Report of <LAPTOP-5DNN8R19>

Navigation

AIDA64 Engineer


		Version	AIDA64 v5.30.3500
		Benchmark Module	4.1.643-x64
		Homepage	http://www.aida64.com/
		Report Type	Quick Report
		Computer	LAPTOP-5DNN8R19
		Generator	galff
		Operating System	Microsoft Windows 10 10.0.10240.16431 (Win10 RTM)
		Date	2015-08-27
		Time	17:52

Summary


Computer:
	Computer Type	ACPI x64-based PC
	Operating System	Microsoft Windows 10
	OS Service Pack	-
	Internet Explorer	11.0.10240.16431
	Edge	20.10240.16384.0
	DirectX	DirectX 12.0
	Computer Name	LAPTOP-5DNN8R19
	User Name	galff
	Logon Domain	LAPTOP-5DNN8R19
	Date / Time	2015-08-27 / 17:52

Motherboard:
	CPU Type	QuadCore Intel Atom x5-Z8500, 2233 MHz (28 x 80)
	Motherboard Name	ASUSTeK COMPUTER INC. T100HAN
	Motherboard Chipset	Intel Cherry Trail
	System Memory	1963 MB
	BIOS Type	AMI (07/14/2015)
	Communication Port	Communications Port (COM1)

Display:
	Video Adapter	Intel(R) HD Graphics (1 GB)
	Video Adapter	Intel(R) HD Graphics (1 GB)
	Video Adapter	Intel(R) HD Graphics (1 GB)
	Monitor	Generic PnP Monitor [NoDB] (12003)
	Monitor	Intel AVStream Camera

Storage:
	Storage Controller	Microsoft Storage Spaces Controller
	Storage Controller	SD Storage Class Controller
	Disk Drive	Samsung CGND3R (58 GB)
	SMART Hard Disks Status	Unknown

Partitions:
	C: (NTFS)	58862 MB (36827 MB free)
	Total Size	57.5 GB (36.0 GB free)

Input:
	Keyboard	HID Keyboard Device
	Keyboard	HID Keyboard Device
	Keyboard	HID Keyboard Device
	Mouse	ASUS Touchpad
	Mouse	HID-compliant mouse

Network:
	Primary IP Address	192.168.1.112
	Primary MAC Address	04-E6-76-43-62-CE
	Network Adapter	Bluetooth Device (Personal Area Network)
	Network Adapter	Broadcom 802.11abgn Wireless SDIO Adapter (192.168.1.112)
	Network Adapter	Microsoft Wi-Fi Direct Virtual Adapter

Peripherals:
	Printer	Fax
	Printer	Microsoft Print to PDF
	Printer	Microsoft XPS Document Writer
	USB3 Controller	Intel Cherry Trail / Braswell SoC - USB 3.0 xHCI Controller
	USB Device	Generic USB Hub
	USB Device	USB Composite Device
	USB Device	USB Input Device
	USB Device	USB Input Device
	USB Device	USB Input Device
	USB Device	USB Input Device
	Battery	Microsoft AC Adapter
	Battery	Microsoft ACPI-Compliant Control Method Battery

DMI:
	DMI BIOS Vendor	American Megatrends Inc.
	DMI BIOS Version	T100HAN.204
	DMI System Manufacturer	ASUSTeK COMPUTER INC.
	DMI System Product	T100HAN
	DMI System Version	1.0
	DMI System Serial Number	F6NTCY00091925A
	DMI System UUID	F0078270-EE26E581-269F04E6-764362CE
	DMI Motherboard Manufacturer	ASUSTeK COMPUTER INC.
	DMI Motherboard Product	T100HAN
	DMI Motherboard Version	1.0
	DMI Motherboard Serial Number	BSN12345678901234567
	DMI Chassis Manufacturer	ASUSTeK COMPUTER INC.
	DMI Chassis Version	1.0
	DMI Chassis Serial Number	F6NTCY00091925A
	DMI Chassis Asset Tag	ATN12345678901234567
	DMI Chassis Type	Notebook

Computer Name


Type	Class	Computer Name
Computer Comment	Logical
NetBIOS Name	Logical	LAPTOP-5DNN8R19
DNS Host Name	Logical	LAPTOP-5DNN8R19
DNS Domain Name	Logical
Fully Qualified DNS Name	Logical	LAPTOP-5DNN8R19
NetBIOS Name	Physical	LAPTOP-5DNN8R19
DNS Host Name	Physical	LAPTOP-5DNN8R19
DNS Domain Name	Physical
Fully Qualified DNS Name	Physical	LAPTOP-5DNN8R19

DMI


[ BIOS ]

	BIOS Properties:
		Vendor	American Megatrends Inc.
		Version	T100HAN.204
		Release Date	07/14/2015
		Size	6 MB
		System BIOS Version	5.6
		Boot Devices	Floppy Disk, Hard Disk, CD-ROM
		Capabilities	Flash BIOS, Shadow BIOS, Selectable Boot, EDD, BBS, Smart Battery
		Supported Standards	DMI, ACPI, UEFI
		Expansion Capabilities	PCI, USB
		Virtual Machine	No

	BIOS Manufacturer:
		Company Name	American Megatrends Inc.
		Product Information	http://www.ami.com/amibios
		BIOS Upgrades	http://www.aida64.com/bios-updates

[ System ]

	System Properties:
		Manufacturer	ASUSTeK COMPUTER INC.
		Product	T100HAN
		Version	1.0
		Serial Number	F6NTCY00091925A
		SKU#	ASUS-TabletSKU
		Family	T
		Universal Unique ID	F0078270-EE26E581-269F04E6-764362CE
		Wake-Up Type	Power Switch

[ Motherboard ]

	Motherboard Properties:
		Manufacturer	ASUSTeK COMPUTER INC.
		Product	T100HAN
		Version	1.0
		Serial Number	BSN12345678901234567
		Asset Tag	ATN12345678901234567

	Motherboard Manufacturer:
		Company Name	ASUSTeK Computer Inc.
		Product Information	http://www.asus.com/Motherboards
		BIOS Download	http://support.asus.com/download/download.aspx?SLanguage=en-us
		Driver Update	http://www.aida64.com/driver-updates
		BIOS Upgrades	http://www.aida64.com/bios-updates

[ Chassis ]

	Chassis Properties:
		Manufacturer	ASUSTeK COMPUTER INC.
		Version	1.0
		Serial Number	F6NTCY00091925A
		Asset Tag	ATN12345678901234567
		Chassis Type	Notebook
		Boot-Up State	Safe
		Power Supply State	Safe
		Thermal State	Safe
		Security Status	None

[ Processors / Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz ]

	Processor Properties:
		Manufacturer	Intel
		Version	Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz
		Asset Tag	Fill By OEM
		Part Number	Fill By OEM
		External Clock	80 MHz
		Maximum Clock	2400 MHz
		Current Clock	1440 MHz
		Type	Central Processor
		Voltage	1.2 V
		Status	Enabled
		Upgrade	Socket LGA1155
		Socket Designation	SOCKET 0
		HTT / CMP Units	1 / 4
		Capabilities	64-bit

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel%20Atom%20x5-Z8500
		Driver Update	http://www.aida64.com/driver-updates

