3 HT  2600 MHz  Supermicro X10DRi  C612  Octal DDR4-1866  13-13-13-31 CR1  104205 MB/s
32x Opteron 6274  2200 MHz  Supermicro H8DGI-F  SR5690  Octal DDR3-1600R  11-11-11-28 CR1  69009 MB/s
16x Xeon E5-2670 HT  2600 MHz  Supermicro X9DR6-F  C600  Octal DDR3-1333  9-9-9-24 CR1  67052 MB/s
6x Core i7-4930K HT  3400 MHz  Gigabyte GA-X79-UD3  X79  Quad DDR3-1866  9-10-9-27 CR2  50043 MB/s
6x Core i7-5820K HT  3300 MHz  Gigabyte GA-X99-UD4  X99  Quad DDR4-2133  15-15-15-36 CR2  44987 MB/s
6x Core i7-3960X Extreme HT  3300 MHz  Intel DX79SI  X79  Quad DDR3-1600  9-9-9-24 CR2  42150 MB/s
8x Xeon X5550 HT  2666 MHz  Supermicro X8DTN+  i5520  Hexa DDR3-1333  9-9-9-24 CR1  34882 MB/s
6x Core i7-990X Extreme HT  3466 MHz  Intel DX58SO2  X58  Triple DDR3-1333  9-9-9-24 CR1  24509 MB/s
8x FX-8150  3600 MHz  Asus M5A97  AMD970  Dual DDR3-1866  9-10-9-27 CR2  23799 MB/s
8x FX-8350  4000 MHz  Asus M5A99X Evo R2.0  AMD990X  Dual DDR3-1866  9-10-9-27 CR2  22896 MB/s
4x Core i7-3770K HT  3500 MHz  MSI Z77A-GD55  Z77 Int.  Dual DDR3-1600  9-9-9-24 CR2  22772 MB/s
4x Xeon E3-1245 v3 HT  3400 MHz  Supermicro X10SAE  C226 Int.  Dual DDR3-1600  11-11-11-28 CR1  21695 MB/s
4x Core i7-965 Extreme HT  3200 MHz  Asus P6T Deluxe  X58  Triple DDR3-1333  9-9-9-24 CR1  21530 MB/s
4x Core i7-4770 HT  3400 MHz  Intel DZ87KLT-75K  Z87 Int.  Dual DDR3-1600  9-9-9-27 CR2  21283 MB/s
4x A10-7850K  3700 MHz  Gigabyte GA-F2A88XM-D3H  A88X Int.  Dual DDR3-2133  9-11-10-31 CR2  20802 MB/s
4x A10-5800K  3800 MHz  Asus F2A55-M  A55 Int.  Dual DDR3-1866  9-10-9-27 CR2  17897 MB/s
4x Core i7-2600 HT  3400 MHz  Asus P8P67  P67  Dual DDR3-1333  9-9-9-24 CR1  17836 MB/s
4x A10-6800K  4100 MHz  Gigabyte GA-F2A85X-UP4  A85X Int.  Dual DDR3-2133  9-11-10-27 CR2  17735 MB/s
8x Opteron 2378  2400 MHz  Tyan Thunder n3600R  nForcePro-3600  Unganged Quad DDR2-800R  6-6-6-18 CR1  17362 MB/s
12x Opteron 2431  2400 MHz  Supermicro H8DI3+-F  SR5690  Unganged Quad DDR2-800R  6-6-6-18 CR1  17174 MB/s
8x Atom C2750  2400 MHz  Supermicro A1SAi-2750F  Avoton  Dual DDR3-1600  11-11-11-28 CR1  16882 MB/s
4x Xeon X3430  2400 MHz  Supermicro X8SIL-F  i3420  Dual DDR3-1333  9-9-9-24 CR1  15347 MB/s
4x A8-3850  2900 MHz  Gigabyte GA-A75M-UD2H  A75 Int.  Dual DDR3-1333  9-9-9-24 CR1  13993 MB/s
2x Core i5-650 HT  3200 MHz  Supermicro C7SIM-Q  Q57 Int.  Dual DDR3-1333  9-9-9-24 CR1  13993 MB/s
6x Phenom II X6 Black 1100T  3300 MHz  Gigabyte GA-890GPA-UD3H v2  AMD890GX Int.  Unganged Dual DDR3-1333  9-9-9-24 CR2  12444 MB/s
8x Opteron 2344 HE  1700 MHz  Supermicro H8DME-2  nForcePro-3600  Unganged Quad DDR2-667R  5-5-5-15 CR1  11945 MB/s
Celeron J1900  2000 MHz  Gigabyte GA-J1900N-D3V  BayTrailD Int.  Dual DDR3-1333  9-9-9-24 CR1  11370 MB/s
4x Atom x5-Z8500  2233 MHz  ASUSTeK COMPUTER INC. T100HAN  CherryTrail Int.  Dual DDR3-1600  12-15-20-34 CR1  10839 MB/s
4x Phenom II X4 Black 940  3000 MHz  Asus M3N78-EM  GeForce8300 Int.  Ganged Dual DDR2-800  5-5-5-18 CR2  9671 MB/s
4x Opteron 2210 HE  1800 MHz  Tyan Thunder h2000M  BCM5785  Quad DDR2-600R  5-5-5-15 CR1  9468 MB/s
2x Athlon64 X2 Black 6400+  3200 MHz  MSI K9N SLI Platinum  nForce570SLI  Dual DDR2-800  4-4-4-11 CR1  9054 MB/s
8x Xeon E5462  2800 MHz  Intel S5400SF  i5400  Quad DDR2-640FB  5-5-5-15  8216 MB/s
4x Phenom X4 9500  2200 MHz  Asus M3A  AMD770  Ganged Dual DDR2-800  5-5-5-18 CR2  7792 MB/s
4x Athlon 5350  2050 MHz  ASRock AM1B-ITX  Yangtze Int.  DDR3-1600 SDRAM  11-11-11-28 CR2  7740 MB/s
4x Core 2 Extreme QX9650  3000 MHz  Gigabyte GA-EP35C-DS3R  P35  Dual DDR3-1066  8-8-8-20 CR2  7403 MB/s
2x Athlon64 X2 4000+  2100 MHz  ASRock ALiveNF7G-HDready  nForce7050-630a Int.  Dual DDR2-700  5-5-5-18 CR2  6881 MB/s
2x Opteron 240  1400 MHz  MSI K8D Master3-133 FS  AMD8100  Quad DDR400R  3-4-4-8 CR1  6774 MB/s
2x Pentium EE 955 HT  3466 MHz  Intel D955XBK  i955X  Dual DDR2-667  4-4-4-11  6282 MB/s
P4EE HT  3733 MHz  Intel SE7230NH1LX  iE7230  Dual DDR2-667  5-5-5-15  6139 MB/s
Nano X2 L4350  1600 MHz  VIA EPIA-M900  VX900H Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  5921 MB/s
2x Core 2 Duo P8400  2266 MHz  MSI MegaBook PR201  GM45 Int.  Dual DDR2-667  5-5-5-15  5551 MB/s
2x Core 2 Extreme X6800  2933 MHz  Abit AB9  P965  Dual DDR2-800  5-5-5-18 CR2  5396 MB/s
4x Core 2 Extreme QX6700  2666 MHz  Intel D975XBX2  i975X  Dual DDR2-667  5-5-5-15  5284 MB/s
2x E-350  1600 MHz  ASRock E350M1  A50M Int.  DDR3-1066 SDRAM  8-8-8-20 CR1  4951 MB/s
2x Pentium D 820  2800 MHz  Abit Fatal1ty F-I90HD  RS600 Int.  Dual DDR2-800  5-5-5-18 CR2  4891 MB/s
2x Atom D2500  1866 MHz  Intel D2500CC  NM10 Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  4764 MB/s
Athlon64 3200+  2000 MHz  ASRock 939S56-M  SiS756  Dual DDR400  2.5-3-3-8 CR2  4572 MB/s
2x Xeon HT  3400 MHz  Intel SE7320SP2  iE7320  Dual DDR333R  2.5-3-3-7  4213 MB/s
Celeron 420  1600 MHz  Intel DQ965GF  Q965 Int.  Dual DDR2-667  5-5-5-15  4195 MB/s
Opteron 248  2200 MHz  MSI K8T Master1-FAR  K8T800  Dual DDR266R  2-3-3-6 CR1  3673 MB/s
Nano L2200  1600 MHz  VIA VB8001  CN896 Int.  DDR2-667 SDRAM  5-5-5-15 CR2  3270 MB/s
Celeron D 326  2533 MHz  ASRock 775Twins-HDTV  RC410 Ext.  DDR2-533 SDRAM  4-4-4-11  3147 MB/s
Atom 230 HT  1600 MHz  Intel D945GCLF  i945GC Int.  DDR2-533 SDRAM  4-4-4-12  3051 MB/s
4x Xeon 5140  2333 MHz  Intel S5000VSA  i5000V  Dual DDR2-667FB  5-5-5-15  3009 MB/s
8x Xeon L5320  1866 MHz  Intel S5000VCL  i5000V  Dual DDR2-533FB  4-4-4-12  2987 MB/s
Sempron 2600+  1600 MHz  ASRock K8NF4G-SATA2  GeForce6100 Int.  DDR400 SDRAM  2.5-3-3-8 CR2  2578 MB/s


Memory Latency

 
CPU  CPU Clock  Motherboard  Chipset  Memory  CL-RCD-RP-RAS  Latency
Athlon64 X2 Black 6400+  3200 MHz  MSI K9N SLI Platinum  nForce570SLI  Dual DDR2-800  4-4-4-11 CR1  55.2 ns
Core i7-3770K  3500 MHz  MSI Z77A-GD55  Z77 Int.  Dual DDR3-1600  9-9-9-24 CR2  57.5 ns
Xeon E3-1245 v3  3400 MHz  Supermicro X10SAE  C226 Int.  Dual DDR3-1600  11-11-11-28 CR1  57.9 ns
Core i7-4770  3400 MHz  Intel DZ87KLT-75K  Z87 Int.  Dual DDR3-1600  9-9-9-27 CR2  58.3 ns
A10-6800K  4100 MHz  Gigabyte GA-F2A85X-UP4  A85X Int.  Dual DDR3-2133  9-11-10-27 CR2  59.6 ns
FX-8150  3600 MHz  Asus M5A97  AMD970  Dual DDR3-1866  9-10-9-27 CR2  60.3 ns
FX-8350  4000 MHz  Asus M5A99X Evo R2.0  AMD990X  Dual DDR3-1866  9-10-9-27 CR2  61.4 ns
A10-5800K  3800 MHz  Asus F2A55-M  A55 Int.  Dual DDR3-1866  9-10-9-27 CR2  62.0 ns
Core i7-4930K  3400 MHz  Gigabyte GA-X79-UD3  X79  Quad DDR3-1866  9-10-9-27 CR2  62.1 ns
Core i7-965 Extreme  3200 MHz  Asus P6T Deluxe  X58  Triple DDR3-1333  9-9-9-24 CR1  62.9 ns
Core i7-2600  3400 MHz  Asus P8P67  P67  Dual DDR3-1333  9-9-9-24 CR1  66.7 ns
Core i7-990X Extreme  3466 MHz  Intel DX58SO2  X58  Triple DDR3-1333  9-9-9-24 CR1  67.1 ns
Core i7-3960X Extreme  3300 MHz  Intel DX79SI  X79  Quad DDR3-1600  9-9-9-24 CR2  67.5 ns
Xeon X3430  2400 MHz  Supermicro X8SIL-F  i3420  Dual DDR3-1333  9-9-9-24 CR1  69.6 ns
Xeon X5550  2666 MHz  Supermicro X8DTN+  i5520  Hexa DDR3-1333  9-9-9-24 CR1  70.3 ns
Athlon64 3200+  2000 MHz  ASRock 939S56-M  SiS756  Dual DDR400  2.5-3-3-8 CR2  72.4 ns
Phenom II X6 Black 1100T  3300 MHz  Gigabyte GA-890GPA-UD3H v2  AMD890GX Int.  Unganged Dual DDR3-1333  9-9-9-24 CR2  74.1 ns
Phenom II X4 Black 940  3000 MHz  Asus M3N78-EM  GeForce8300 Int.  Ganged Dual DDR2-800  5-5-5-18 CR2  74.2 ns
Core i7-5820K  3300 MHz  Gigabyte GA-X99-UD4  X99  Quad DDR4-2133  15-15-15-36 CR2  74.4 ns
A8-3850  2900 MHz  Gigabyte GA-A75M-UD2H  A75 Int.  Dual DDR3-1333  9-9-9-24 CR1  75.9 ns
Sempron 2600+  1600 MHz  ASRock K8NF4G-SATA2  GeForce6100 Int.  DDR400 SDRAM  2.5-3-3-8 CR2  77.0 ns
Athlon64 X2 4000+  2100 MHz  ASRock ALiveNF7G-HDready  nForce7050-630a Int.  Dual DDR2-700  5-5-5-18 CR2  77.9 ns
Pentium EE 955  3466 MHz  Intel D955XBK  i955X  Dual DDR2-667  4-4-4-11  78.0 ns
Xeon E5-2670  2600 MHz  Supermicro X9DR6-F  C600  Octal DDR3-1333  9-9-9-24 CR1  79.6 ns
A10-7850K  3700 MHz  Gigabyte GA-F2A88XM-D3H  A88X Int.  Dual DDR3-2133  9-11-10-31 CR2  79.6 ns
Core 2 Extreme X6800  2933 MHz  Abit AB9  P965  Dual DDR2-800  5-5-5-18 CR2  79.9 ns
Core 2 Extreme QX6700  2666 MHz  Intel D975XBX2  i975X  Dual DDR2-667  5-5-5-15  81.2 ns
P4EE  3733 MHz  Intel SE7230NH1LX  iE7230  Dual DDR2-667  5-5-5-15  82.4 ns
Xeon E5-2660 v3  2600 MHz  Supermicro X10DRi  C612  Octal DDR4-1866  13-13-13-31 CR1  83.9 ns
Opteron 6274  2200 MHz  Supermicro H8DGI-F  SR5690  Octal DDR3-1600R  11-11-11-28 CR1  87.0 ns
Opteron 248  2200 MHz  MSI K8T Master1-FAR  K8T800  Dual DDR266R  2-3-3-6 CR1  88.2 ns
Atom D2500  1866 MHz  Intel D2500CC  NM10 Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  88.6 ns
Opteron 240  1400 MHz  MSI K8D Master3-133 FS  AMD8100  Quad DDR400R  3-4-4-8 CR1  89.9 ns
Core 2 Extreme QX9650  3000 MHz  Gigabyte GA-EP35C-DS3R  P35  Dual DDR3-1066  8-8-8-20 CR2  91.3 ns
Atom C2750  2400 MHz  Supermicro A1SAi-2750F  Avoton  Dual DDR3-1600  11-11-11-28 CR1  93.2 ns
Celeron J1900  2000 MHz  Gigabyte GA-J1900N-D3V  BayTrailD Int.  Dual DDR3-1333  9-9-9-24 CR1  93.7 ns
Opteron 2378  2400 MHz  Tyan Thunder n3600R  nForcePro-3600  Unganged Quad DDR2-800R  6-6-6-18 CR1  99.1 ns
Celeron 420  1600 MHz  Intel DQ965GF  Q965 Int.  Dual DDR2-667  5-5-5-15  99.5 ns
Core i5-650  3200 MHz  Supermicro C7SIM-Q  Q57 Int.  Dual DDR3-1333  9-9-9-24 CR1  100.3 ns
Core 2 Duo P8400  2266 MHz  MSI MegaBook PR201  GM45 Int.  Dual DDR2-667  5-5-5-15  101.4 ns
Pentium D 820  2800 MHz  Abit Fatal1ty F-I90HD  RS600 Int.  Dual DDR2-800  5-5-5-18 CR2  103.9 ns
Atom 230  1600 MHz  Intel D945GCLF  i945GC Int.  DDR2-533 SDRAM  4-4-4-12  105.7 ns
E-350  1600 MHz  ASRock E350M1  A50M Int.  DDR3-1066 SDRAM  8-8-8-20 CR1  107.0 ns
Opteron 2210 HE  1800 MHz  Tyan Thunder h2000M  BCM5785  Quad DDR2-600R  5-5-5-15 CR1  111.9 ns
Xeon 5140  2333 MHz  Intel S5000VSA  i5000V  Dual DDR2-667FB  5-5-5-15  113.3 ns
Xeon E5462  2800 MHz  Intel S5400SF  i5400  Quad DDR2-640FB  5-5-5-15  114.8 ns
Nano X2 L4350  1600 MHz  VIA EPIA-M900  VX900H Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  120.0 ns
Opteron 2431  2400 MHz  Supermicro H8DI3+-F  SR5690  Unganged Quad DDR2-800R  6-6-6-18 CR1  124.4 ns
Xeon  3400 MHz  Intel SE7320SP2  iE7320  Dual DDR333R  2.5-3-3-7  124.7 ns
Xeon L5320  1866 MHz  Intel S5000VCL  i5000V  Dual DDR2-533FB  4-4-4-12  127.8 ns
Athlon 5350  2050 MHz  ASRock AM1B-ITX  Yangtze Int.  DDR3-1600 SDRAM  11-11-11-28 CR2  128.3 ns
Phenom X4 9500  2200 MHz  Asus M3A  AMD770  Ganged Dual DDR2-800  5-5-5-18 CR2  129.7 ns
Nano L2200  1600 MHz  VIA VB8001  CN896 Int.  DDR2-667 SDRAM  5-5-5-15 CR2  138.4 ns
Celeron D 326  2533 MHz  ASRock 775Twins-HDTV  RC410 Ext.  DDR2-533 SDRAM  4-4-4-11  153.7 ns
Opteron 2344 HE  1700 MHz  Supermicro H8DME-2  nForcePro-3600  Unganged Quad DDR2-667R  5-5-5-15 CR1  159.0 ns
Atom x5-Z8500  2233 MHz  ASUSTeK COMPUTER INC. T100HAN  CherryTrail Int.  Dual DDR3-1600  12-15-20-34 CR1  162.5 ns