[ Caches / CPU Internal L1 ]

	Cache Properties:
		Type	Internal
		Status	Enabled
		Operational Mode	Write-Back
		Maximum Size	224 KB
		Installed Size	224 KB
		Error Correction	Single-bit ECC
		Socket Designation	CPU Internal L1

[ Caches / CPU Internal L2 ]

	Cache Properties:
		Type	Unified
		Status	Enabled
		Operational Mode	Write-Back
		Associativity	16-way Set-Associative
		Maximum Size	2048 KB
		Installed Size	2048 KB
		Error Correction	Single-bit ECC
		Socket Designation	CPU Internal L2

[ Memory Arrays / System Memory ]

	Memory Array Properties:
		Location	Motherboard
		Memory Array Function	System Memory
		Error Correction	Multi-bit ECC
		Max. Memory Capacity	8 GB
		Memory Devices	2

[ Memory Devices / A1_DIMM0 ]

	Memory Device Properties:
		Form Factor	DIMM
		Type	DDR3
		Size	1 GB
		Max. Clock Speed	1600 MHz
		Current Clock Speed	1600 MHz
		Total Width	8-bit
		Data Width	64-bit
		Min. Voltage	1.500 V
		Max. Voltage	1.500 V
		Current Voltage	1.500 V
		Device Locator	A1_DIMM0
		Bank Locator	A1_BANK0
		Manufacturer	A1_Manufacturer0
		Serial Number	A1_SerNum0
		Asset Tag	A1_AssetTagNum0
		Part Number	Array1_PartNumber0

[ Memory Devices / A1_DIMM1 ]

	Memory Device Properties:
		Form Factor	DIMM
		Type	DDR3
		Size	1 GB
		Max. Clock Speed	1600 MHz
		Current Clock Speed	1600 MHz
		Total Width	8-bit
		Data Width	64-bit
		Min. Voltage	1.500 V
		Max. Voltage	1.500 V
		Current Voltage	1.500 V
		Device Locator	A1_DIMM1
		Bank Locator	A1_BANK1
		Manufacturer	A1_Manufacturer1
		Serial Number	A1_SerNum1
		Asset Tag	A1_AssetTagNum1
		Part Number	Array1_PartNumber1

[ On-Board Devices / VGA ]

	On-Board Device Properties:
		Description	VGA
		Type	Video
		Status	Enabled

[ On-Board Devices / GLAN ]

	On-Board Device Properties:
		Description	GLAN
		Type	Ethernet
		Status	Enabled

[ On-Board Devices / WLAN ]

	On-Board Device Properties:
		Description	WLAN
		Type	Ethernet
		Status	Enabled

[ Miscellaneous ]

	Miscellaneous:
		OEM String	90NB074A-T00020

Overclock


CPU Properties:
	CPU Type	QuadCore Intel Atom x5-Z8500
	CPU Alias	Cherry Trail
	CPU Stepping	C0
	Engineering Sample	No
	CPUID CPU Name	Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz
	CPUID Revision	000406C3h
	CPU VID	0.6000 V

CPU Speed:
	CPU Clock	2238.2 MHz (original: 1440 MHz, overclock: 55%)
	CPU Multiplier	28x
	CPU FSB	79.9 MHz (original: 80 MHz)
	Memory Bus	799.3 MHz
	DRAM:FSB Ratio	30:3

CPU Cache:
	L1 Code Cache	32 KB per core
	L1 Data Cache	24 KB per core
	L2 Cache	2x 1 MB (On-Die, ECC, Full-Speed)

Motherboard Properties:
	Motherboard ID	<DMI>
	Motherboard Name	ASUSTeK COMPUTER INC. T100HAN

Chipset Properties:
	Motherboard Chipset	Intel Cherry Trail
	Memory Timings	12-15-20-34 (CL-RCD-RP-RAS)
	Command Rate (CR)	1T

BIOS Properties:
	System BIOS Date	07/14/2015
	Video BIOS Date	Unknown
	DMI BIOS Version	T100HAN.204

Graphics Processor Properties:
	Video Adapter	Intel Cherry Trail / Braswell SoC - Integrated Graphics Controller (16 EU)
	GPU Code Name	Cherry Trail (Integrated 8086 / 22B0, Rev 20)
	GPU Clock	600 MHz

Power Management


Power Management Properties:
	Current Power Source	AC Line
	Battery Status	31 % (Low Level, Charging)
	Full Battery Lifetime	Unknown
	Remaining Battery Lifetime	Unknown

Battery Properties:
	Device Name	SR Real Battery
	Manufacturer	Intel SR 1
	Serial Number	123456789
	Unique ID	123456789Intel SR 1SR Real Battery
	Battery Type	Rechargeable Li-Ion
	Designed Capacity	30000 mWh
	Fully Charged Capacity	30199 mWh
	Current Capacity	9428 mWh (31 %)
	Battery Voltage	3.925 V
	Charge-Discharge Cycle Count	6
	Wear Level	0 %
	Power State	AC Line, Charging
	Charge Rate	6611 mW

Portable Computer


Centrino (Carmel) Platform Compliancy:
	CPU: Intel Pentium M (Banias/Dothan)	No (Intel Atom x5-Z8500)
	Chipset: Intel i855GM/PM	No (Intel Cherry Trail)
	WLAN: Intel PRO/Wireless	No
	System: Centrino Compliant	No

Centrino (Sonoma) Platform Compliancy:
	CPU: Intel Pentium M (Dothan)	No (Intel Atom x5-Z8500)
	Chipset: Intel i915GM/PM	No (Intel Cherry Trail)
	WLAN: Intel PRO/Wireless 2200/2915	No
	System: Centrino Compliant	No

Centrino (Napa) Platform Compliancy:
	CPU: Intel Core (Yonah) / Core 2 (Merom)	No (Intel Atom x5-Z8500)
	Chipset: Intel i945GM/PM	No (Intel Cherry Trail)
	WLAN: Intel PRO/Wireless 3945/3965	No
	System: Centrino Compliant	No

Centrino (Santa Rosa) Platform Compliancy:
	CPU: Intel Core 2 (Merom/Penryn)	No (Intel Atom x5-Z8500)
	Chipset: Intel GM965/PM965	No (Intel Cherry Trail)
	WLAN: Intel Wireless WiFi Link 4965	No
	System: Centrino Compliant	No

Centrino 2 (Montevina) Platform Compliancy:
	CPU: Intel Core 2 (Penryn)	No (Intel Atom x5-Z8500)
	Chipset: Mobile Intel 4 Series	No (Intel Cherry Trail)
	WLAN: Intel WiFi Link 5000 Series	No
	System: Centrino 2 Compliant	No

Centrino (Calpella) Platform Compliancy:
	CPU: Intel Core i3/i5/i7 (Arrandale/Clarksfield)	No (Intel Atom x5-Z8500)
	Chipset: Mobile Intel 5 Series	No (Intel Cherry Trail)
	WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-N	No
	System: Centrino Compliant	No

Centrino (Huron River) Platform Compliancy:
	CPU: Intel Core i3/i5/i7 (Sandy Bridge-MB)	No (Intel Atom x5-Z8500)
	Chipset: Mobile Intel 6 Series	No (Intel Cherry Trail)
	WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-N	No
	System: Centrino Compliant	No