CPU Queen

 
CPU  CPU Clock  Motherboard  Chipset  Memory  CL-RCD-RP-RAS  Score
20x Xeon E5-2660 v3 HT  2600 MHz  Supermicro X10DRi  C612  Octal DDR4-1866  13-13-13-31 CR1  147245
16x Xeon E5-2670 HT  2600 MHz  Supermicro X9DR6-F  C600  Octal DDR3-1333  9-9-9-24 CR1  100531
6x Core i7-4930K HT  3400 MHz  Gigabyte GA-X79-UD3  X79  Quad DDR3-1866  9-10-9-27 CR2  62643
6x Core i7-3960X Extreme HT  3300 MHz  Intel DX79SI  X79  Quad DDR3-1600  9-9-9-24 CR2  62484
6x Core i7-5820K HT  3300 MHz  Gigabyte GA-X99-UD4  X99  Quad DDR4-2133  15-15-15-36 CR2  59940
6x Core i7-990X Extreme HT  3466 MHz  Intel DX58SO2  X58  Triple DDR3-1333  9-9-9-24 CR1  56836
32x Opteron 6274  2200 MHz  Supermicro H8DGI-F  SR5690  Octal DDR3-1600R  11-11-11-28 CR1  53879
8x Xeon X5550 HT  2666 MHz  Supermicro X8DTN+  i5520  Hexa DDR3-1333  9-9-9-24 CR1  53544
4x Core i7-4770 HT  3400 MHz  Intel DZ87KLT-75K  Z87 Int.  Dual DDR3-1600  9-9-9-27 CR2  47291
4x Core i7-3770K HT  3500 MHz  MSI Z77A-GD55  Z77 Int.  Dual DDR3-1600  9-9-9-24 CR2  46747
4x Xeon E3-1245 v3 HT  3400 MHz  Supermicro X10SAE  C226 Int.  Dual DDR3-1600  11-11-11-28 CR1  45915
4x Core i7-2600 HT  3400 MHz  Asus P8P67  P67  Dual DDR3-1333  9-9-9-24 CR1  43907
12x Opteron 2431  2400 MHz  Supermicro H8DI3+-F  SR5690  Unganged Quad DDR2-800R  6-6-6-18 CR1  42550
8x Xeon E5462  2800 MHz  Intel S5400SF  i5400  Quad DDR2-640FB  5-5-5-15  41740
4x Core i7-965 Extreme HT  3200 MHz  Asus P6T Deluxe  X58  Triple DDR3-1333  9-9-9-24 CR1  37778
8x FX-8350  4000 MHz  Asus M5A99X Evo R2.0  AMD990X  Dual DDR3-1866  9-10-9-27 CR2  36089
8x Atom C2750  2400 MHz  Supermicro A1SAi-2750F  Avoton  Dual DDR3-1600  11-11-11-28 CR1  34010
6x Phenom II X6 Black 1100T  3300 MHz  Gigabyte GA-890GPA-UD3H v2  AMD890GX Int.  Unganged Dual DDR3-1333  9-9-9-24 CR2  32366
8x FX-8150  3600 MHz  Asus M5A97  AMD970  Dual DDR3-1866  9-10-9-27 CR2  31680
8x Opteron 2378  2400 MHz  Tyan Thunder n3600R  nForcePro-3600  Unganged Quad DDR2-800R  6-6-6-18 CR1  30784
8x Xeon L5320  1866 MHz  Intel S5000VCL  i5000V  Dual DDR2-533FB  4-4-4-12  26997
4x Core 2 Extreme QX9650  3000 MHz  Gigabyte GA-EP35C-DS3R  P35  Dual DDR3-1066  8-8-8-20 CR2  25523
4x A8-3850  2900 MHz  Gigabyte GA-A75M-UD2H  A75 Int.  Dual DDR3-1333  9-9-9-24 CR1  22162
4x Core 2 Extreme QX6700  2666 MHz  Intel D975XBX2  i975X  Dual DDR2-667  5-5-5-15  22013
8x Opteron 2344 HE  1700 MHz  Supermicro H8DME-2  nForcePro-3600  Unganged Quad DDR2-667R  5-5-5-15 CR1  21945
4x Phenom II X4 Black 940  3000 MHz  Asus M3N78-EM  GeForce8300 Int.  Ganged Dual DDR2-800  5-5-5-18 CR2  21896
4x A10-6800K  4100 MHz  Gigabyte GA-F2A85X-UP4  A85X Int.  Dual DDR3-2133  9-11-10-27 CR2  21655
2x Core i5-650 HT  3200 MHz  Supermicro C7SIM-Q  Q57 Int.  Dual DDR3-1333  9-9-9-24 CR1  21434
4x Xeon X3430  2400 MHz  Supermicro X8SIL-F  i3420  Dual DDR3-1333  9-9-9-24 CR1  21225
4x A10-5800K  3800 MHz  Asus F2A55-M  A55 Int.  Dual DDR3-1866  9-10-9-27 CR2  20154
4x A10-7850K  3700 MHz  Gigabyte GA-F2A88XM-D3H  A88X Int.  Dual DDR3-2133  9-11-10-31 CR2  19397
4x Xeon 5140  2333 MHz  Intel S5000VSA  i5000V  Dual DDR2-667FB  5-5-5-15  19226
Celeron J1900  2000 MHz  Gigabyte GA-J1900N-D3V  BayTrailD Int.  Dual DDR3-1333  9-9-9-24 CR1  18012
4x Atom x5-Z8500  2233 MHz  ASUSTeK COMPUTER INC. T100HAN  CherryTrail Int.  Dual DDR3-1600  12-15-20-34 CR1  16788
4x Phenom X4 9500  2200 MHz  Asus M3A  AMD770  Ganged Dual DDR2-800  5-5-5-18 CR2  16094
4x Athlon 5350  2050 MHz  ASRock AM1B-ITX  Yangtze Int.  DDR3-1600 SDRAM  11-11-11-28 CR2  14695
4x Opteron 2210 HE  1800 MHz  Tyan Thunder h2000M  BCM5785  Quad DDR2-600R  5-5-5-15 CR1  12584
2x Core 2 Extreme X6800  2933 MHz  Abit AB9  P965  Dual DDR2-800  5-5-5-18 CR2  12140
2x Athlon64 X2 Black 6400+  3200 MHz  MSI K9N SLI Platinum  nForce570SLI  Dual DDR2-800  4-4-4-11 CR1  11236
2x Core 2 Duo P8400  2266 MHz  MSI MegaBook PR201  GM45 Int.  Dual DDR2-667  5-5-5-15  9614
2x Pentium EE 955 HT  3466 MHz  Intel D955XBK  i955X  Dual DDR2-667  4-4-4-11  7485
2x Xeon HT  3400 MHz  Intel SE7320SP2  iE7320  Dual DDR333R  2.5-3-3-7  7304
2x Athlon64 X2 4000+  2100 MHz  ASRock ALiveNF7G-HDready  nForce7050-630a Int.  Dual DDR2-700  5-5-5-18 CR2  7300
2x Atom D2500  1866 MHz  Intel D2500CC  NM10 Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  5904
Nano X2 L4350  1600 MHz  VIA EPIA-M900  VX900H Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  5452
2x E-350  1600 MHz  ASRock E350M1  A50M Int.  DDR3-1066 SDRAM  8-8-8-20 CR1  5164
2x Opteron 240  1400 MHz  MSI K8D Master3-133 FS  AMD8100  Quad DDR400R  3-4-4-8 CR1  4879
2x Pentium D 820  2800 MHz  Abit Fatal1ty F-I90HD  RS600 Int.  Dual DDR2-800  5-5-5-18 CR2  4086
P4EE HT  3733 MHz  Intel SE7230NH1LX  iE7230  Dual DDR2-667  5-5-5-15  4021
Opteron 248  2200 MHz  MSI K8T Master1-FAR  K8T800  Dual DDR266R  2-3-3-6 CR1  3855
Atom 230 HT  1600 MHz  Intel D945GCLF  i945GC Int.  DDR2-533 SDRAM  4-4-4-12  3791
Athlon64 3200+  2000 MHz  ASRock 939S56-M  SiS756  Dual DDR400  2.5-3-3-8 CR2  3514
Celeron 420  1600 MHz  Intel DQ965GF  Q965 Int.  Dual DDR2-667  5-5-5-15  3301
Sempron 2600+  1600 MHz  ASRock K8NF4G-SATA2  GeForce6100 Int.  DDR400 SDRAM  2.5-3-3-8 CR2  2814
Nano L2200  1600 MHz  VIA VB8001  CN896 Int.  DDR2-667 SDRAM  5-5-5-15 CR2  2586
Celeron D 326  2533 MHz  ASRock 775Twins-HDTV  RC410 Ext.  DDR2-533 SDRAM  4-4-4-11  1839