Centrino (Chief River) Platform Compliancy:
	CPU: Intel Core i3/i5/i7 (Ivy Bridge-MB)	No (Intel Atom x5-Z8500)
	Chipset: Mobile Intel 7 Series	No (Intel Cherry Trail)
	WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-N	No
	System: Centrino Compliant	No

Centrino (Shark Bay-MB) Platform Compliancy:
	CPU: Intel Core i3/i5/i7 (Haswell-MB)	No (Intel Atom x5-Z8500)
	Chipset: Mobile Intel 8/9 Series	No (Intel Cherry Trail)
	WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-N	No
	System: Centrino Compliant	No

Sensor


Sensor Properties:
	Sensor Type	Intel DPTF (ACPI)

Temperatures:
	Motherboard	46 �C (115 �F)
	CPU	46 �C (114 �F)
	CPU GT Cores	53 �C (127 �F)
	CPU #1 / Core #1	56 �C (133 �F)
	CPU #1 / Core #2	52 �C (126 �F)
	CPU #1 / Core #3	55 �C (131 �F)
	CPU #1 / Core #4	50 �C (122 �F)
	Temperature #1	46 �C (115 �F)
	Temperature #2	62 �C (144 �F)
	Temperature #3	46 �C (114 �F)
	Temperature #4	54 �C (129 �F)

Voltage Values:
	CPU Core	0.450 V
	Battery	3.925 V

Power Values:
	CPU Package	1.32 W
	CPU IA Cores	0.39 W
	CPU GT Cores	0.93 W
	Battery Charge Rate	6.61 W

CPU


CPU Properties:
	CPU Type	QuadCore Intel Atom x5-Z8500, 2233 MHz (28 x 80)
	CPU Alias	Cherry Trail
	CPU Stepping	C0
	Instruction Set	x86, x86-64, MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, AES
	Original Clock	1440 MHz
	Engineering Sample	No
	L1 Code Cache	32 KB per core
	L1 Data Cache	24 KB per core
	L2 Cache	2x 1 MB (On-Die, ECC, Full-Speed)

CPU Physical Info:
	Package Type	1380 Ball FCBGA
	Package Size	17 mm x 17 mm
	Process Technology	14 nm, CMOS, Cu, High-K + Metal Gate
	Die Size	71 mm2

CPU Manufacturer:
	Company Name	Intel Corporation
	Product Information	http://ark.intel.com/search.aspx?q=Intel%20Atom%20x5-Z8500
	Driver Update	http://www.aida64.com/driver-updates

Multi CPU:
	CPU #1	Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz, 1440 MHz
	CPU #2	Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz, 1440 MHz
	CPU #3	Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz, 1440 MHz
	CPU #4	Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz, 1440 MHz

CPU Utilization:
	CPU #1 / Core #1	0%
	CPU #1 / Core #2	0%
	CPU #1 / Core #3	0%
	CPU #1 / Core #4	0%

CPUID


CPUID Properties:
	CPUID Manufacturer	GenuineIntel
	CPUID CPU Name	Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz
	CPUID Revision	000406C3h
	IA Brand ID	00h (Unknown)
	Platform ID	37h / MC 01h (FCBGA1380)
	Microcode Update Revision	34Dh
	HTT / CMP Units	0 / 4
	Tjmax Temperature	90 �C (194 �F)
	CPU Power Limit 1 (Long Duration)	4.9 W / 1.00 sec (Unlocked)
	CPU Power Limit 2 (Short Duration)	7.8 W / 10.00 sec (Unlocked)
	Max Turbo Boost Multipliers	1C: 28x, 2C: 28x, 3C: 28x, 4C: 28x

Instruction Set:
	64-bit x86 Extension (AMD64, Intel64)	Supported
	AMD 3DNow!	Not Supported
	AMD 3DNow! Professional	Not Supported
	AMD 3DNowPrefetch	Supported
	AMD Enhanced 3DNow!	Not Supported
	AMD Extended MMX	Not Supported
	AMD FMA4	Not Supported
	AMD MisAligned SSE	Not Supported
	AMD SSE4A	Not Supported
	AMD XOP	Not Supported
	Cyrix Extended MMX	Not Supported
	Enhanced REP MOVSB/STOSB	Supported
	Float-16 Conversion Instructions	Not Supported
	IA-64	Not Supported
	IA AES Extensions	Supported
	IA AVX	Not Supported
	IA AVX2	Not Supported
	IA AVX-512 (AVX512F)	Not Supported
	IA AVX-512 52-bit Integer Instructions (AVX512IFMA52)	Not Supported
	IA AVX-512 Byte and Word Instructions (AVX512BW)	Not Supported
	IA AVX-512 Conflict Detection Instructions (AVX512CD)	Not Supported
	IA AVX-512 Doubleword and Quadword Instructions (AVX512DQ)	Not Supported
	IA AVX-512 Exponential and Reciprocal Instructions (AVX512ER)	Not Supported
	IA AVX-512 Prefetch Instructions (AVX512PF)	Not Supported
	IA AVX-512 Vector Bit Manipulation Instructions (AVX512VBMI)	Not Supported
	IA AVX-512 Vector Length Extensions (AVX512VL)	Not Supported
	IA BMI1	Not Supported
	IA BMI2	Not Supported
	IA FMA	Not Supported
	IA MMX	Supported
	IA SHA Extensions	Not Supported
	IA SSE	Supported
	IA SSE2	Supported
	IA SSE3	Supported
	IA Supplemental SSE3	Supported
	IA SSE4.1	Supported
	IA SSE4.2	Supported
	VIA Alternate Instruction Set	Not Supported
	ADCX / ADOX Instruction	Not Supported
	CLFLUSH Instruction	Supported
	CLFLUSHOPT Instruction	Not Supported
	CLWB Instruction	Not Supported
	CMPXCHG8B Instruction	Supported
	CMPXCHG16B Instruction	Supported
	Conditional Move Instruction	Supported
	INVPCID Instruction	Not Supported
	LAHF / SAHF Instruction	Supported
	LZCNT Instruction	Not Supported
	MONITOR / MWAIT Instruction	Supported
	MONITORX / MWAITX Instruction	Not Supported
	MOVBE Instruction	Supported
	PCLMULQDQ Instruction	Supported
	PCOMMIT Instruction	Not Supported
	POPCNT Instruction	Supported
	PREFETCHWT1 Instruction	Not Supported
	RDFSBASE / RDGSBASE / WRFSBASE / WRGSBASE Instruction	Not Supported
	RDRAND Instruction	Supported
	RDSEED Instruction	Not Supported
	RDTSCP Instruction	Supported
	SKINIT / STGI Instruction	Not Supported
	SYSCALL / SYSRET Instruction	Not Supported
	SYSENTER / SYSEXIT Instruction	Supported
	Trailing Bit Manipulation Instructions	Not Supported
	VIA FEMMS Instruction	Not Supported