CPU PhotoWorxx

 
CPU  CPU Clock  Motherboard  Chipset  Memory  CL-RCD-RP-RAS  Score
20x Xeon E5-2660 v3 HT  2600 MHz  Supermicro X10DRi  C612  Octal DDR4-1866  13-13-13-31 CR1  62186 MPixel/s
16x Xeon E5-2670 HT  2600 MHz  Supermicro X9DR6-F  C600  Octal DDR3-1333  9-9-9-24 CR1  38725 MPixel/s
32x Opteron 6274  2200 MHz  Supermicro H8DGI-F  SR5690  Octal DDR3-1600R  11-11-11-28 CR1  35478 MPixel/s
6x Core i7-5820K HT  3300 MHz  Gigabyte GA-X99-UD4  X99  Quad DDR4-2133  15-15-15-36 CR2  25266 MPixel/s
6x Core i7-4930K HT  3400 MHz  Gigabyte GA-X79-UD3  X79  Quad DDR3-1866  9-10-9-27 CR2  23599 MPixel/s
6x Core i7-3960X Extreme HT  3300 MHz  Intel DX79SI  X79  Quad DDR3-1600  9-9-9-24 CR2  22806 MPixel/s
8x Xeon X5550 HT  2666 MHz  Supermicro X8DTN+  i5520  Hexa DDR3-1333  9-9-9-24 CR1  20428 MPixel/s
4x Core i7-3770K HT  3500 MHz  MSI Z77A-GD55  Z77 Int.  Dual DDR3-1600  9-9-9-24 CR2  14178 MPixel/s
4x Xeon E3-1245 v3 HT  3400 MHz  Supermicro X10SAE  C226 Int.  Dual DDR3-1600  11-11-11-28 CR1  14090 MPixel/s
4x Core i7-4770 HT  3400 MHz  Intel DZ87KLT-75K  Z87 Int.  Dual DDR3-1600  9-9-9-27 CR2  14001 MPixel/s
6x Core i7-990X Extreme HT  3466 MHz  Intel DX58SO2  X58  Triple DDR3-1333  9-9-9-24 CR1  12962 MPixel/s
8x FX-8350  4000 MHz  Asus M5A99X Evo R2.0  AMD990X  Dual DDR3-1866  9-10-9-27 CR2  12477 MPixel/s
8x FX-8150  3600 MHz  Asus M5A97  AMD970  Dual DDR3-1866  9-10-9-27 CR2  12457 MPixel/s
4x Core i7-965 Extreme HT  3200 MHz  Asus P6T Deluxe  X58  Triple DDR3-1333  9-9-9-24 CR1  11872 MPixel/s
12x Opteron 2431  2400 MHz  Supermicro H8DI3+-F  SR5690  Unganged Quad DDR2-800R  6-6-6-18 CR1  11495 MPixel/s
4x Core i7-2600 HT  3400 MHz  Asus P8P67  P67  Dual DDR3-1333  9-9-9-24 CR1  11115 MPixel/s
8x Opteron 2378  2400 MHz  Tyan Thunder n3600R  nForcePro-3600  Unganged Quad DDR2-800R  6-6-6-18 CR1  10673 MPixel/s
4x A10-6800K  4100 MHz  Gigabyte GA-F2A85X-UP4  A85X Int.  Dual DDR3-2133  9-11-10-27 CR2  9603 MPixel/s
4x A10-5800K  3800 MHz  Asus F2A55-M  A55 Int.  Dual DDR3-1866  9-10-9-27 CR2  9078 MPixel/s
4x A10-7850K  3700 MHz  Gigabyte GA-F2A88XM-D3H  A88X Int.  Dual DDR3-2133  9-11-10-31 CR2  8913 MPixel/s
8x Atom C2750  2400 MHz  Supermicro A1SAi-2750F  Avoton  Dual DDR3-1600  11-11-11-28 CR1  8886 MPixel/s
4x Xeon X3430  2400 MHz  Supermicro X8SIL-F  i3420  Dual DDR3-1333  9-9-9-24 CR1  8581 MPixel/s
4x A8-3850  2900 MHz  Gigabyte GA-A75M-UD2H  A75 Int.  Dual DDR3-1333  9-9-9-24 CR1  8064 MPixel/s
6x Phenom II X6 Black 1100T  3300 MHz  Gigabyte GA-890GPA-UD3H v2  AMD890GX Int.  Unganged Dual DDR3-1333  9-9-9-24 CR2  6975 MPixel/s
2x Core i5-650 HT  3200 MHz  Supermicro C7SIM-Q  Q57 Int.  Dual DDR3-1333  9-9-9-24 CR1  6862 MPixel/s
8x Opteron 2344 HE  1700 MHz  Supermicro H8DME-2  nForcePro-3600  Unganged Quad DDR2-667R  5-5-5-15 CR1  6131 MPixel/s
4x Phenom II X4 Black 940  3000 MHz  Asus M3N78-EM  GeForce8300 Int.  Ganged Dual DDR2-800  5-5-5-18 CR2  5627 MPixel/s
Celeron J1900  2000 MHz  Gigabyte GA-J1900N-D3V  BayTrailD Int.  Dual DDR3-1333  9-9-9-24 CR1  5276 MPixel/s
8x Xeon E5462  2800 MHz  Intel S5400SF  i5400  Quad DDR2-640FB  5-5-5-15  4730 MPixel/s
4x Atom x5-Z8500  1833 MHz  ASUSTeK COMPUTER INC. T100HAN  CherryTrail Int.  Dual DDR3-1600  12-15-20-34 CR1  4214 MPixel/s
4x Core 2 Extreme QX9650  3000 MHz  Gigabyte GA-EP35C-DS3R  P35  Dual DDR3-1066  8-8-8-20 CR2  4183 MPixel/s
4x Athlon 5350  2050 MHz  ASRock AM1B-ITX  Yangtze Int.  DDR3-1600 SDRAM  11-11-11-28 CR2  4179 MPixel/s
4x Phenom X4 9500  2200 MHz  Asus M3A  AMD770  Ganged Dual DDR2-800  5-5-5-18 CR2  3840 MPixel/s
4x Opteron 2210 HE  1800 MHz  Tyan Thunder h2000M  BCM5785  Quad DDR2-600R  5-5-5-15 CR1  3707 MPixel/s
2x Core 2 Extreme X6800  2933 MHz  Abit AB9  P965  Dual DDR2-800  5-5-5-18 CR2  3462 MPixel/s
2x Core 2 Duo P8400  2266 MHz  MSI MegaBook PR201  GM45 Int.  Dual DDR2-667  5-5-5-15  3041 MPixel/s
2x Athlon64 X2 Black 6400+  3200 MHz  MSI K9N SLI Platinum  nForce570SLI  Dual DDR2-800  4-4-4-11 CR1  3025 MPixel/s
2x Pentium EE 955 HT  3466 MHz  Intel D955XBK  i955X  Dual DDR2-667  4-4-4-11  2926 MPixel/s
4x Core 2 Extreme QX6700  2666 MHz  Intel D975XBX2  i975X  Dual DDR2-667  5-5-5-15  2793 MPixel/s
Nano X2 L4350  1600 MHz  VIA EPIA-M900  VX900H Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  2536 MPixel/s
2x Athlon64 X2 4000+  2100 MHz  ASRock ALiveNF7G-HDready  nForce7050-630a Int.  Dual DDR2-700  5-5-5-18 CR2  2390 MPixel/s
P4EE HT  3733 MHz  Intel SE7230NH1LX  iE7230  Dual DDR2-667  5-5-5-15  2147 MPixel/s
2x E-350  1600 MHz  ASRock E350M1  A50M Int.  DDR3-1066 SDRAM  8-8-8-20 CR1  1936 MPixel/s
8x Xeon L5320  1866 MHz  Intel S5000VCL  i5000V  Dual DDR2-533FB  4-4-4-12  1904 MPixel/s
2x Pentium D 820  2800 MHz  Abit Fatal1ty F-I90HD  RS600 Int.  Dual DDR2-800  5-5-5-18 CR2  1895 MPixel/s
4x Xeon 5140  2333 MHz  Intel S5000VSA  i5000V  Dual DDR2-667FB  5-5-5-15  1864 MPixel/s
Celeron 420  1600 MHz  Intel DQ965GF  Q965 Int.  Dual DDR2-667  5-5-5-15  1852 MPixel/s
2x Opteron 240  1400 MHz  MSI K8D Master3-133 FS  AMD8100  Quad DDR400R  3-4-4-8 CR1  1850 MPixel/s
2x Atom D2500  1866 MHz  Intel D2500CC  NM10 Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  1844 MPixel/s
2x Xeon HT  3400 MHz  Intel SE7320SP2  iE7320  Dual DDR333R  2.5-3-3-7  1676 MPixel/s
Athlon64 3200+  2000 MHz  ASRock 939S56-M  SiS756  Dual DDR400  2.5-3-3-8 CR2  1224 MPixel/s
Nano L2200  1600 MHz  VIA VB8001  CN896 Int.  DDR2-667 SDRAM  5-5-5-15 CR2  1167 MPixel/s
Opteron 248  2200 MHz  MSI K8T Master1-FAR  K8T800  Dual DDR266R  2-3-3-6 CR1  1100 MPixel/s
Atom 230 HT  1600 MHz  Intel D945GCLF  i945GC Int.  DDR2-533 SDRAM  4-4-4-12  1099 MPixel/s
Celeron D 326  2533 MHz  ASRock 775Twins-HDTV  RC410 Ext.  DDR2-533 SDRAM  4-4-4-11  879 MPixel/s
Sempron 2600+  1600 MHz  ASRock K8NF4G-SATA2  GeForce6100 Int.  DDR400 SDRAM  2.5-3-3-8 CR2  826 MPixel/s


CPU ZLib

 
CPU  CPU Clock  Motherboard  Chipset  Memory  CL-RCD-RP-RAS  Score
20x Xeon E5-2660 v3 HT  2600 MHz  Supermicro X10DRi  C612  Octal DDR4-1866  13-13-13-31 CR1  1238.7 MB/s
16x Xeon E5-2670 HT  2600 MHz  Supermicro X9DR6-F  C600  Octal DDR3-1333  9-9-9-24 CR1  975.4 MB/s
32x Opteron 6274  2200 MHz  Supermicro H8DGI-F  SR5690  Octal DDR3-1600R  11-11-11-28 CR1  672.7 MB/s
6x Core i7-4930K HT  3400 MHz  Gigabyte GA-X79-UD3  X79  Quad DDR3-1866  9-10-9-27 CR2  455.0 MB/s
6x Core i7-3960X Extreme HT  3300 MHz  Intel DX79SI  X79  Quad DDR3-1600  9-9-9-24 CR2  444.5 MB/s
6x Core i7-5820K HT  3300 MHz  Gigabyte GA-X99-UD4  X99  Quad DDR4-2133  15-15-15-36 CR2  436.1 MB/s
12x Opteron 2431  2400 MHz  Supermicro H8DI3+-F  SR5690  Unganged Quad DDR2-800R  6-6-6-18 CR1  366.5 MB/s
6x Core i7-990X Extreme HT  3466 MHz  Intel DX58SO2  X58  Triple DDR3-1333  9-9-9-24 CR1  358.7 MB/s
8x Xeon X5550 HT  2666 MHz  Supermicro X8DTN+  i5520  Hexa DDR3-1333  9-9-9-24 CR1  358.1 MB/s
8x FX-8350  4000 MHz  Asus M5A99X Evo R2.0  AMD990X  Dual DDR3-1866  9-10-9-27 CR2  346.1 MB/s
4x Core i7-4770 HT  3400 MHz  Intel DZ87KLT-75K  Z87 Int.  Dual DDR3-1600  9-9-9-27 CR2  320.0 MB/s
4x Core i7-3770K HT  3500 MHz  MSI Z77A-GD55  Z77 Int.  Dual DDR3-1600  9-9-9-24 CR2  317.2 MB/s
4x Xeon E3-1245 v3 HT  3400 MHz  Supermicro X10SAE  C226 Int.  Dual DDR3-1600  11-11-11-28 CR1  308.6 MB/s
4x Core i7-2600 HT  3400 MHz  Asus P8P67  P67  Dual DDR3-1333  9-9-9-24 CR1  289.2 MB/s
8x Xeon E5462  2800 MHz  Intel S5400SF  i5400  Quad DDR2-640FB  5-5-5-15  281.4 MB/s
8x FX-8150  3600 MHz  Asus M5A97  AMD970  Dual DDR3-1866  9-10-9-27 CR2  276.3 MB/s
6x Phenom II X6 Black 1100T  3300 MHz  Gigabyte GA-890GPA-UD3H v2  AMD890GX Int.  Unganged Dual DDR3-1333  9-9-9-24 CR2  256.7 MB/s
8x Opteron 2378  2400 MHz  Tyan Thunder n3600R  nForcePro-3600  Unganged Quad DDR2-800R  6-6-6-18 CR1  244.3 MB/s
4x Core i7-965 Extreme HT  3200 MHz  Asus P6T Deluxe  X58  Triple DDR3-1333  9-9-9-24 CR1  222.7 MB/s
8x Atom C2750  2400 MHz  Supermicro A1SAi-2750F  Avoton  Dual DDR3-1600  11-11-11-28 CR1  209.2 MB/s
8x Xeon L5320  1866 MHz  Intel S5000VCL  i5000V  Dual DDR2-533FB  4-4-4-12  189.4 MB/s
4x A10-6800K  4100 MHz  Gigabyte GA-F2A85X-UP4  A85X Int.  Dual DDR3-2133  9-11-10-27 CR2  183.0 MB/s
4x A10-7850K  3700 MHz  Gigabyte GA-F2A88XM-D3H  A88X Int.  Dual DDR3-2133  9-11-10-31 CR2  174.8 MB/s
8x Opteron 2344 HE  1700 MHz  Supermicro H8DME-2  nForcePro-3600  Unganged Quad DDR2-667R  5-5-5-15 CR1  174.3 MB/s
4x A10-5800K  3800 MHz  Asus F2A55-M  A55 Int.  Dual DDR3-1866  9-10-9-27 CR2  167.7 MB/s
4x Phenom II X4 Black 940  3000 MHz  Asus M3N78-EM  GeForce8300 Int.  Ganged Dual DDR2-800  5-5-5-18 CR2  154.7 MB/s
4x Core 2 Extreme QX9650  3000 MHz  Gigabyte GA-EP35C-DS3R  P35  Dual DDR3-1066  8-8-8-20 CR2  153.2 MB/s
4x A8-3850  2900 MHz  Gigabyte GA-A75M-UD2H  A75 Int.  Dual DDR3-1333  9-9-9-24 CR1  152.5 MB/s
4x Core 2 Extreme QX6700  2666 MHz  Intel D975XBX2  i975X  Dual DDR2-667  5-5-5-15  136.2 MB/s
4x Xeon 5140  2333 MHz  Intel S5000VSA  i5000V  Dual DDR2-667FB  5-5-5-15  117.7 MB/s
4x Phenom X4 9500  2200 MHz  Asus M3A  AMD770  Ganged Dual DDR2-800  5-5-5-18 CR2  112.5 MB/s
4x Xeon X3430  2400 MHz  Supermicro X8SIL-F  i3420  Dual DDR3-1333  9-9-9-24 CR1  108.3 MB/s
2x Core i5-650 HT  3200 MHz  Supermicro C7SIM-Q  Q57 Int.  Dual DDR3-1333  9-9-9-24 CR1  105.8 MB/s
Celeron J1900  2000 MHz  Gigabyte GA-J1900N-D3V  BayTrailD Int.  Dual DDR3-1333  9-9-9-24 CR1  97.1 MB/s
4x Athlon 5350  2050 MHz  ASRock AM1B-ITX  Yangtze Int.  DDR3-1600 SDRAM  11-11-11-28 CR2  95.6 MB/s
4x Opteron 2210 HE  1800 MHz  Tyan Thunder h2000M  BCM5785  Quad DDR2-600R  5-5-5-15 CR1  82.8 MB/s
4x Atom x5-Z8500  2000 MHz  ASUSTeK COMPUTER INC. T100HAN  CherryTrail Int.  Dual DDR3-1600  12-15-20-34 CR1  75.1 MB/s
2x Core 2 Extreme X6800  2933 MHz  Abit AB9  P965  Dual DDR2-800  5-5-5-18 CR2  75.0 MB/s
2x Athlon64 X2 Black 6400+  3200 MHz  MSI K9N SLI Platinum  nForce570SLI  Dual DDR2-800  4-4-4-11 CR1  73.7 MB/s
2x Pentium EE 955 HT  3466 MHz  Intel D955XBK  i955X  Dual DDR2-667  4-4-4-11  59.6 MB/s
2x Xeon HT  3400 MHz  Intel SE7320SP2  iE7320  Dual DDR333R  2.5-3-3-7  57.8 MB/s
2x Core 2 Duo P8400  2266 MHz  MSI MegaBook PR201  GM45 Int.  Dual DDR2-667  5-5-5-15  57.5 MB/s
2x Athlon64 X2 4000+  2100 MHz  ASRock ALiveNF7G-HDready  nForce7050-630a Int.  Dual DDR2-700  5-5-5-18 CR2  47.3 MB/s
2x Pentium D 820  2800 MHz  Abit Fatal1ty F-I90HD  RS600 Int.  Dual DDR2-800  5-5-5-18 CR2  41.5 MB/s
Nano X2 L4350  1600 MHz  VIA EPIA-M900  VX900H Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  33.3 MB/s
2x E-350  1600 MHz  ASRock E350M1  A50M Int.  DDR3-1066 SDRAM  8-8-8-20 CR1  32.9 MB/s
P4EE HT  3733 MHz  Intel SE7230NH1LX  iE7230  Dual DDR2-667  5-5-5-15  32.2 MB/s
2x Atom D2500  1866 MHz  Intel D2500CC  NM10 Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  31.6 MB/s
2x Opteron 240  1400 MHz  MSI K8D Master3-133 FS  AMD8100  Quad DDR400R  3-4-4-8 CR1  30.8 MB/s
Opteron 248  2200 MHz  MSI K8T Master1-FAR  K8T800  Dual DDR266R  2-3-3-6 CR1  24.3 MB/s
Athlon64 3200+  2000 MHz  ASRock 939S56-M  SiS756  Dual DDR400  2.5-3-3-8 CR2  22.8 MB/s
Celeron 420  1600 MHz  Intel DQ965GF  Q965 Int.  Dual DDR2-667  5-5-5-15  20.3 MB/s
Atom 230 HT  1600 MHz  Intel D945GCLF  i945GC Int.  DDR2-533 SDRAM  4-4-4-12  18.5 MB/s
Celeron D 326  2533 MHz  ASRock 775Twins-HDTV  RC410 Ext.  DDR2-533 SDRAM  4-4-4-11  17.4 MB/s
Sempron 2600+  1600 MHz  ASRock K8NF4G-SATA2  GeForce6100 Int.  DDR400 SDRAM  2.5-3-3-8 CR2  16.3 MB/s
Nano L2200  1600 MHz  VIA VB8001  CN896 Int.  DDR2-667 SDRAM  5-5-5-15 CR2  15.2 MB/s