Security Features:
	Advanced Cryptography Engine (ACE)	Not Supported
	Advanced Cryptography Engine 2 (ACE2)	Not Supported
	Data Execution Prevention (DEP, NX, EDB)	Supported
	Hardware Random Number Generator (RNG)	Not Supported
	Hardware Random Number Generator 2 (RNG2)	Not Supported
	Memory Protection Extensions (MPX)	Not Supported
	PadLock Hash Engine (PHE)	Not Supported
	PadLock Hash Engine 2 (PHE2)	Not Supported
	PadLock Montgomery Multiplier (PMM)	Not Supported
	PadLock Montgomery Multiplier 2 (PMM2)	Not Supported
	Processor Serial Number (PSN)	Not Supported
	Safer Mode Extensions (SMX)	Not Supported
	Software Guard Extensions (SGX)	Not Supported
	Supervisor Mode Access Prevention (SMAP)	Not Supported
	Supervisor Mode Execution Protection (SMEP)	Supported

Power Management Features:
	Application Power Management (APM)	Not Supported
	Automatic Clock Control	Supported
	Core C6 State (CC6)	Not Supported
	Digital Thermometer	Supported
	Dynamic FSB Frequency Switching	Not Supported
	Enhanced Halt State (C1E)	Supported, Disabled
	Enhanced SpeedStep Technology (EIST, ESS)	Supported, Enabled
	Frequency ID Control	Not Supported
	Hardware P-State Control	Not Supported
	Hardware Thermal Control (HTC)	Not Supported
	LongRun	Not Supported
	LongRun Table Interface	Not Supported
	Overstress	Not Supported
	Package C6 State (PC6)	Not Supported
	Parallax	Not Supported
	PowerSaver 1.0	Not Supported
	PowerSaver 2.0	Not Supported
	PowerSaver 3.0	Not Supported
	Processor Duty Cycle Control	Supported
	Software Thermal Control	Not Supported
	Temperature Sensing Diode	Not Supported
	Thermal Monitor 1	Supported
	Thermal Monitor 2	Supported
	Thermal Monitor 3	Not Supported
	Thermal Monitoring	Not Supported
	Thermal Trip	Not Supported
	Voltage ID Control	Not Supported

Virtualization Features:
	Extended Page Table (EPT)	Supported
	Hypervisor	Not Present
	INVEPT Instruction	Supported
	INVVPID Instruction	Supported
	Nested Paging (NPT, RVI)	Not Supported
	Secure Virtual Machine (SVM, Pacifica)	Not Supported
	Virtual Machine Extensions (VMX, Vanderpool)	Supported
	Virtual Processor ID (VPID)	Supported

CPUID Features:
	1 GB Page Size	Not Supported
	36-bit Page Size Extension	Supported
	64-bit DS Area	Supported
	Adaptive Overclocking	Not Supported
	Address Region Registers (ARR)	Not Supported
	Configurable TDP (cTDP)	Not Supported
	Core Performance Boost (CPB)	Not Supported
	Core Performance Counters	Not Supported
	CPL Qualified Debug Store	Supported
	Data Breakpoint Extension	Not Supported
	Debug Trace Store	Supported
	Debugging Extension	Supported
	Deprecated FPU CS and FPU DS	Supported
	Direct Cache Access	Not Supported
	Dynamic Acceleration Technology (IDA)	Not Supported
	Dynamic Configurable TDP (DcTDP)	Not Supported
	Extended APIC Register Space	Not Supported
	Fast Save & Restore	Supported
	Hardware Lock Elision (HLE)	Not Supported
	Hybrid Boost	Not Supported
	Hyper-Threading Technology (HTT)	Not Supported
	Instruction Based Sampling	Not Supported
	Invariant Time Stamp Counter	Supported
	L1 Context ID	Not Supported
	L2I Performance Counters	Not Supported
	Lightweight Profiling	Not Supported
	Local APIC On Chip	Supported
	Machine Check Architecture (MCA)	Supported
	Machine Check Exception (MCE)	Supported
	Memory Configuration Registers (MCR)	Not Supported
	Memory Type Range Registers (MTRR)	Supported
	Model Specific Registers (MSR)	Supported
	NB Performance Counters	Not Supported
	Page Attribute Table (PAT)	Supported
	Page Global Extension	Supported
	Page Size Extension (PSE)	Supported
	Pending Break Event (PBE)	Supported
	Performance Time Stamp Counter (PTSC)	Not Supported
	Physical Address Extension (PAE)	Supported
	Platform Quality of Service Enforcement (PQE)	Not Supported
	Platform Quality of Service Monitoring (PQM)	Not Supported
	Process Context Identifiers (PCID)	Not Supported
	Processor Feedback Interface	Not Supported
	Processor Trace (PT)	Not Supported
	Restricted Transactional Memory (RTM)	Not Supported
	Self-Snoop	Supported
	Time Stamp Counter (TSC)	Supported
	Turbo Boost	Supported, Enabled
	Virtual Mode Extension	Supported
	Watchdog Timer	Not Supported
	x2APIC	Not Supported
	XGETBV / XSETBV OS Enabled	Not Supported
	XSAVE / XRSTOR / XSETBV / XGETBV Extended States	Not Supported
	XSAVEOPT	Not Supported

CPUID Registers (CPU #1):
	CPUID 00000000	0000000B-756E6547-6C65746E-49656E69 [GenuineIntel]
	CPUID 00000001	000406C3-00100800-43D8E3BF-BFEBFBFF
	CPUID 00000002	61B4A001-0000FFC2-00000000-00000000
	CPUID 00000003	00000000-00000000-00000000-00000000
	CPUID 00000004	1C000121-0140003F-0000003F-00000001 [SL 00]
	CPUID 00000004	1C000122-01C0003F-0000003F-00000001 [SL 01]
	CPUID 00000004	1C00C143-03C0003F-000003FF-00000001 [SL 02]
	CPUID 00000005	00000040-00000040-00000003-33000020
	CPUID 00000006	00000007-00000002-00000009-00000000
	CPUID 00000007	00000000-00002282-00000000-00000000
	CPUID 00000008	00000000-00000000-00000000-00000000
	CPUID 00000009	00000000-00000000-00000000-00000000
	CPUID 0000000A	07280203-00000000-00000000-00000503
	CPUID 0000000B	00000001-00000001-00000100-00000000 [SL 00]
	CPUID 0000000B	00000004-00000004-00000201-00000000 [SL 01]
	CPUID 80000000	80000008-00000000-00000000-00000000
	CPUID 80000001	00000000-00000000-00000101-28100000
	CPUID 80000002	20202020-6E492020-286C6574-41202952 [ Intel(R) A]
	CPUID 80000003	286D6F74-20294D54-5A2D3578-30303538 [tom(TM) x5-Z8500]
	CPUID 80000004	50432020-20402055-34342E31-007A4847 [ CPU @ 1.44GHz]
	CPUID 80000005	00000000-00000000-00000000-00000000
	CPUID 80000006	00000000-00000000-04008040-00000000
	CPUID 80000007	00000000-00000000-00000000-00000100
	CPUID 80000008	00003024-00000000-00000000-00000000