CPU AES

 
CPU  CPU Clock  Motherboard  Chipset  Memory  CL-RCD-RP-RAS  Score
20x Xeon E5-2660 v3 HT  2600 MHz  Supermicro X10DRi  C612  Octal DDR4-1866  13-13-13-31 CR1  65839 MB/s
16x Xeon E5-2670 HT  2600 MHz  Supermicro X9DR6-F  C600  Octal DDR3-1333  9-9-9-24 CR1  46884 MB/s
32x Opteron 6274  2200 MHz  Supermicro H8DGI-F  SR5690  Octal DDR3-1600R  11-11-11-28 CR1  38007 MB/s
6x Core i7-5820K HT  3300 MHz  Gigabyte GA-X99-UD4  X99  Quad DDR4-2133  15-15-15-36 CR2  23204 MB/s
6x Core i7-3960X Extreme HT  3300 MHz  Intel DX79SI  X79  Quad DDR3-1600  9-9-9-24 CR2  21097 MB/s
6x Core i7-4930K HT  3400 MHz  Gigabyte GA-X79-UD3  X79  Quad DDR3-1866  9-10-9-27 CR2  21094 MB/s
8x FX-8350  4000 MHz  Asus M5A99X Evo R2.0  AMD990X  Dual DDR3-1866  9-10-9-27 CR2  17312 MB/s
4x Core i7-4770 HT  3400 MHz  Intel DZ87KLT-75K  Z87 Int.  Dual DDR3-1600  9-9-9-27 CR2  16800 MB/s
4x Xeon E3-1245 v3 HT  3400 MHz  Supermicro X10SAE  C226 Int.  Dual DDR3-1600  11-11-11-28 CR1  16333 MB/s
8x FX-8150  3600 MHz  Asus M5A97  AMD970  Dual DDR3-1866  9-10-9-27 CR2  15406 MB/s
4x Core i7-3770K HT  3500 MHz  MSI Z77A-GD55  Z77 Int.  Dual DDR3-1600  9-9-9-24 CR2  14455 MB/s
4x Core i7-2600 HT  3400 MHz  Asus P8P67  P67  Dual DDR3-1333  9-9-9-24 CR1  13681 MB/s
6x Core i7-990X Extreme HT  3466 MHz  Intel DX58SO2  X58  Triple DDR3-1333  9-9-9-24 CR1  12247 MB/s
4x A10-6800K  4100 MHz  Gigabyte GA-F2A85X-UP4  A85X Int.  Dual DDR3-2133  9-11-10-27 CR2  9124 MB/s
4x A10-7850K  3700 MHz  Gigabyte GA-F2A88XM-D3H  A88X Int.  Dual DDR3-2133  9-11-10-31 CR2  8465 MB/s
4x A10-5800K  3800 MHz  Asus F2A55-M  A55 Int.  Dual DDR3-1866  9-10-9-27 CR2  8460 MB/s
4x Athlon 5350  2050 MHz  ASRock AM1B-ITX  Yangtze Int.  DDR3-1600 SDRAM  11-11-11-28 CR2  6532 MB/s
8x Atom C2750  2400 MHz  Supermicro A1SAi-2750F  Avoton  Dual DDR3-1600  11-11-11-28 CR1  4053 MB/s
2x Core i5-650 HT  3200 MHz  Supermicro C7SIM-Q  Q57 Int.  Dual DDR3-1333  9-9-9-24 CR1  3782 MB/s
Nano X2 L4350  1600 MHz  VIA EPIA-M900  VX900H Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  2908 MB/s
12x Opteron 2431  2400 MHz  Supermicro H8DI3+-F  SR5690  Unganged Quad DDR2-800R  6-6-6-18 CR1  1930 MB/s
4x Atom x5-Z8500  2083 MHz  ASUSTeK COMPUTER INC. T100HAN  CherryTrail Int.  Dual DDR3-1600  12-15-20-34 CR1  1549 MB/s
Nano L2200  1600 MHz  VIA VB8001  CN896 Int.  DDR2-667 SDRAM  5-5-5-15 CR2  1447 MB/s
6x Phenom II X6 Black 1100T  3300 MHz  Gigabyte GA-890GPA-UD3H v2  AMD890GX Int.  Unganged Dual DDR3-1333  9-9-9-24 CR2  1332 MB/s
8x Opteron 2378  2400 MHz  Tyan Thunder n3600R  nForcePro-3600  Unganged Quad DDR2-800R  6-6-6-18 CR1  1286 MB/s
8x Xeon E5462  2800 MHz  Intel S5400SF  i5400  Quad DDR2-640FB  5-5-5-15  1212 MB/s
8x Xeon X5550 HT  2666 MHz  Supermicro X8DTN+  i5520  Hexa DDR3-1333  9-9-9-24 CR1  1153 MB/s
8x Opteron 2344 HE  1700 MHz  Supermicro H8DME-2  nForcePro-3600  Unganged Quad DDR2-667R  5-5-5-15 CR1  913 MB/s
4x Phenom II X4 Black 940  3000 MHz  Asus M3N78-EM  GeForce8300 Int.  Ganged Dual DDR2-800  5-5-5-18 CR2  802 MB/s
8x Xeon L5320  1866 MHz  Intel S5000VCL  i5000V  Dual DDR2-533FB  4-4-4-12  790 MB/s
4x A8-3850  2900 MHz  Gigabyte GA-A75M-UD2H  A75 Int.  Dual DDR3-1333  9-9-9-24 CR1  789 MB/s
4x Core i7-965 Extreme HT  3200 MHz  Asus P6T Deluxe  X58  Triple DDR3-1333  9-9-9-24 CR1  721 MB/s
4x Core 2 Extreme QX9650  3000 MHz  Gigabyte GA-EP35C-DS3R  P35  Dual DDR3-1066  8-8-8-20 CR2  651 MB/s
4x Phenom X4 9500  2200 MHz  Asus M3A  AMD770  Ganged Dual DDR2-800  5-5-5-18 CR2  587 MB/s
4x Core 2 Extreme QX6700  2666 MHz  Intel D975XBX2  i975X  Dual DDR2-667  5-5-5-15  566 MB/s
4x Xeon X3430  2400 MHz  Supermicro X8SIL-F  i3420  Dual DDR3-1333  9-9-9-24 CR1  524 MB/s
4x Xeon 5140  2333 MHz  Intel S5000VSA  i5000V  Dual DDR2-667FB  5-5-5-15  493 MB/s
4x Opteron 2210 HE  1800 MHz  Tyan Thunder h2000M  BCM5785  Quad DDR2-600R  5-5-5-15 CR1  473 MB/s
2x Athlon64 X2 Black 6400+  3200 MHz  MSI K9N SLI Platinum  nForce570SLI  Dual DDR2-800  4-4-4-11 CR1  421 MB/s
Celeron J1900  2000 MHz  Gigabyte GA-J1900N-D3V  BayTrailD Int.  Dual DDR3-1333  9-9-9-24 CR1  387 MB/s
2x Core 2 Extreme X6800  2933 MHz  Abit AB9  P965  Dual DDR2-800  5-5-5-18 CR2  311 MB/s
2x Pentium EE 955 HT  3466 MHz  Intel D955XBK  i955X  Dual DDR2-667  4-4-4-11  277 MB/s
2x Athlon64 X2 4000+  2100 MHz  ASRock ALiveNF7G-HDready  nForce7050-630a Int.  Dual DDR2-700  5-5-5-18 CR2  274 MB/s
2x Xeon HT  3400 MHz  Intel SE7320SP2  iE7320  Dual DDR333R  2.5-3-3-7  269 MB/s
2x Core 2 Duo P8400  2266 MHz  MSI MegaBook PR201  GM45 Int.  Dual DDR2-667  5-5-5-15  245 MB/s
2x Pentium D 820  2800 MHz  Abit Fatal1ty F-I90HD  RS600 Int.  Dual DDR2-800  5-5-5-18 CR2  242 MB/s
2x Opteron 240  1400 MHz  MSI K8D Master3-133 FS  AMD8100  Quad DDR400R  3-4-4-8 CR1  184 MB/s
2x E-350  1600 MHz  ASRock E350M1  A50M Int.  DDR3-1066 SDRAM  8-8-8-20 CR1  153 MB/s
P4EE HT  3733 MHz  Intel SE7230NH1LX  iE7230  Dual DDR2-667  5-5-5-15  148 MB/s
Opteron 248  2200 MHz  MSI K8T Master1-FAR  K8T800  Dual DDR266R  2-3-3-6 CR1  144 MB/s
Athlon64 3200+  2000 MHz  ASRock 939S56-M  SiS756  Dual DDR400  2.5-3-3-8 CR2  131 MB/s
Celeron D 326  2533 MHz  ASRock 775Twins-HDTV  RC410 Ext.  DDR2-533 SDRAM  4-4-4-11  109 MB/s
Sempron 2600+  1600 MHz  ASRock K8NF4G-SATA2  GeForce6100 Int.  DDR400 SDRAM  2.5-3-3-8 CR2  105 MB/s
2x Atom D2500  1866 MHz  Intel D2500CC  NM10 Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  98 MB/s
Celeron 420  1600 MHz  Intel DQ965GF  Q965 Int.  Dual DDR2-667  5-5-5-15  84 MB/s
Atom 230 HT  1600 MHz  Intel D945GCLF  i945GC Int.  DDR2-533 SDRAM  4-4-4-12  44 MB/s