CPUID Registers (CPU #2):
	CPUID 00000000	0000000B-756E6547-6C65746E-49656E69 [GenuineIntel]
	CPUID 00000001	000406C3-02100800-43D8E3BF-BFEBFBFF
	CPUID 00000002	61B4A001-0000FFC2-00000000-00000000
	CPUID 00000003	00000000-00000000-00000000-00000000
	CPUID 00000004	1C000121-0140003F-0000003F-00000001 [SL 00]
	CPUID 00000004	1C000122-01C0003F-0000003F-00000001 [SL 01]
	CPUID 00000004	1C00C143-03C0003F-000003FF-00000001 [SL 02]
	CPUID 00000005	00000040-00000040-00000003-33000020
	CPUID 00000006	00000007-00000002-00000009-00000000
	CPUID 00000007	00000000-00002282-00000000-00000000
	CPUID 00000008	00000000-00000000-00000000-00000000
	CPUID 00000009	00000000-00000000-00000000-00000000
	CPUID 0000000A	07280203-00000000-00000000-00000503
	CPUID 0000000B	00000001-00000001-00000100-00000002 [SL 00]
	CPUID 0000000B	00000004-00000004-00000201-00000002 [SL 01]
	CPUID 80000000	80000008-00000000-00000000-00000000
	CPUID 80000001	00000000-00000000-00000101-28100000
	CPUID 80000002	20202020-6E492020-286C6574-41202952 [ Intel(R) A]
	CPUID 80000003	286D6F74-20294D54-5A2D3578-30303538 [tom(TM) x5-Z8500]
	CPUID 80000004	50432020-20402055-34342E31-007A4847 [ CPU @ 1.44GHz]
	CPUID 80000005	00000000-00000000-00000000-00000000
	CPUID 80000006	00000000-00000000-04008040-00000000
	CPUID 80000007	00000000-00000000-00000000-00000100
	CPUID 80000008	00003024-00000000-00000000-00000000

CPUID Registers (CPU #3):
	CPUID 00000000	0000000B-756E6547-6C65746E-49656E69 [GenuineIntel]
	CPUID 00000001	000406C3-04100800-43D8E3BF-BFEBFBFF
	CPUID 00000002	61B4A001-0000FFC2-00000000-00000000
	CPUID 00000003	00000000-00000000-00000000-00000000
	CPUID 00000004	1C000121-0140003F-0000003F-00000001 [SL 00]
	CPUID 00000004	1C000122-01C0003F-0000003F-00000001 [SL 01]
	CPUID 00000004	1C00C143-03C0003F-000003FF-00000001 [SL 02]
	CPUID 00000005	00000040-00000040-00000003-33000020
	CPUID 00000006	00000007-00000002-00000009-00000000
	CPUID 00000007	00000000-00002282-00000000-00000000
	CPUID 00000008	00000000-00000000-00000000-00000000
	CPUID 00000009	00000000-00000000-00000000-00000000
	CPUID 0000000A	07280203-00000000-00000000-00000503
	CPUID 0000000B	00000001-00000001-00000100-00000004 [SL 00]
	CPUID 0000000B	00000004-00000004-00000201-00000004 [SL 01]
	CPUID 80000000	80000008-00000000-00000000-00000000
	CPUID 80000001	00000000-00000000-00000101-28100000
	CPUID 80000002	20202020-6E492020-286C6574-41202952 [ Intel(R) A]
	CPUID 80000003	286D6F74-20294D54-5A2D3578-30303538 [tom(TM) x5-Z8500]
	CPUID 80000004	50432020-20402055-34342E31-007A4847 [ CPU @ 1.44GHz]
	CPUID 80000005	00000000-00000000-00000000-00000000
	CPUID 80000006	00000000-00000000-04008040-00000000
	CPUID 80000007	00000000-00000000-00000000-00000100
	CPUID 80000008	00003024-00000000-00000000-00000000

CPUID Registers (CPU #4):
	CPUID 00000000	0000000B-756E6547-6C65746E-49656E69 [GenuineIntel]
	CPUID 00000001	000406C3-06100800-43D8E3BF-BFEBFBFF
	CPUID 00000002	61B4A001-0000FFC2-00000000-00000000
	CPUID 00000003	00000000-00000000-00000000-00000000
	CPUID 00000004	1C000121-0140003F-0000003F-00000001 [SL 00]
	CPUID 00000004	1C000122-01C0003F-0000003F-00000001 [SL 01]
	CPUID 00000004	1C00C143-03C0003F-000003FF-00000001 [SL 02]
	CPUID 00000005	00000040-00000040-00000003-33000020
	CPUID 00000006	00000007-00000002-00000009-00000000
	CPUID 00000007	00000000-00002282-00000000-00000000
	CPUID 00000008	00000000-00000000-00000000-00000000
	CPUID 00000009	00000000-00000000-00000000-00000000
	CPUID 0000000A	07280203-00000000-00000000-00000503
	CPUID 0000000B	00000001-00000001-00000100-00000006 [SL 00]
	CPUID 0000000B	00000004-00000004-00000201-00000006 [SL 01]
	CPUID 80000000	80000008-00000000-00000000-00000000
	CPUID 80000001	00000000-00000000-00000101-28100000
	CPUID 80000002	20202020-6E492020-286C6574-41202952 [ Intel(R) A]
	CPUID 80000003	286D6F74-20294D54-5A2D3578-30303538 [tom(TM) x5-Z8500]
	CPUID 80000004	50432020-20402055-34342E31-007A4847 [ CPU @ 1.44GHz]
	CPUID 80000005	00000000-00000000-00000000-00000000
	CPUID 80000006	00000000-00000000-04008040-00000000
	CPUID 80000007	00000000-00000000-00000000-00000100
	CPUID 80000008	00003024-00000000-00000000-00000000