CPU Hash

 
CPU  CPU Clock  Motherboard  Chipset  Memory  CL-RCD-RP-RAS  Score
20x Xeon E5-2660 v3 HT  2600 MHz  Supermicro X10DRi  C612  Octal DDR4-1866  13-13-13-31 CR1  14804 MB/s
32x Opteron 6274  2200 MHz  Supermicro H8DGI-F  SR5690  Octal DDR3-1600R  11-11-11-28 CR1  9056 MB/s
16x Xeon E5-2670 HT  2600 MHz  Supermicro X9DR6-F  C600  Octal DDR3-1333  9-9-9-24 CR1  8724 MB/s
6x Core i7-5820K HT  3300 MHz  Gigabyte GA-X99-UD4  X99  Quad DDR4-2133  15-15-15-36 CR2  5231 MB/s
12x Opteron 2431  2400 MHz  Supermicro H8DI3+-F  SR5690  Unganged Quad DDR2-800R  6-6-6-18 CR1  4783 MB/s
6x Core i7-4930K HT  3400 MHz  Gigabyte GA-X79-UD3  X79  Quad DDR3-1866  9-10-9-27 CR2  4368 MB/s
8x FX-8350  4000 MHz  Asus M5A99X Evo R2.0  AMD990X  Dual DDR3-1866  9-10-9-27 CR2  4104 MB/s
6x Core i7-3960X Extreme HT  3300 MHz  Intel DX79SI  X79  Quad DDR3-1600  9-9-9-24 CR2  3924 MB/s
4x Core i7-4770 HT  3400 MHz  Intel DZ87KLT-75K  Z87 Int.  Dual DDR3-1600  9-9-9-27 CR2  3786 MB/s
4x Xeon E3-1245 v3 HT  3400 MHz  Supermicro X10SAE  C226 Int.  Dual DDR3-1600  11-11-11-28 CR1  3679 MB/s
8x FX-8150  3600 MHz  Asus M5A97  AMD970  Dual DDR3-1866  9-10-9-27 CR2  3674 MB/s
8x Xeon E5462  2800 MHz  Intel S5400SF  i5400  Quad DDR2-640FB  5-5-5-15  3604 MB/s
6x Phenom II X6 Black 1100T  3300 MHz  Gigabyte GA-890GPA-UD3H v2  AMD890GX Int.  Unganged Dual DDR3-1333  9-9-9-24 CR2  3304 MB/s
8x Opteron 2378  2400 MHz  Tyan Thunder n3600R  nForcePro-3600  Unganged Quad DDR2-800R  6-6-6-18 CR1  3188 MB/s
6x Core i7-990X Extreme HT  3466 MHz  Intel DX58SO2  X58  Triple DDR3-1333  9-9-9-24 CR1  3137 MB/s
8x Xeon X5550 HT  2666 MHz  Supermicro X8DTN+  i5520  Hexa DDR3-1333  9-9-9-24 CR1  3094 MB/s
4x Core i7-3770K HT  3500 MHz  MSI Z77A-GD55  Z77 Int.  Dual DDR3-1600  9-9-9-24 CR2  2995 MB/s
4x A10-7850K  3700 MHz  Gigabyte GA-F2A88XM-D3H  A88X Int.  Dual DDR3-2133  9-11-10-31 CR2  2621 MB/s
4x Core i7-2600 HT  3400 MHz  Asus P8P67  P67  Dual DDR3-1333  9-9-9-24 CR1  2544 MB/s
8x Xeon L5320  1866 MHz  Intel S5000VCL  i5000V  Dual DDR2-533FB  4-4-4-12  2345 MB/s
8x Opteron 2344 HE  1700 MHz  Supermicro H8DME-2  nForcePro-3600  Unganged Quad DDR2-667R  5-5-5-15 CR1  2242 MB/s
4x A10-6800K  4100 MHz  Gigabyte GA-F2A85X-UP4  A85X Int.  Dual DDR3-2133  9-11-10-27 CR2  2159 MB/s
4x Phenom II X4 Black 940  3000 MHz  Asus M3N78-EM  GeForce8300 Int.  Ganged Dual DDR2-800  5-5-5-18 CR2  1989 MB/s
4x A10-5800K  3800 MHz  Asus F2A55-M  A55 Int.  Dual DDR3-1866  9-10-9-27 CR2  1986 MB/s
8x Atom C2750  2400 MHz  Supermicro A1SAi-2750F  Avoton  Dual DDR3-1600  11-11-11-28 CR1  1965 MB/s
4x Core 2 Extreme QX9650  3000 MHz  Gigabyte GA-EP35C-DS3R  P35  Dual DDR3-1066  8-8-8-20 CR2  1942 MB/s
4x Core i7-965 Extreme HT  3200 MHz  Asus P6T Deluxe  X58  Triple DDR3-1333  9-9-9-24 CR1  1936 MB/s
4x A8-3850  2900 MHz  Gigabyte GA-A75M-UD2H  A75 Int.  Dual DDR3-1333  9-9-9-24 CR1  1914 MB/s
4x Core 2 Extreme QX6700  2666 MHz  Intel D975XBX2  i975X  Dual DDR2-667  5-5-5-15  1680 MB/s
4x Xeon X3430  2400 MHz  Supermicro X8SIL-F  i3420  Dual DDR3-1333  9-9-9-24 CR1  1677 MB/s
4x Xeon 5140  2333 MHz  Intel S5000VSA  i5000V  Dual DDR2-667FB  5-5-5-15  1464 MB/s
4x Phenom X4 9500  2200 MHz  Asus M3A  AMD770  Ganged Dual DDR2-800  5-5-5-18 CR2  1441 MB/s
4x Opteron 2210 HE  1800 MHz  Tyan Thunder h2000M  BCM5785  Quad DDR2-600R  5-5-5-15 CR1  1101 MB/s
4x Athlon 5350  2050 MHz  ASRock AM1B-ITX  Yangtze Int.  DDR3-1600 SDRAM  11-11-11-28 CR2  998 MB/s
2x Athlon64 X2 Black 6400+  3200 MHz  MSI K9N SLI Platinum  nForce570SLI  Dual DDR2-800  4-4-4-11 CR1  980 MB/s
Nano X2 L4350  1600 MHz  VIA EPIA-M900  VX900H Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  976 MB/s
2x Core i5-650 HT  3200 MHz  Supermicro C7SIM-Q  Q57 Int.  Dual DDR3-1333  9-9-9-24 CR1  969 MB/s
2x Core 2 Extreme X6800  2933 MHz  Abit AB9  P965  Dual DDR2-800  5-5-5-18 CR2  925 MB/s
Celeron J1900  2000 MHz  Gigabyte GA-J1900N-D3V  BayTrailD Int.  Dual DDR3-1333  9-9-9-24 CR1  911 MB/s
2x Pentium EE 955 HT  3466 MHz  Intel D955XBK  i955X  Dual DDR2-667  4-4-4-11  828 MB/s
2x Xeon HT  3400 MHz  Intel SE7320SP2  iE7320  Dual DDR333R  2.5-3-3-7  809 MB/s
2x Core 2 Duo P8400  2266 MHz  MSI MegaBook PR201  GM45 Int.  Dual DDR2-667  5-5-5-15  730 MB/s
4x Atom x5-Z8500  2083 MHz  ASUSTeK COMPUTER INC. T100HAN  CherryTrail Int.  Dual DDR3-1600  12-15-20-34 CR1  708 MB/s
2x Athlon64 X2 4000+  2100 MHz  ASRock ALiveNF7G-HDready  nForce7050-630a Int.  Dual DDR2-700  5-5-5-18 CR2  641 MB/s
2x Pentium D 820  2800 MHz  Abit Fatal1ty F-I90HD  RS600 Int.  Dual DDR2-800  5-5-5-18 CR2  548 MB/s
Nano L2200  1600 MHz  VIA VB8001  CN896 Int.  DDR2-667 SDRAM  5-5-5-15 CR2  489 MB/s
P4EE HT  3733 MHz  Intel SE7230NH1LX  iE7230  Dual DDR2-667  5-5-5-15  443 MB/s
2x Opteron 240  1400 MHz  MSI K8D Master3-133 FS  AMD8100  Quad DDR400R  3-4-4-8 CR1  427 MB/s
2x Atom D2500  1866 MHz  Intel D2500CC  NM10 Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  350 MB/s
Opteron 248  2200 MHz  MSI K8T Master1-FAR  K8T800  Dual DDR266R  2-3-3-6 CR1  336 MB/s
2x E-350  1600 MHz  ASRock E350M1  A50M Int.  DDR3-1066 SDRAM  8-8-8-20 CR1  326 MB/s
Athlon64 3200+  2000 MHz  ASRock 939S56-M  SiS756  Dual DDR400  2.5-3-3-8 CR2  306 MB/s
Celeron 420  1600 MHz  Intel DQ965GF  Q965 Int.  Dual DDR2-667  5-5-5-15  251 MB/s
Celeron D 326  2533 MHz  ASRock 775Twins-HDTV  RC410 Ext.  DDR2-533 SDRAM  4-4-4-11  246 MB/s
Sempron 2600+  1600 MHz  ASRock K8NF4G-SATA2  GeForce6100 Int.  DDR400 SDRAM  2.5-3-3-8 CR2  245 MB/s
Atom 230 HT  1600 MHz  Intel D945GCLF  i945GC Int.  DDR2-533 SDRAM  4-4-4-12  162 MB/s


FPU VP8

 
CPU  CPU Clock  Motherboard  Chipset  Memory  CL-RCD-RP-RAS  Score
6x Core i7-4930K HT  3400 MHz  Gigabyte GA-X79-UD3  X79  Quad DDR3-1866  9-10-9-27 CR2  6751
20x Xeon E5-2660 v3 HT  2600 MHz  Supermicro X10DRi  C612  Octal DDR4-1866  13-13-13-31 CR1  6650
6x Core i7-5820K HT  3300 MHz  Gigabyte GA-X99-UD4  X99  Quad DDR4-2133  15-15-15-36 CR2  6539
4x Core i7-4770 HT  3400 MHz  Intel DZ87KLT-75K  Z87 Int.  Dual DDR3-1600  9-9-9-27 CR2  6391
6x Core i7-3960X Extreme HT  3300 MHz  Intel DX79SI  X79  Quad DDR3-1600  9-9-9-24 CR2  6381
4x Xeon E3-1245 v3 HT  3400 MHz  Supermicro X10SAE  C226 Int.  Dual DDR3-1600  11-11-11-28 CR1  6367
16x Xeon E5-2670 HT  2600 MHz  Supermicro X9DR6-F  C600  Octal DDR3-1333  9-9-9-24 CR1  6350
4x Core i7-3770K HT  3500 MHz  MSI Z77A-GD55  Z77 Int.  Dual DDR3-1600  9-9-9-24 CR2  6307
6x Core i7-990X Extreme HT  3466 MHz  Intel DX58SO2  X58  Triple DDR3-1333  9-9-9-24 CR1  5592
4x Core i7-2600 HT  3400 MHz  Asus P8P67  P67  Dual DDR3-1333  9-9-9-24 CR1  5279
8x Xeon E5462  2800 MHz  Intel S5400SF  i5400  Quad DDR2-640FB  5-5-5-15  4981
8x FX-8350  4000 MHz  Asus M5A99X Evo R2.0  AMD990X  Dual DDR3-1866  9-10-9-27 CR2  4943
4x Core i7-965 Extreme HT  3200 MHz  Asus P6T Deluxe  X58  Triple DDR3-1333  9-9-9-24 CR1  4777
8x Xeon X5550 HT  2666 MHz  Supermicro X8DTN+  i5520  Hexa DDR3-1333  9-9-9-24 CR1  4589
6x Phenom II X6 Black 1100T  3300 MHz  Gigabyte GA-890GPA-UD3H v2  AMD890GX Int.  Unganged Dual DDR3-1333  9-9-9-24 CR2  4583
8x FX-8150  3600 MHz  Asus M5A97  AMD970  Dual DDR3-1866  9-10-9-27 CR2  3973
12x Opteron 2431  2400 MHz  Supermicro H8DI3+-F  SR5690  Unganged Quad DDR2-800R  6-6-6-18 CR1  3920
4x Core 2 Extreme QX9650  3000 MHz  Gigabyte GA-EP35C-DS3R  P35  Dual DDR3-1066  8-8-8-20 CR2  3864
4x Xeon X3430  2400 MHz  Supermicro X8SIL-F  i3420  Dual DDR3-1333  9-9-9-24 CR1  3766
8x Opteron 2378  2400 MHz  Tyan Thunder n3600R  nForcePro-3600  Unganged Quad DDR2-800R  6-6-6-18 CR1  3654
4x A10-7850K  3700 MHz  Gigabyte GA-F2A88XM-D3H  A88X Int.  Dual DDR3-2133  9-11-10-31 CR2  3623
2x Core i5-650 HT  3200 MHz  Supermicro C7SIM-Q  Q57 Int.  Dual DDR3-1333  9-9-9-24 CR1  3304
4x Phenom II X4 Black 940  3000 MHz  Asus M3N78-EM  GeForce8300 Int.  Ganged Dual DDR2-800  5-5-5-18 CR2  3294
4x A8-3850  2900 MHz  Gigabyte GA-A75M-UD2H  A75 Int.  Dual DDR3-1333  9-9-9-24 CR1  3238
4x A10-5800K  3800 MHz  Asus F2A55-M  A55 Int.  Dual DDR3-1866  9-10-9-27 CR2  3166
8x Atom C2750  2400 MHz  Supermicro A1SAi-2750F  Avoton  Dual DDR3-1600  11-11-11-28 CR1  3145
4x A10-6800K  4100 MHz  Gigabyte GA-F2A85X-UP4  A85X Int.  Dual DDR3-2133  9-11-10-27 CR2  3141
32x Opteron 6274  2200 MHz  Supermicro H8DGI-F  SR5690  Octal DDR3-1600R  11-11-11-28 CR1  3070
4x Core 2 Extreme QX6700  2666 MHz  Intel D975XBX2  i975X  Dual DDR2-667  5-5-5-15  2707
8x Xeon L5320  1866 MHz  Intel S5000VCL  i5000V  Dual DDR2-533FB  4-4-4-12  2499
8x Opteron 2344 HE  1700 MHz  Supermicro H8DME-2  nForcePro-3600  Unganged Quad DDR2-667R  5-5-5-15 CR1  2448
4x Athlon 5350  2050 MHz  ASRock AM1B-ITX  Yangtze Int.  DDR3-1600 SDRAM  11-11-11-28 CR2  2402
4x Phenom X4 9500  2200 MHz  Asus M3A  AMD770  Ganged Dual DDR2-800  5-5-5-18 CR2  2382
4x Xeon 5140  2333 MHz  Intel S5000VSA  i5000V  Dual DDR2-667FB  5-5-5-15  2369
Celeron J1900  2000 MHz  Gigabyte GA-J1900N-D3V  BayTrailD Int.  Dual DDR3-1333  9-9-9-24 CR1  2112
2x Athlon64 X2 Black 6400+  3200 MHz  MSI K9N SLI Platinum  nForce570SLI  Dual DDR2-800  4-4-4-11 CR1  1816
2x Core 2 Extreme X6800  2933 MHz  Abit AB9  P965  Dual DDR2-800  5-5-5-18 CR2  1786
2x Core 2 Duo P8400  2266 MHz  MSI MegaBook PR201  GM45 Int.  Dual DDR2-667  5-5-5-15  1779
4x Opteron 2210 HE  1800 MHz  Tyan Thunder h2000M  BCM5785  Quad DDR2-600R  5-5-5-15 CR1  1687
4x Atom x5-Z8500  2233 MHz  ASUSTeK COMPUTER INC. T100HAN  CherryTrail Int.  Dual DDR3-1600  12-15-20-34 CR1  1638
2x Athlon64 X2 4000+  2100 MHz  ASRock ALiveNF7G-HDready  nForce7050-630a Int.  Dual DDR2-700  5-5-5-18 CR2  1352
2x Pentium EE 955 HT  3466 MHz  Intel D955XBK  i955X  Dual DDR2-667  4-4-4-11  1215
2x Xeon HT  3400 MHz  Intel SE7320SP2  iE7320  Dual DDR333R  2.5-3-3-7  1189
Nano X2 L4350  1600 MHz  VIA EPIA-M900  VX900H Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  1108
2x Pentium D 820  2800 MHz  Abit Fatal1ty F-I90HD  RS600 Int.  Dual DDR2-800  5-5-5-18 CR2  1057
P4EE HT  3733 MHz  Intel SE7230NH1LX  iE7230  Dual DDR2-667  5-5-5-15  954
2x E-350  1600 MHz  ASRock E350M1  A50M Int.  DDR3-1066 SDRAM  8-8-8-20 CR1  850
Athlon64 3200+  2000 MHz  ASRock 939S56-M  SiS756  Dual DDR400  2.5-3-3-8 CR2  803
2x Atom D2500  1866 MHz  Intel D2500CC  NM10 Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  796
2x Opteron 240  1400 MHz  MSI K8D Master3-133 FS  AMD8100  Quad DDR400R  3-4-4-8 CR1  689
Celeron 420  1600 MHz  Intel DQ965GF  Q965 Int.  Dual DDR2-667  5-5-5-15  685
Sempron 2600+  1600 MHz  ASRock K8NF4G-SATA2  GeForce6100 Int.  DDR400 SDRAM  2.5-3-3-8 CR2  661
Opteron 248  2200 MHz  MSI K8T Master1-FAR  K8T800  Dual DDR266R  2-3-3-6 CR1  613
Celeron D 326  2533 MHz  ASRock 775Twins-HDTV  RC410 Ext.  DDR2-533 SDRAM  4-4-4-11  586
Atom 230 HT  1600 MHz  Intel D945GCLF  i945GC Int.  DDR2-533 SDRAM  4-4-4-12  511
Nano L2200  1600 MHz  VIA VB8001  CN896 Int.  DDR2-667 SDRAM  5-5-5-15 CR2  487