MSR Registers:
	MSR 00000017	0000-00F0-9004-1C5A [PlatID = 0]
	MSR 0000001B	0000-0000-FEE0-0900
	MSR 0000002A	0000-0000-4008-0000
	MSR 00000035	< FAILED >
	MSR 0000008B	0000-034D-0000-0000
	MSR 000000CD	0000-0000-0000-0004
	MSR 000000CE	0000-0600-0600-1200 [eD = 0]
	MSR 000000E7	0000-021A-C0ED-A2B6 [S200]
	MSR 000000E7	0000-021A-C301-E830 [S200]
	MSR 000000E7	0000-021A-C80A-523A
	MSR 000000E8	0000-018E-75DF-14FE [S200]
	MSR 000000E8	0000-018E-7709-86B1 [S200]
	MSR 000000E8	0000-018E-7790-E84F
	MSR 000000EE	0000-0000-0238-0002
	MSR 0000011E	0000-0000-7E28-010F
	MSR 00000194	0000-0000-0000-0000
	MSR 00000198	0000-7C00-0000-062D
	MSR 00000198	0000-7C00-0000-062D [S200]
	MSR 00000198	0000-7C00-0000-062D [S200]
	MSR 00000199	0000-0000-0000-062D
	MSR 0000019A	0000-0000-0000-0000
	MSR 0000019B	0000-0000-0000-0000
	MSR 0000019C	0000-0000-8827-000A [S200]
	MSR 0000019C	0000-0000-882A-000A
	MSR 0000019C	0000-0000-882A-000A [S200]
	MSR 0000019D	0000-0000-0000-062D
	MSR 000001A0	0000-0000-0085-0089
	MSR 000001A2	0000-0000-035A-0000
	MSR 000001A4	< FAILED >
	MSR 000001AA	< FAILED >
	MSR 000001AC	< FAILED >
	MSR 000001AD	0000-0000-0000-0000
	MSR 000001B0	0000-0000-0000-0006
	MSR 000001B1	< FAILED >
	MSR 000001B2	< FAILED >
	MSR 000001FC	0000-0000-0000-0000
	MSR 00000300	< FAILED >
	MSR 00000480	00DA-0400-0000-0002
	MSR 00000481	0000-007F-0000-0016
	MSR 00000482	FFF9-FFFE-0401-E172
	MSR 00000483	007F-FFFF-0003-6DFF
	MSR 00000484	0000-FFFF-0000-11FF
	MSR 00000485	0000-0000-0004-81E6
	MSR 00000486	0000-0000-8000-0021
	MSR 00000487	0000-0000-FFFF-FFFF
	MSR 00000488	0000-0000-0000-2000
	MSR 00000489	0000-0000-0010-27FF
	MSR 0000048A	0000-0000-0000-002E
	MSR 0000048B	0000-28EF-0000-0000
	MSR 0000048C	0000-0F01-0611-4141
	MSR 0000048D	0000-007F-0000-0016
	MSR 0000048E	FFF9-FFFE-0400-6172
	MSR 0000048F	007F-FFFF-0003-6DFB
	MSR 00000490	0000-FFFF-0000-11FB
	MSR 00000601	0000-0000-0000-0000
	MSR 00000602	< FAILED >
	MSR 00000603	< FAILED >
	MSR 00000604	< FAILED >
	MSR 00000606	0000-0000-0000-0505
	MSR 0000060A	< FAILED >
	MSR 0000060B	< FAILED >
	MSR 0000060C	< FAILED >
	MSR 0000060D	0000-0000-0000-0000
	MSR 00000610	0014-80FA-0002-809C
	MSR 00000611	0000-0000-0A90-5D01 [S200]
	MSR 00000611	0000-0000-0A90-6FFE [S200]
	MSR 00000611	0000-0000-0A90-82E9
	MSR 00000613	< FAILED >
	MSR 00000614	< FAILED >
	MSR 00000618	< FAILED >
	MSR 00000619	< FAILED >
	MSR 0000061B	< FAILED >
	MSR 0000061C	< FAILED >
	MSR 00000638	0000-0000-0000-0000
	MSR 00000639	0000-0000-031F-F74E [S200]
	MSR 00000639	0000-0000-031F-F844 [S200]
	MSR 00000639	0000-0000-031F-FB5A
	MSR 0000063A	< FAILED >
	MSR 0000063B	< FAILED >
	MSR 00000640	< FAILED >
	MSR 00000641	< FAILED >
	MSR 00000642	< FAILED >
	MSR 00000660	0000-0147-6599-5A36
	MSR 00000661	0000-0000-0000-0000
	MSR 00000662	0000-0000-0000-0000
	MSR 00000663	0000-0000-0000-0000
	MSR 00000664	0000-01B6-8DEA-B268
	MSR 00000665	0000-0000-0000-0000
	MSR 00000666	0000-0000-0000-0000
	MSR 00000667	0000-0000-0000-001F
	MSR 00000668	0000-0000-1313-0F0B
	MSR 00000669	0000-0000-0304-000C
	MSR 0000066A	0000-0000-0012-0602
	MSR 0000066B	0000-0000-003E-2D2D
	MSR 0000066C	0000-0000-1C1C-1C1C
	MSR 0000066D	0000-0000-5A5A-5A5A
	MSR 0000066E	0000-0000-0000-0000
	MSR 0000066F	0000-0000-0000-0000
	MSR 00000670	0000-0000-0000-0002
	MSR 00000671	0000-0000-0000-200B
	MSR 00000672	0000-0000-0000-0000
	MSR 00000673	0000-0000-0000-0305
	MSR 00000674	0000-0000-0405-500D
	MSR 00000675	0000-0000-0000-0027
	MSR 00000676	0000-0000-0000-0000
	MSR 00000677	0000-0000-0000-0000

Motherboard


Motherboard Properties:
	Motherboard ID	<DMI>
	Motherboard Name	ASUSTeK COMPUTER INC. T100HAN

Front Side Bus Properties:
	Bus Type	BCLK
	Real Clock	80 MHz
	Effective Clock	80 MHz

Memory Bus Properties:
	Bus Type	Dual DDR3 SDRAM
	Bus Width	128-bit
	DRAM:FSB Ratio	30:3
	Real Clock	798 MHz (DDR)
	Effective Clock	1595 MHz
	Bandwidth	25520 MB/s

Motherboard Manufacturer:
	Company Name	ASUSTeK Computer Inc.
	Product Information	http://www.asus.com/Motherboards
	BIOS Download	http://support.asus.com/download/download.aspx?SLanguage=en-us
	Driver Update	http://www.aida64.com/driver-updates
	BIOS Upgrades	http://www.aida64.com/bios-updates

Memory


Physical Memory:
	Total	1964 MB
	Used	962 MB
	Free	1001 MB
	Utilization	49 %

Swap Space:
	Total	3116 MB
	Used	1476 MB
	Free	1640 MB
	Utilization	47 %

Virtual Memory:
	Total	5080 MB
	Used	2438 MB
	Free	2642 MB
	Utilization	48 %

Paging File:
	Paging File	C:\pagefile.sys
	Current Size	1152 MB
	Current / Peak Usage	37 MB / 83 MB
	Utilization	3 %

Physical Address Extension (PAE):
	Supported by Operating System	Yes
	Supported by CPU	Yes
	Active	Yes

Chipset


[ North Bridge: Intel Cherry Trail IMC ]

	North Bridge Properties:
		North Bridge	Intel Cherry Trail IMC
		Intel Platform	Cherry Trail
		Supported Memory Types	DDR3-1600 SDRAM
		Maximum Memory Amount	8 GB
		Revision	20
		Process Technology	14 nm
		Debug Info	Reg00 = 008580A1h
		Debug Info	Reg01/11 = 0390EA78h / 03006530h
		Debug Info	Reg02/12 = 728F0903h / 29290301h
		Debug Info	Reg03/13 = 30B58106h / 20938104h
		Debug Info	Reg04/14 = 0630E505h / 06106305h
		Debug Info	Reg05/15 = 34060400h / 23060400h
		Debug Info	Reg08 = 00014D99h
		Debug Info	Reg70 = 0000000Ah
		Debug Info	RegP4-06 = 328F0010h / RegP4-B0 = 00000003h / RegP4-B1 = 00A0A6A5h / RegP4-D1 = 00000000h / RegP4-D3

	Memory Controller:
		Type	Dual Channel (128-bit)
		Active Mode	Dual Channel (128-bit)