FPU Julia

 
CPU  CPU Clock  Motherboard  Chipset  Memory  CL-RCD-RP-RAS  Score
20x Xeon E5-2660 v3 HT  2600 MHz  Supermicro X10DRi  C612  Octal DDR4-1866  13-13-13-31 CR1  105781
16x Xeon E5-2670 HT  2600 MHz  Supermicro X9DR6-F  C600  Octal DDR3-1333  9-9-9-24 CR1  62590
6x Core i7-5820K HT  3300 MHz  Gigabyte GA-X99-UD4  X99  Quad DDR4-2133  15-15-15-36 CR2  40502
32x Opteron 6274  2200 MHz  Supermicro H8DGI-F  SR5690  Octal DDR3-1600R  11-11-11-28 CR1  30193
6x Core i7-4930K HT  3400 MHz  Gigabyte GA-X79-UD3  X79  Quad DDR3-1866  9-10-9-27 CR2  28480
4x Core i7-4770 HT  3400 MHz  Intel DZ87KLT-75K  Z87 Int.  Dual DDR3-1600  9-9-9-27 CR2  26953
4x Xeon E3-1245 v3 HT  3400 MHz  Supermicro X10SAE  C226 Int.  Dual DDR3-1600  11-11-11-28 CR1  26917
6x Core i7-3960X Extreme HT  3300 MHz  Intel DX79SI  X79  Quad DDR3-1600  9-9-9-24 CR2  26898
4x Core i7-3770K HT  3500 MHz  MSI Z77A-GD55  Z77 Int.  Dual DDR3-1600  9-9-9-24 CR2  19516
4x Core i7-2600 HT  3400 MHz  Asus P8P67  P67  Dual DDR3-1333  9-9-9-24 CR1  18457
12x Opteron 2431  2400 MHz  Supermicro H8DI3+-F  SR5690  Unganged Quad DDR2-800R  6-6-6-18 CR1  18309
6x Core i7-990X Extreme HT  3466 MHz  Intel DX58SO2  X58  Triple DDR3-1333  9-9-9-24 CR1  17993
8x Xeon X5550 HT  2666 MHz  Supermicro X8DTN+  i5520  Hexa DDR3-1333  9-9-9-24 CR1  17671
8x Xeon E5462  2800 MHz  Intel S5400SF  i5400  Quad DDR2-640FB  5-5-5-15  15300
8x FX-8350  4000 MHz  Asus M5A99X Evo R2.0  AMD990X  Dual DDR3-1866  9-10-9-27 CR2  13504
6x Phenom II X6 Black 1100T  3300 MHz  Gigabyte GA-890GPA-UD3H v2  AMD890GX Int.  Unganged Dual DDR3-1333  9-9-9-24 CR2  12634
8x Opteron 2378  2400 MHz  Tyan Thunder n3600R  nForcePro-3600  Unganged Quad DDR2-800R  6-6-6-18 CR1  12208
8x FX-8150  3600 MHz  Asus M5A97  AMD970  Dual DDR3-1866  9-10-9-27 CR2  11912
4x Core i7-965 Extreme HT  3200 MHz  Asus P6T Deluxe  X58  Triple DDR3-1333  9-9-9-24 CR1  11125
8x Xeon L5320  1866 MHz  Intel S5000VCL  i5000V  Dual DDR2-533FB  4-4-4-12  8956
8x Atom C2750  2400 MHz  Supermicro A1SAi-2750F  Avoton  Dual DDR3-1600  11-11-11-28 CR1  8747
8x Opteron 2344 HE  1700 MHz  Supermicro H8DME-2  nForcePro-3600  Unganged Quad DDR2-667R  5-5-5-15 CR1  8681
4x Core 2 Extreme QX9650  3000 MHz  Gigabyte GA-EP35C-DS3R  P35  Dual DDR3-1066  8-8-8-20 CR2  8201
4x Xeon X3430  2400 MHz  Supermicro X8SIL-F  i3420  Dual DDR3-1333  9-9-9-24 CR1  8070
4x Phenom II X4 Black 940  3000 MHz  Asus M3N78-EM  GeForce8300 Int.  Ganged Dual DDR2-800  5-5-5-18 CR2  7608
4x A8-3850  2900 MHz  Gigabyte GA-A75M-UD2H  A75 Int.  Dual DDR3-1333  9-9-9-24 CR1  7438
4x A10-6800K  4100 MHz  Gigabyte GA-F2A85X-UP4  A85X Int.  Dual DDR3-2133  9-11-10-27 CR2  6999
4x A10-5800K  3800 MHz  Asus F2A55-M  A55 Int.  Dual DDR3-1866  9-10-9-27 CR2  6474
4x Core 2 Extreme QX6700  2666 MHz  Intel D975XBX2  i975X  Dual DDR2-667  5-5-5-15  6411
4x A10-7850K  3700 MHz  Gigabyte GA-F2A88XM-D3H  A88X Int.  Dual DDR3-2133  9-11-10-31 CR2  6207
4x Xeon 5140  2333 MHz  Intel S5000VSA  i5000V  Dual DDR2-667FB  5-5-5-15  5587
4x Phenom X4 9500  2200 MHz  Asus M3A  AMD770  Ganged Dual DDR2-800  5-5-5-18 CR2  5579
2x Core i5-650 HT  3200 MHz  Supermicro C7SIM-Q  Q57 Int.  Dual DDR3-1333  9-9-9-24 CR1  5551
4x Athlon 5350  2050 MHz  ASRock AM1B-ITX  Yangtze Int.  DDR3-1600 SDRAM  11-11-11-28 CR2  5235
Celeron J1900  2000 MHz  Gigabyte GA-J1900N-D3V  BayTrailD Int.  Dual DDR3-1333  9-9-9-24 CR1  4059
2x Core 2 Extreme X6800  2933 MHz  Abit AB9  P965  Dual DDR2-800  5-5-5-18 CR2  3534
4x Atom x5-Z8500  2233 MHz  ASUSTeK COMPUTER INC. T100HAN  CherryTrail Int.  Dual DDR3-1600  12-15-20-34 CR1  3286
2x Core 2 Duo P8400  2266 MHz  MSI MegaBook PR201  GM45 Int.  Dual DDR2-667  5-5-5-15  3079
2x Pentium EE 955 HT  3466 MHz  Intel D955XBK  i955X  Dual DDR2-667  4-4-4-11  2440
2x Xeon HT  3400 MHz  Intel SE7320SP2  iE7320  Dual DDR333R  2.5-3-3-7  2393
4x Opteron 2210 HE  1800 MHz  Tyan Thunder h2000M  BCM5785  Quad DDR2-600R  5-5-5-15 CR1  2309
2x Athlon64 X2 Black 6400+  3200 MHz  MSI K9N SLI Platinum  nForce570SLI  Dual DDR2-800  4-4-4-11 CR1  2053
2x Pentium D 820  2800 MHz  Abit Fatal1ty F-I90HD  RS600 Int.  Dual DDR2-800  5-5-5-18 CR2  1988
Nano X2 L4350  1600 MHz  VIA EPIA-M900  VX900H Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  1865
2x Athlon64 X2 4000+  2100 MHz  ASRock ALiveNF7G-HDready  nForce7050-630a Int.  Dual DDR2-700  5-5-5-18 CR2  1342
P4EE HT  3733 MHz  Intel SE7230NH1LX  iE7230  Dual DDR2-667  5-5-5-15  1308
2x Atom D2500  1866 MHz  Intel D2500CC  NM10 Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  1117
Celeron 420  1600 MHz  Intel DQ965GF  Q965 Int.  Dual DDR2-667  5-5-5-15  958
2x E-350  1600 MHz  ASRock E350M1  A50M Int.  DDR3-1066 SDRAM  8-8-8-20 CR1  911
2x Opteron 240  1400 MHz  MSI K8D Master3-133 FS  AMD8100  Quad DDR400R  3-4-4-8 CR1  896
Celeron D 326  2533 MHz  ASRock 775Twins-HDTV  RC410 Ext.  DDR2-533 SDRAM  4-4-4-11  893
Nano L2200  1600 MHz  VIA VB8001  CN896 Int.  DDR2-667 SDRAM  5-5-5-15 CR2  792
Opteron 248  2200 MHz  MSI K8T Master1-FAR  K8T800  Dual DDR266R  2-3-3-6 CR1  702
Athlon64 3200+  2000 MHz  ASRock 939S56-M  SiS756  Dual DDR400  2.5-3-3-8 CR2  641
Atom 230 HT  1600 MHz  Intel D945GCLF  i945GC Int.  DDR2-533 SDRAM  4-4-4-12  589
Sempron 2600+  1600 MHz  ASRock K8NF4G-SATA2  GeForce6100 Int.  DDR400 SDRAM  2.5-3-3-8 CR2  513


FPU Mandel

 
CPU  CPU Clock  Motherboard  Chipset  Memory  CL-RCD-RP-RAS  Score
20x Xeon E5-2660 v3 HT  2600 MHz  Supermicro X10DRi  C612  Octal DDR4-1866  13-13-13-31 CR1  54521
16x Xeon E5-2670 HT  2600 MHz  Supermicro X9DR6-F  C600  Octal DDR3-1333  9-9-9-24 CR1  33143
6x Core i7-5820K HT  3300 MHz  Gigabyte GA-X99-UD4  X99  Quad DDR4-2133  15-15-15-36 CR2  21649
32x Opteron 6274  2200 MHz  Supermicro H8DGI-F  SR5690  Octal DDR3-1600R  11-11-11-28 CR1  15402
6x Core i7-4930K HT  3400 MHz  Gigabyte GA-X79-UD3  X79  Quad DDR3-1866  9-10-9-27 CR2  15100
4x Core i7-4770 HT  3400 MHz  Intel DZ87KLT-75K  Z87 Int.  Dual DDR3-1600  9-9-9-27 CR2  14429
4x Xeon E3-1245 v3 HT  3400 MHz  Supermicro X10SAE  C226 Int.  Dual DDR3-1600  11-11-11-28 CR1  14418
6x Core i7-3960X Extreme HT  3300 MHz  Intel DX79SI  X79  Quad DDR3-1600  9-9-9-24 CR2  14253
4x Core i7-3770K HT  3500 MHz  MSI Z77A-GD55  Z77 Int.  Dual DDR3-1600  9-9-9-24 CR2  10344
4x Core i7-2600 HT  3400 MHz  Asus P8P67  P67  Dual DDR3-1333  9-9-9-24 CR1  9777
12x Opteron 2431  2400 MHz  Supermicro H8DI3+-F  SR5690  Unganged Quad DDR2-800R  6-6-6-18 CR1  9318
6x Core i7-990X Extreme HT  3466 MHz  Intel DX58SO2  X58  Triple DDR3-1333  9-9-9-24 CR1  8672
8x Xeon X5550 HT  2666 MHz  Supermicro X8DTN+  i5520  Hexa DDR3-1333  9-9-9-24 CR1  8614
8x Xeon E5462  2800 MHz  Intel S5400SF  i5400  Quad DDR2-640FB  5-5-5-15  8066
8x FX-8350  4000 MHz  Asus M5A99X Evo R2.0  AMD990X  Dual DDR3-1866  9-10-9-27 CR2  6901
6x Phenom II X6 Black 1100T  3300 MHz  Gigabyte GA-890GPA-UD3H v2  AMD890GX Int.  Unganged Dual DDR3-1333  9-9-9-24 CR2  6434
8x Opteron 2378  2400 MHz  Tyan Thunder n3600R  nForcePro-3600  Unganged Quad DDR2-800R  6-6-6-18 CR1  6211
8x FX-8150  3600 MHz  Asus M5A97  AMD970  Dual DDR3-1866  9-10-9-27 CR2  6094
4x Core i7-965 Extreme HT  3200 MHz  Asus P6T Deluxe  X58  Triple DDR3-1333  9-9-9-24 CR1  5395
8x Xeon L5320  1866 MHz  Intel S5000VCL  i5000V  Dual DDR2-533FB  4-4-4-12  4626
8x Opteron 2344 HE  1700 MHz  Supermicro H8DME-2  nForcePro-3600  Unganged Quad DDR2-667R  5-5-5-15 CR1  4418
4x Core 2 Extreme QX9650  3000 MHz  Gigabyte GA-EP35C-DS3R  P35  Dual DDR3-1066  8-8-8-20 CR2  4333
4x Xeon X3430  2400 MHz  Supermicro X8SIL-F  i3420  Dual DDR3-1333  9-9-9-24 CR1  4179
4x A8-3850  2900 MHz  Gigabyte GA-A75M-UD2H  A75 Int.  Dual DDR3-1333  9-9-9-24 CR1  3973
4x Phenom II X4 Black 940  3000 MHz  Asus M3N78-EM  GeForce8300 Int.  Ganged Dual DDR2-800  5-5-5-18 CR2  3874
4x A10-6800K  4100 MHz  Gigabyte GA-F2A85X-UP4  A85X Int.  Dual DDR3-2133  9-11-10-27 CR2  3474
4x Core 2 Extreme QX6700  2666 MHz  Intel D975XBX2  i975X  Dual DDR2-667  5-5-5-15  3308
4x A10-5800K  3800 MHz  Asus F2A55-M  A55 Int.  Dual DDR3-1866  9-10-9-27 CR2  3228
4x A10-7850K  3700 MHz  Gigabyte GA-F2A88XM-D3H  A88X Int.  Dual DDR3-2133  9-11-10-31 CR2  3176
8x Atom C2750  2400 MHz  Supermicro A1SAi-2750F  Avoton  Dual DDR3-1600  11-11-11-28 CR1  2982
4x Xeon 5140  2333 MHz  Intel S5000VSA  i5000V  Dual DDR2-667FB  5-5-5-15  2889
4x Phenom X4 9500  2200 MHz  Asus M3A  AMD770  Ganged Dual DDR2-800  5-5-5-18 CR2  2840
2x Core i5-650 HT  3200 MHz  Supermicro C7SIM-Q  Q57 Int.  Dual DDR3-1333  9-9-9-24 CR1  2676
4x Athlon 5350  2050 MHz  ASRock AM1B-ITX  Yangtze Int.  DDR3-1600 SDRAM  11-11-11-28 CR2  2335
2x Core 2 Extreme X6800  2933 MHz  Abit AB9  P965  Dual DDR2-800  5-5-5-18 CR2  1823
2x Core 2 Duo P8400  2266 MHz  MSI MegaBook PR201  GM45 Int.  Dual DDR2-667  5-5-5-15  1626
2x Pentium EE 955 HT  3466 MHz  Intel D955XBK  i955X  Dual DDR2-667  4-4-4-11  1482
2x Xeon HT  3400 MHz  Intel SE7320SP2  iE7320  Dual DDR333R  2.5-3-3-7  1449
Celeron J1900  2000 MHz  Gigabyte GA-J1900N-D3V  BayTrailD Int.  Dual DDR3-1333  9-9-9-24 CR1  1383
4x Opteron 2210 HE  1800 MHz  Tyan Thunder h2000M  BCM5785  Quad DDR2-600R  5-5-5-15 CR1  1182
4x Atom x5-Z8500  2166 MHz  ASUSTeK COMPUTER INC. T100HAN  CherryTrail Int.  Dual DDR3-1600  12-15-20-34 CR1  1166
2x Pentium D 820  2800 MHz  Abit Fatal1ty F-I90HD  RS600 Int.  Dual DDR2-800  5-5-5-18 CR2  1062
2x Athlon64 X2 Black 6400+  3200 MHz  MSI K9N SLI Platinum  nForce570SLI  Dual DDR2-800  4-4-4-11 CR1  1051
Nano X2 L4350  1600 MHz  VIA EPIA-M900  VX900H Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  856
P4EE HT  3733 MHz  Intel SE7230NH1LX  iE7230  Dual DDR2-667  5-5-5-15  795
2x Athlon64 X2 4000+  2100 MHz  ASRock ALiveNF7G-HDready  nForce7050-630a Int.  Dual DDR2-700  5-5-5-18 CR2  688
Celeron 420  1600 MHz  Intel DQ965GF  Q965 Int.  Dual DDR2-667  5-5-5-15  494
Celeron D 326  2533 MHz  ASRock 775Twins-HDTV  RC410 Ext.  DDR2-533 SDRAM  4-4-4-11  476
2x Opteron 240  1400 MHz  MSI K8D Master3-133 FS  AMD8100  Quad DDR400R  3-4-4-8 CR1  458
2x E-350  1600 MHz  ASRock E350M1  A50M Int.  DDR3-1066 SDRAM  8-8-8-20 CR1  427
Nano L2200  1600 MHz  VIA VB8001  CN896 Int.  DDR2-667 SDRAM  5-5-5-15 CR2  404
2x Atom D2500  1866 MHz  Intel D2500CC  NM10 Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  402
Opteron 248  2200 MHz  MSI K8T Master1-FAR  K8T800  Dual DDR266R  2-3-3-6 CR1  359
Athlon64 3200+  2000 MHz  ASRock 939S56-M  SiS756  Dual DDR400  2.5-3-3-8 CR2  328
Sempron 2600+  1600 MHz  ASRock K8NF4G-SATA2  GeForce6100 Int.  DDR400 SDRAM  2.5-3-3-8 CR2  263
Atom 230 HT  1600 MHz  Intel D945GCLF  i945GC Int.  DDR2-533 SDRAM  4-4-4-12  193


FPU SinJulia

 
CPU  CPU Clock  Motherboard  Chipset  Memory  CL-RCD-RP-RAS  Score
20x Xeon E5-2660 v3 HT  2600 MHz  Supermicro X10DRi  C612  Octal DDR4-1866  13-13-13-31 CR1  18482
16x Xeon E5-2670 HT  2600 MHz  Supermicro X9DR6-F  C600  Octal DDR3-1333  9-9-9-24 CR1  16035
6x Core i7-990X Extreme HT  3466 MHz  Intel DX58SO2  X58  Triple DDR3-1333  9-9-9-24 CR1  7471
6x Core i7-4930K HT  3400 MHz  Gigabyte GA-X79-UD3  X79  Quad DDR3-1866  9-10-9-27 CR2  7274
6x Core i7-3960X Extreme HT  3300 MHz  Intel DX79SI  X79  Quad DDR3-1600  9-9-9-24 CR2  7214
8x Xeon X5550 HT  2666 MHz  Supermicro X8DTN+  i5520  Hexa DDR3-1333  9-9-9-24 CR1  6993
32x Opteron 6274  2200 MHz  Supermicro H8DGI-F  SR5690  Octal DDR3-1600R  11-11-11-28 CR1  6822
6x Core i7-5820K HT  3300 MHz  Gigabyte GA-X99-UD4  X99  Quad DDR4-2133  15-15-15-36 CR2  6513
4x Core i7-3770K HT  3500 MHz  MSI Z77A-GD55  Z77 Int.  Dual DDR3-1600  9-9-9-24 CR2  4984
4x Core i7-4770 HT  3400 MHz  Intel DZ87KLT-75K  Z87 Int.  Dual DDR3-1600  9-9-9-27 CR2  4716
4x Core i7-2600 HT  3400 MHz  Asus P8P67  P67  Dual DDR3-1333  9-9-9-24 CR1  4679
12x Opteron 2431  2400 MHz  Supermicro H8DI3+-F  SR5690  Unganged Quad DDR2-800R  6-6-6-18 CR1  4658
4x Core i7-965 Extreme HT  3200 MHz  Asus P6T Deluxe  X58  Triple DDR3-1333  9-9-9-24 CR1  4587
4x Xeon E3-1245 v3 HT  3400 MHz  Supermicro X10SAE  C226 Int.  Dual DDR3-1600  11-11-11-28 CR1  4583
8x Xeon E5462  2800 MHz  Intel S5400SF  i5400  Quad DDR2-640FB  5-5-5-15  4132
6x Phenom II X6 Black 1100T  3300 MHz  Gigabyte GA-890GPA-UD3H v2  AMD890GX Int.  Unganged Dual DDR3-1333  9-9-9-24 CR2  3213
8x Opteron 2378  2400 MHz  Tyan Thunder n3600R  nForcePro-3600  Unganged Quad DDR2-800R  6-6-6-18 CR1  3101
8x FX-8350  4000 MHz  Asus M5A99X Evo R2.0  AMD990X  Dual DDR3-1866  9-10-9-27 CR2  2833
8x FX-8150  3600 MHz  Asus M5A97  AMD970  Dual DDR3-1866  9-10-9-27 CR2  2645
8x Xeon L5320  1866 MHz  Intel S5000VCL  i5000V  Dual DDR2-533FB  4-4-4-12  2590
2x Core i5-650 HT  3200 MHz  Supermicro C7SIM-Q  Q57 Int.  Dual DDR3-1333  9-9-9-24 CR1  2306
4x Xeon X3430  2400 MHz  Supermicro X8SIL-F  i3420  Dual DDR3-1333  9-9-9-24 CR1  2268
4x Core 2 Extreme QX9650  3000 MHz  Gigabyte GA-EP35C-DS3R  P35  Dual DDR3-1066  8-8-8-20 CR2  2219
8x Opteron 2344 HE  1700 MHz  Supermicro H8DME-2  nForcePro-3600  Unganged Quad DDR2-667R  5-5-5-15 CR1  2210
8x Atom C2750  2400 MHz  Supermicro A1SAi-2750F  Avoton  Dual DDR3-1600  11-11-11-28 CR1  2042
4x Phenom II X4 Black 940  3000 MHz  Asus M3N78-EM  GeForce8300 Int.  Ganged Dual DDR2-800  5-5-5-18 CR2  1934
4x A8-3850  2900 MHz  Gigabyte GA-A75M-UD2H  A75 Int.  Dual DDR3-1333  9-9-9-24 CR1  1872
4x Core 2 Extreme QX6700  2666 MHz  Intel D975XBX2  i975X  Dual DDR2-667  5-5-5-15  1856
4x Xeon 5140  2333 MHz  Intel S5000VSA  i5000V  Dual DDR2-667FB  5-5-5-15  1618
4x A10-7850K  3700 MHz  Gigabyte GA-F2A88XM-D3H  A88X Int.  Dual DDR3-2133  9-11-10-31 CR2  1481
4x A10-6800K  4100 MHz  Gigabyte GA-F2A85X-UP4  A85X Int.  Dual DDR3-2133  9-11-10-27 CR2  1480
4x Phenom X4 9500  2200 MHz  Asus M3A  AMD770  Ganged Dual DDR2-800  5-5-5-18 CR2  1421
4x A10-5800K  3800 MHz  Asus F2A55-M  A55 Int.  Dual DDR3-1866  9-10-9-27 CR2  1377
4x Athlon 5350  2050 MHz  ASRock AM1B-ITX  Yangtze Int.  DDR3-1600 SDRAM  11-11-11-28 CR2  1260
4x Opteron 2210 HE  1800 MHz  Tyan Thunder h2000M  BCM5785  Quad DDR2-600R  5-5-5-15 CR1  1178
2x Athlon64 X2 Black 6400+  3200 MHz  MSI K9N SLI Platinum  nForce570SLI  Dual DDR2-800  4-4-4-11 CR1  1049
2x Core 2 Extreme X6800  2933 MHz  Abit AB9  P965  Dual DDR2-800  5-5-5-18 CR2  1021
2x Pentium EE 955 HT  3466 MHz  Intel D955XBK  i955X  Dual DDR2-667  4-4-4-11  960
Celeron J1900  2000 MHz  Gigabyte GA-J1900N-D3V  BayTrailD Int.  Dual DDR3-1333  9-9-9-24 CR1  948
2x Xeon HT  3400 MHz  Intel SE7320SP2  iE7320  Dual DDR333R  2.5-3-3-7  942
4x Atom x5-Z8500  2233 MHz  ASUSTeK COMPUTER INC. T100HAN  CherryTrail Int.  Dual DDR3-1600  12-15-20-34 CR1  857
2x Core 2 Duo P8400  2266 MHz  MSI MegaBook PR201  GM45 Int.  Dual DDR2-667  5-5-5-15  835
2x Athlon64 X2 4000+  2100 MHz  ASRock ALiveNF7G-HDready  nForce7050-630a Int.  Dual DDR2-700  5-5-5-18 CR2  685
P4EE HT  3733 MHz  Intel SE7230NH1LX  iE7230  Dual DDR2-667  5-5-5-15  516
2x E-350  1600 MHz  ASRock E350M1  A50M Int.  DDR3-1066 SDRAM  8-8-8-20 CR1  505
2x Opteron 240  1400 MHz  MSI K8D Master3-133 FS  AMD8100  Quad DDR400R  3-4-4-8 CR1  457
2x Pentium D 820  2800 MHz  Abit Fatal1ty F-I90HD  RS600 Int.  Dual DDR2-800  5-5-5-18 CR2  452
Opteron 248  2200 MHz  MSI K8T Master1-FAR  K8T800  Dual DDR266R  2-3-3-6 CR1  359
Athlon64 3200+  2000 MHz  ASRock 939S56-M  SiS756  Dual DDR400  2.5-3-3-8 CR2  327
Nano X2 L4350  1600 MHz  VIA EPIA-M900  VX900H Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  284
Celeron 420  1600 MHz  Intel DQ965GF  Q965 Int.  Dual DDR2-667  5-5-5-15  277
2x Atom D2500  1866 MHz  Intel D2500CC  NM10 Int.  DDR3-1066 SDRAM  7-7-7-20 CR2  262
Sempron 2600+  1600 MHz  ASRock K8NF4G-SATA2  GeForce6100 Int.  DDR400 SDRAM  2.5-3-3-8 CR2  262
Atom 230 HT  1600 MHz  Intel D945GCLF  i945GC Int.  DDR2-533 SDRAM  4-4-4-12  205
Celeron D 326  2533 MHz  ASRock 775Twins-HDTV  RC410 Ext.  DDR2-533 SDRAM  4-4-4-11  203
Nano L2200  1600 MHz  VIA VB8001  CN896 Int.  DDR2-667 SDRAM  5-5-5-15 CR2  131


Debug - PCI

 
B00 D00 F00:  Intel Cherry Trail / Braswell SoC - Transaction Router
  
Offset 000:  86 80 80 22 07 00 00 00 20 00 00 06 00 00 00 00
Offset 010:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 020:  00 00 00 00 00 00 00 00 00 00 00 00 43 10 DD 1B
Offset 030:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 040:  12 83 01 00 9F FF 07 80 12 83 01 00 00 00 00 00
Offset 050:  02 81 00 00 02 81 00 00 02 81 00 00 00 00 00 00
Offset 060:  02 83 01 00 9F FF 07 80 12 83 01 00 00 00 00 00
Offset 070:  02 83 01 00 9F FF 07 80 02 83 01 00 00 00 00 00
Offset 080:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 090:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0A0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0B0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0C0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0D0:  00 00 00 00 03 00 00 03 00 00 00 00 00 00 00 00
Offset 0E0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0F0:  01 10 34 00 00 00 00 00 00 00 00 00 00 00 00 00
 
B00 D02 F00:  Intel Cherry Trail / Braswell SoC - Integrated Graphics Controller (16 EU)
  
Offset 000:  86 80 B0 22 07 04 10 00 20 00 00 03 00 00 00 00
Offset 010:  04 00 00 90 00 00 00 00 0C 00 00 80 00 00 00 00
Offset 020:  01 F0 00 00 00 00 00 00 00 00 00 00 43 10 DD 1B
Offset 030:  00 00 00 00 D0 00 00 00 00 00 00 00 00 01 00 00
Offset 040:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 050:  09 02 00 00 00 00 00 00 00 00 00 00 01 00 C0 7C
Offset 060:  00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 070:  01 00 80 7C 07 00 00 00 00 00 00 00 00 00 00 00
Offset 080:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 090:  05 B0 01 00 0C F0 E0 FE 54 49 00 00 00 00 00 00
Offset 0A0:  00 00 00 00 13 00 06 03 00 00 00 00 00 00 00 00
Offset 0B0:  09 00 07 01 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0C0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0D0:  01 90 22 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0E0:  00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0F0:  00 00 00 00 00 00 00 00 00 00 00 00 00 10 DA 7A
 
B00 D0A F00:  Intel(R) Integrated Sensor Solution [8086-22D8] [NoDB]
  
Offset 000:  86 80 D8 22 06 00 10 00 20 00 00 00 10 00 00 00
Offset 010:  00 F0 BF DF 00 00 00 00 00 00 00 00 00 00 00 00
Offset 020:  00 00 00 00 00 00 00 00 00 00 00 00 43 10 DD 1B
Offset 030:  00 00 00 00 80 00 00 00 00 00 00 00 14 01 00 00
Offset 040:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 050:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 060:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 070:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 080:  01 00 03 00 08 00 00 00 00 00 00 00 00 00 00 00
Offset 090:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0A0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0B0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0C0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0D0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0E0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0F0:  00 00 00 00 00 00 00 00 1C 0F 20 04 00 00 00 00
 