	Memory Timings:
		CAS Latency (CL)	12T
		RAS To CAS Delay (tRCD)	15T
		RAS Precharge (tRP)	20T
		RAS Active Time (tRAS)	34T
		Command Rate (CR)	1T
		CAS To CAS Delay (tCCD)	4T
		RAS To RAS Delay (tRRD)	8T
		Write Recovery Time (tWR)	14T
		Read To Read Delay (tRTR)	Different Rank: 8T
		Read To Write Delay (tRTW)	Same Rank: 16T, Different Rank: 16T
		Write To Read Delay (tWTR)	8T, Same Rank: 18T, Different Rank: 8T
		Write To Write Delay (tWTW)	Different Rank: 5T
		Read To Precharge Delay (tRTP)	7T
		Write To Precharge Delay (tWTP)	24T
		Four Activate Window Delay (tFAW)	40T
		Write CAS Latency (tWCL)	6T
		Refresh Period (tREF)	Disabled
		Burst Length (BL)	8

	Error Correction:
		ECC	Not Supported
		ChipKill ECC	Not Supported
		RAID	Not Supported
		ECC Scrubbing	Not Supported

	Integrated Graphics Controller:
		Graphics Controller Type	Intel HD Graphics
		Graphics Controller Status	Enabled

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

BIOS


BIOS Properties:
	BIOS Type	AMI
	BIOS Version	T100HAN.204
	System BIOS Date	07/14/2015
	Video BIOS Date	Unknown

BIOS Manufacturer:
	Company Name	American Megatrends Inc.
	Product Information	http://www.ami.com/amibios
	BIOS Upgrades	http://www.aida64.com/bios-updates

ACPI


[ APIC: Multiple APIC Description Table ]

	ACPI Table Properties:
		ACPI Signature	APIC
		Table Description	Multiple APIC Description Table
		Memory Address	7A733D90h
		Table Length	132 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	AMI
		Creator Revision	00010013h
		Local APIC Address	FEE00000h

	Processor Local APIC:
		ACPI Processor ID	01h
		APIC ID	00h
		Status	Enabled

	Local APIC NMI:
		ACPI Processor ID	01h
		Local ACPI LINT#	01h
		Polarity	Active High
		Trigger Mode	Edge-Triggered

	Processor Local APIC:
		ACPI Processor ID	02h
		APIC ID	02h
		Status	Enabled

	Local APIC NMI:
		ACPI Processor ID	02h
		Local ACPI LINT#	01h
		Polarity	Active High
		Trigger Mode	Edge-Triggered

	Processor Local APIC:
		ACPI Processor ID	03h
		APIC ID	04h
		Status	Enabled

	Local APIC NMI:
		ACPI Processor ID	03h
		Local ACPI LINT#	01h
		Polarity	Active High
		Trigger Mode	Edge-Triggered

	Processor Local APIC:
		ACPI Processor ID	04h
		APIC ID	06h
		Status	Enabled

	Local APIC NMI:
		ACPI Processor ID	04h
		Local ACPI LINT#	01h
		Polarity	Active High
		Trigger Mode	Edge-Triggered

	I/O APIC:
		I/O APIC ID	01h
		I/O APIC Address	FEC00000h
		Global System Interrupt Base	00000000h

	Interrupt Source Override:
		Bus	ISA
		Source	IRQ0
		Global System Interrupt	00000002h
		Polarity	Conforms to the specifications of the bus
		Trigger Mode	Conforms to the specifications of the bus

	Interrupt Source Override:
		Bus	ISA
		Source	IRQ9
		Global System Interrupt	00000009h
		Polarity	Active High
		Trigger Mode	Level-Triggered

[ BCFG: Unknown ]

	ACPI Table Properties:
		ACPI Signature	BCFG
		Table Description	Unknown
		Memory Address	7A739890h
		Table Length	313 bytes
		OEM ID	INTEL
		OEM Table ID	BATTCONF
		OEM Revision	00000001h
		Creator ID	INTL
		Creator Revision	00000000h

[ BGRT: Boot Graphics Resource Table ]

	ACPI Table Properties:
		ACPI Signature	BGRT
		Table Description	Boot Graphics Resource Table
		Memory Address	7A739A00h
		Table Length	56 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	AMI
		Creator Revision	00010013h

[ CSRT: Core System Resource Table ]

	ACPI Table Properties:
		ACPI Signature	CSRT
		Table Description	Core System Resource Table
		Memory Address	7A739A38h
		Table Length	332 bytes
		OEM ID	INTEL
		OEM Table ID	LANFORDC
		OEM Revision	00000005h
		Creator ID	MSFT
		Creator Revision	0100000Dh

[ DSDT: Differentiated System Description Table ]

	ACPI Table Properties:
		ACPI Signature	DSDT
		Table Description	Differentiated System Description Table
		Memory Address	7A719230h
		Table Length	109135 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	INTL
		Creator Revision	20120913h

	nVIDIA SLI:
		SLI Certification	Not Present
		PCI 0-0-0-0 (Direct I/O)	8086-2280 (Intel)
		PCI 0-0-0-0 (HAL)	8086-2280 (Intel)

	Lucid Virtu:
		Virtu Certification	Not Present

[ FACP: Fixed ACPI Description Table ]

	ACPI Table Properties:
		ACPI Signature	FACP
		Table Description	Fixed ACPI Description Table
		Memory Address	7A7191A8h
		Table Length	132 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	AMI
		Creator Revision	00010013h
		FACS Address	7ADC8F40h
		DSDT Address	7A719230h
		SMI Command Port	000000B2h
		PM Timer	00000408h

[ FACP: Fixed ACPI Description Table ]

	ACPI Table Properties:
		ACPI Signature	FACP
		Table Description	Fixed ACPI Description Table
		Memory Address	00000000-7A733C80h
		Table Length	268 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	AMI
		Creator Revision	00010013h
		FACS Address	7ADC8F80h / 00000000-00000000h
		DSDT Address	7A719230h / 00000000-7A719230h
		SMI Command Port	000000B2h
		PM Timer	00000408h

[ FACS: Firmware ACPI Control Structure ]

	ACPI Table Properties:
		ACPI Signature	FACS
		Table Description	Firmware ACPI Control Structure
		Memory Address	7ADC8F40h
		Table Length	64 bytes
		Hardware Signature	C8B9708Fh
		Waking Vector	00000000h
		Global Lock	00000000h

[ FBPT: Firmware Basic Boot Performance Table ]

	ACPI Table Properties:
		ACPI Signature	FBPT
		Table Description	Firmware Basic Boot Performance Table
		Memory Address	00000000-7B735F50h
		Table Length	56 bytes

[ FIDT: Firmware ID Table ]

	ACPI Table Properties:
		ACPI Signature	FIDT
		Table Description	Firmware ID Table
		Memory Address	7A733E60h
		Table Length	156 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	AMI
		Creator Revision	00010013h

[ FPDT: Firmware Performance Data Table ]

	ACPI Table Properties:
		ACPI Signature	FPDT
		Table Description	Firmware Performance Data Table
		Memory Address	7A733E18h
		Table Length	68 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	AMI
		Creator Revision	00010013h
		FBPT Address	00000000-7B735F50h
		S3PT Address	00000000-7B735F30h

[ HPET: IA-PC High Precision Event Timer Table ]

	ACPI Table Properties:
		ACPI Signature	HPET
		Table Description	IA-PC High Precision Event Timer Table
		Memory Address	7A738760h
		Table Length	56 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	AMI.
		Creator Revision	00000005h
		HPET Address	00000000-FED00000h
		Vendor ID	8086h
		Revision ID	01h
		Number of Timers	3
		Counter Size	64-bit
		Minimum Clock Ticks	128
		Page Protection	No Guarantee
		OEM Attribute	0h
		LegacyReplacement IRQ Routing	Supported