B00 D0B F00:  Intel Cherry Trail / Braswell SoC - P-Unit
  
Offset 000:  86 80 DC 22 06 04 10 00 20 00 80 11 00 00 00 00
Offset 010:  04 E0 BF DF 00 00 00 00 00 00 00 00 00 00 00 00
Offset 020:  00 00 00 00 00 00 00 00 00 00 00 00 43 10 DD 1B
Offset 030:  00 00 00 00 40 00 00 00 00 00 00 00 00 01 00 00
Offset 040:  05 50 01 00 0C F0 E0 FE 95 49 00 00 00 00 00 00
Offset 050:  01 00 03 00 08 00 00 00 00 00 00 00 00 00 00 00
Offset 060:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 070:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 080:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 090:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0A0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0B0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0C0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0D0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0E0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0F0:  00 00 00 00 00 00 00 00 1C 0F 20 04 00 00 00 00
 
B00 D14 F00:  Intel Cherry Trail / Braswell SoC - USB 3.0 xHCI Controller
  
Offset 000:  86 80 B5 22 06 04 90 02 20 30 03 0C 00 00 00 00
Offset 010:  04 00 80 91 00 00 00 00 00 00 00 00 00 00 00 00
Offset 020:  00 00 00 00 00 00 00 00 00 00 00 00 43 10 DD 1B
Offset 030:  00 00 00 00 70 00 00 00 00 00 00 00 00 01 00 00
Offset 040:  FD 01 34 80 8F C6 CF 83 00 00 00 00 00 00 00 00
Offset 050:  3F 6D DF 0F 00 00 00 00 00 00 00 00 00 00 00 00
Offset 060:  30 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 070:  01 80 C2 C1 08 01 00 00 00 00 00 00 00 00 00 00
Offset 080:  05 00 87 00 0C F0 E0 FE 00 00 00 00 A4 49 00 00
Offset 090:  09 00 14 F0 10 00 40 01 00 00 00 00 C1 0A 08 00
Offset 0A0:  00 08 04 00 00 18 00 00 8F 40 02 00 00 01 04 00
Offset 0B0:  01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0C0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0D0:  01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0E0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0F0:  00 00 00 00 00 00 00 00 1C 0F 20 04 00 00 00 00
 
B00 D1A F00:  Intel Cherry Trail / Braswell SoC - Trusted Execution Engine
  
Offset 000:  86 80 98 22 00 05 10 00 20 00 80 10 10 00 00 00
Offset 010:  00 00 70 91 00 00 60 91 00 00 00 00 00 00 00 00
Offset 020:  00 00 00 00 00 00 00 00 00 00 00 00 43 10 DD 1B
Offset 030:  00 00 00 00 80 00 00 00 00 00 00 00 00 01 00 00
Offset 040:  D5 00 00 1F 00 48 11 80 0E 00 00 69 00 00 00 00
Offset 050:  41 00 F0 3E 04 01 00 00 00 00 00 00 00 00 00 00
Offset 060:  00 00 00 10 01 00 00 00 00 00 00 00 00 00 00 00
Offset 070:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 080:  01 A0 03 48 0B 01 00 00 FF 00 00 00 01 00 00 00
Offset 090:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0A0:  05 00 00 00 0C F0 E0 FE 94 49 00 00 00 00 00 00
Offset 0B0:  00 00 00 40 02 00 00 00 00 00 00 00 00 00 00 00
Offset 0C0:  09 10 00 00 00 00 D0 7E 00 00 20 01 00 00 00 00
Offset 0D0:  09 10 00 00 00 00 F0 7F 00 10 00 00 00 00 00 00
Offset 0E0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0F0:  00 00 00 00 00 00 00 00 1C 0F 20 04 00 00 00 00
 
B00 D1F F00:  Intel Cherry Trail / Braswell SoC - Platform Controller Unit - LPC
  
Offset 000:  86 80 9C 22 07 00 10 02 20 00 01 06 00 00 80 00
Offset 010:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 020:  00 00 00 00 00 00 00 00 00 00 00 00 43 10 DD 1B
Offset 030:  00 00 00 00 E0 00 00 00 00 00 00 00 00 00 00 00
Offset 040:  03 04 00 00 02 30 D0 FE 01 00 00 00 02 00 D8 FE
Offset 050:  02 80 D0 FE 02 10 D0 FE 02 00 A0 FE 02 60 D0 FE
Offset 060:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 070:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 080:  01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 090:  01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0A0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0B0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0C0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0D0:  00 00 00 00 00 00 00 00 CF FF 00 00 00 00 00 00
Offset 0E0:  09 00 0C 10 00 00 00 00 00 00 00 00 00 00 00 00
Offset 0F0:  01 C0 D1 FE 00 00 00 00 1C 0F 20 04 03 03 00 00
 
PCI-8086-229C:  Intel BSW/CHT PUBAR @ FED06000h
  
Offset 00:  00 00 00 00 00 00 00 8C 00 00 00 00 00 00 00 00
Offset 10:  00 00 00 00 03 01 00 00 10 00 8F 32 86 01 0A 00
Offset 20:  08 01 00 00 10 01 00 00 06 01 00 00 43 10 DD 1B
Offset 30:  00 00 00 00 00 00 00 00 00 28 90 51 00 00 00 00
Offset 40:  00 02 00 00 EB 80 01 00 E4 27 00 00 06 18 00 00
Offset 50:  FF 03 00 00 71 07 00 00 F4 18 01 00 03 00 04 89
Offset 60:  00 82 00 00 00 82 00 00 02 82 01 00 16 82 00 00
Offset 70:  FF FF FF 00 00 00 00 00 0F 00 00 00 FF 00 00 00
Offset 80:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00
Offset A0:  00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0:  FF FF FF FF FF FF FF FF 03 00 00 03 00 00 00 00
Offset D0:  FF FF FF FF FF FF FF FF FC 0B 3C 0B FF FF FF FF
Offset E0:  FF FF FF FF 03 00 00 03 1F 00 00 1F 00 00 00 00
Offset F0:  FF FF FF FF FF FF FF FF 00 00 00 00 FF FF FF FF
Offset 100:  A7 09 00 00 8F 09 00 00 89 09 00 00 53 00 00 00
Offset 110:  8A FC 08 1B FF FF FF FF FF FF FF FF A0 88 00 00
Offset 120:  00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF
Offset 130:  00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF
Offset 140:  00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF
Offset 150:  00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF
Offset 160:  00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF
Offset 170:  00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF
Offset 180:  FF FF FF FF 0F FC FF 03 00 00 00 00 00 00 00 00
Offset 190:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 1A0:  00 00 00 00 00 00 00 00 00 00 00 00 E0 2F 00 00
Offset 1B0:  38 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00
Offset 1C0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 1D0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 1E0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 1F0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 200:  08 07 03 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 210:  00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF
Offset 220:  00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00
Offset 230:  00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF
Offset 240:  EB 02 15 1D 57 7A CD 42 EB E5 EA 18 89 76 8C 1B
Offset 250:  DB 46 87 8E 10 01 00 00 FF FF FF FF FF FF FF FF
Offset 260:  20 00 80 22 14 8E C0 0B D4 05 00 00 00 00 00 00
Offset 270:  00 00 00 00 14 8E C0 0B D4 05 00 00 00 00 00 00
Offset 280:  4C 0E CD DC D7 05 00 00 FF FF FF FF FF FF FF FF
Offset 290:  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
Offset 2A0:  78 7C 04 4B 00 00 00 00 00 00 00 00 00 00 00 00
Offset 2B0:  00 00 00 00 00 00 00 00 00 00 00 00 22 00 00 00
Offset 2C0:  03 00 00 00 94 95 8C 00 00 00 00 00 00 00 00 00
Offset 2D0:  00 04 03 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 2E0:  08 08 06 00 08 08 06 00 08 08 06 00 00 00 00 00
Offset 2F0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 300:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 310:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 320:  00 00 00 00 00 04 00 00 00 00 00 00 FF FF FF FF
Offset 330:  FF FF FF FF FF FF FF FF B7 58 D1 E1 67 00 00 00
Offset 340:  00 00 00 00 00 00 00 00 FF 66 0A 00 14 00 00 00
Offset 350:  3C 00 00 00 00 00 00 4F 00 00 00 00 00 00 00 00
Offset 360:  10 3C 00 00 CF 0E 00 00 00 00 00 00 00 00 00 00
Offset 370:  00 00 00 00 31 69 BF E0 67 00 00 00 3C 28 00 00
Offset 380:  FF FF FF FF 00 00 00 00 00 00 00 00 BE AD 00 00
Offset 390:  0E AC 00 00 A2 AB 00 00 D7 05 00 00 72 BE 7C E1
Offset 3A0:  00 00 00 00 00 00 00 00 00 00 00 00 74 AB 64 0B
Offset 3B0:  D4 05 00 00 FF FF FF FF FF FF FF FF 00 00 00 00
Offset 3C0:  00 00 00 00 FF FF FF FF FF FF FF FF 96 01 01 00
Offset 3D0:  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
Offset 3E0:  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
Offset 3F0:  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
Offset 400:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 410:  00 5A 0F 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 420:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 430:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 440:  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
Offset 450:  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
Offset 460:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 470:  00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF
Offset 480:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 490:  00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF
Offset 4A0:  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
Offset 4B0:  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
Offset 4C0:  02 00 00 00 10 00 20 00 30 00 40 00 50 00 60 00
Offset 4D0:  70 00 FF 00 4C 29 00 00 28 3C 3C 3C 28 14 90 51
Offset 4E0:  53 03 CB 01 00 00 00 00 00 00 00 00 16 95 01 00
Offset 4F0:  00 00 00 00 00 00 12 0C 00 00 00 00 00 00 00 00
Offset 500:  00 00 00 00 00 00 00 00 A0 62 00 00 AF 9F B1 03
Offset 510:  00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00
Offset 520:  43 10 DD 1B FF FF FF FF FF FF FF FF FF FF FF FF
Offset 530:  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
Offset 540:  58 00 00 00 1F 32 1F 14 C0 4B 03 00 C0 4B 03 00
Offset 550:  00 00 00 00 30 02 30 02 30 02 30 02 00 00 00 00
Offset 560:  00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF
Offset 570:  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
Offset 580:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 590:  00 00 00 00 00 00 00 00 00 00 00 00 02 00 10 02
 
PCI-8086-22B0:  Intel BSW/CHT iGPU MMIO @ 90000000h
  
Offset 182000:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 182010:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 182020:  00 00 00 00 00 00 00 00 E1 03 00 00 00 00 00 00
Offset 182030:  76 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 182040:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 182050:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 182060:  00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 182070:  00 00 01 00 17 80 02 00 00 00 00 00 00 00 00 00
Offset 182080:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 182090:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 1820A0:  A0 04 02 00 00 00 00 00 1F FB FD FF 00 00 04 00
Offset 1820B0:  00 00 00 00 71 00 00 00 01 00 00 00 00 00 00 00
Offset 1820C0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 1820D0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 1820E0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 1820F0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 182100:  F0 04 06 00 38 D5 2A DE CE 00 00 00 00 00 00 00
Offset 182110:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 182120:  01 80 BF 7E 00 00 00 00 00 00 00 00 00 00 00 00
Offset 182130:  50 00 40 00 00 00 00 80 31 03 00 20 00 00 00 00
Offset 182140:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 182150:  00 00 00 00 00 00 00 00 00 00 00 00 77 A3 A3 00
Offset 182160:  E0 E1 01 00 00 00 00 00 00 00 88 88 F2 D5 77 5C
Offset 182170:  12 12 12 00 00 00 00 00 00 00 00 00 00 00 00 00


Debug - Video BIOS

 
C000:0000  %.....`....u6F.\.V.R..[.7.t....#..'>..V.z...^.+..0..9..y.....#xn
C000:0040  -.........TW6F...VMp..).7.".......S...,.z...^.Y".0K.9........#..
C000:0080  ......f..8;e*N.X.K.\.R....-..p.G..7n.KR.i5..Z.).....m..+.......?
C000:00C0  F......,.:oG*N...K.|.R.[..:.p....dL.K0Gi5..Z.[t....m.....P.....
C000:0100  .^0...St....2...R.F..z.Ba._.......g,.j.J.....ywC3.v.....QS......
C000:0140  ..f...!...].2...R....z..a......1..1..j.......y..3. 9..p..S.p.<.x
C000:0180  .N)...Uv..2.....Q.....n..8.e4N..1.w|.....W.R..u.cu.CX](.r.V...J.
C000:01C0  .\...'...D.....Q.. .....8PG4N.U!*#......W.p....ce.AX]ZXs.....8)
C000:0200  s...\.....u..c%..C.....:}T....x..!T.v......*.x.Nd....r.KF....d..
C000:0240  s..!\.....#>.cWN.C......uTU....u....6..?..g..x..d.]..r..F..0.d.M
C000:0280  H!..P.....L..k+..\w...%x.6Y.1.......~(...R<h....6[.v....u./P..:.
C000:02C0  @..)P........kYJ.^!...W..t.C1.......~(.k.RnP....<[.T....e.]v..H.
C000:0300  ..L_:B...vyd..'.4....?..#....+2gZ%4.V.]v....=.....c... ....|.S.[
C000:0340  ...}:B.^.v*B..U.4....?b`#.~..+@.Z%..^./.....=../..7...R<.O.^.Sz.
C000:0380  ..TW6....^Ip..)X5.".......q<..$.z...~.Y".0@.9........#....S:....
C000:03C0  ...u6F.\.V.R..[.7.t....#..'>..V.z...^.+..0..9..y.....#xn........


Debug - Unknown

 
ACPI  BCFG: Unknown
ACPI  PRAM: Unknown
HDD  Samsung CGND3R
Monitor ID  AUO20D4: Generic PnP Monitor [NoDB]
PCI/AGP  8086-22D8 [SubSys: 1043-1BDD]: Intel(R) Integrated Sensor Solution [8086-22D8] [NoDB]
PnP  BCM2E72: Broadcom Serial Bus Driver over UART Bus Enumerator [NoDB]
PnP  INT33A4: Intel(R) Power Engine Plug-in [NoDB]
PnP  SIS0457: I2C HID Device [NoDB]
SPD  No SPD module found! (BusCount = 0)
SSD  Samsung CGND3R




The names of actual companies and products mentioned herein may be the trademarks of their respective owners.