[ LPIT: Low-Power Idle Table ]

	ACPI Table Properties:
		ACPI Signature	LPIT
		Table Description	Low-Power Idle Table
		Memory Address	7A739788h
		Table Length	260 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	00000005h
		Creator ID	MSFT
		Creator Revision	0100000Dh

[ MCFG: Memory Mapped Configuration Space Base Address Description Table ]

	ACPI Table Properties:
		ACPI Signature	MCFG
		Table Description	Memory Mapped Configuration Space Base Address Description Table
		Memory Address	7A733F00h
		Table Length	60 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	MSFT
		Creator Revision	00000097h
		Config Space Address	00000000-E0000000h
		PCI Segment	0000h
		Start Bus Number	00h
		End Bus Number	FFh

[ MSDM: Microsoft Data Management Table ]

	ACPI Table Properties:
		ACPI Signature	MSDM
		Table Description	Microsoft Data Management Table
		Memory Address	7A529F18h
		Table Length	85 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	00000000h
		Creator ID	ASUS
		Creator Revision	00000001h
		SLS Version	1
		SLS Data Type	1
		SLS Data Length	29
		SLS Data	FWN3K-734X4-3P42K-HB7RM-G29HP

[ PRAM: Unknown ]

	ACPI Table Properties:
		ACPI Signature	PRAM
		Table Description	Unknown
		Memory Address	7A7399D0h
		Table Length	48 bytes
		OEM Revision	00000001h
		Creator Revision	00000000h

[ RSD PTR: Root System Description Pointer ]

	ACPI Table Properties:
		ACPI Signature	RSD PTR
		Table Description	Root System Description Pointer
		Memory Address	000F0000h
		Table Length	36 bytes
		OEM ID	_ASUS_
		RSDP Revision	2 (ACPI 2.0+)
		RSDT Address	7A719028h
		XSDT Address	00000000-7A7190B8h

[ RSDT: Root System Description Table ]

	ACPI Table Properties:
		ACPI Signature	RSDT
		Table Description	Root System Description Table
		Memory Address	7A719028h
		Table Length	136 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	MSFT
		Creator Revision	00010013h
		RSDT Entry #0	7A7191A8h (FACP)
		RSDT Entry #1	7A733D90h (APIC)
		RSDT Entry #2	7A733E18h (FPDT)
		RSDT Entry #3	7A733E60h (FIDT)
		RSDT Entry #4	7A733F00h (MCFG)
		RSDT Entry #5	7A733F40h (SSDT)
		RSDT Entry #6	7A738040h (SSDT)
		RSDT Entry #7	7A7386C0h (SSDT)
		RSDT Entry #8	7A738718h (UEFI)
		RSDT Entry #9	7A738760h (HPET)
		RSDT Entry #10	7A738798h (SSDT)
		RSDT Entry #11	7A738F00h (SSDT)
		RSDT Entry #12	7A739190h (SSDT)
		RSDT Entry #13	7A739310h (SSDT)
		RSDT Entry #14	7A739750h (TPM2)
		RSDT Entry #15	7A739788h (LPIT)
		RSDT Entry #16	7A739890h (BCFG)
		RSDT Entry #17	7A7399D0h (PRAM)
		RSDT Entry #18	7A739A00h (BGRT)
		RSDT Entry #19	7A739A38h (CSRT)
		RSDT Entry #20	7A739B88h (WDAT)
		RSDT Entry #21	7A739C90h (SSDT)
		RSDT Entry #22	7A73DD90h (SSDT)
		RSDT Entry #23	7A73E410h (SSDT)
		RSDT Entry #24	7A529F18h (MSDM)

[ S3PT: S3 Performance Table ]

	ACPI Table Properties:
		ACPI Signature	S3PT
		Table Description	S3 Performance Table
		Memory Address	00000000-7B735F30h
		Table Length	32 bytes

[ SSDT: Secondary System Description Table ]

	ACPI Table Properties:
		ACPI Signature	SSDT
		Table Description	Secondary System Description Table
		Memory Address	7A733F40h
		Table Length	16636 bytes
		OEM ID	DptfTb
		OEM Table ID	DptfTab
		OEM Revision	00001000h
		Creator ID	INTL
		Creator Revision	20120913h

[ SSDT: Secondary System Description Table ]

	ACPI Table Properties:
		ACPI Signature	SSDT
		Table Description	Secondary System Description Table
		Memory Address	7A738040h
		Table Length	1661 bytes
		OEM ID	CpuDpf
		OEM Table ID	CpuDptf
		OEM Revision	00001000h
		Creator ID	INTL
		Creator Revision	20120913h

[ SSDT: Secondary System Description Table ]

	ACPI Table Properties:
		ACPI Signature	SSDT
		Table Description	Secondary System Description Table
		Memory Address	7A7386C0h
		Table Length	88 bytes
		OEM ID	LowPM
		OEM Table ID	LowPwrM
		OEM Revision	00001000h
		Creator ID	INTL
		Creator Revision	20120913h

[ SSDT: Secondary System Description Table ]

	ACPI Table Properties:
		ACPI Signature	SSDT
		Table Description	Secondary System Description Table
		Memory Address	7A738798h
		Table Length	1891 bytes
		OEM ID	PmRef
		OEM Table ID	CpuPm
		OEM Revision	00003000h
		Creator ID	INTL
		Creator Revision	20120913h

[ SSDT: Secondary System Description Table ]

	ACPI Table Properties:
		ACPI Signature	SSDT
		Table Description	Secondary System Description Table
		Memory Address	7A738F00h
		Table Length	656 bytes
		OEM ID	PmRef
		OEM Table ID	Cpu0Tst
		OEM Revision	00003000h
		Creator ID	INTL
		Creator Revision	20120913h

[ SSDT: Secondary System Description Table ]

	ACPI Table Properties:
		ACPI Signature	SSDT
		Table Description	Secondary System Description Table
		Memory Address	7A739190h
		Table Length	378 bytes
		OEM ID	PmRef
		OEM Table ID	ApTst
		OEM Revision	00003000h
		Creator ID	INTL
		Creator Revision	20120913h

[ SSDT: Secondary System Description Table ]

	ACPI Table Properties:
		ACPI Signature	SSDT
		Table Description	Secondary System Description Table
		Memory Address	7A739310h
		Table Length	1082 bytes
		OEM ID	Intel_
		OEM Table ID	Tpm2Tabl
		OEM Revision	00001000h
		Creator ID	INTL
		Creator Revision	20120913h

[ SSDT: Secondary System Description Table ]

	ACPI Table Properties:
		ACPI Signature	SSDT
		Table Description	Secondary System Description Table
		Memory Address	7A739C90h
		Table Length	16636 bytes
		OEM ID	DptfTb
		OEM Table ID	DptfTab
		OEM Revision	00001000h
		Creator ID	INTL
		Creator Revision	20120913h

[ SSDT: Secondary System Description Table ]

	ACPI Table Properties:
		ACPI Signature	SSDT
		Table Description	Secondary System Description Table
		Memory Address	7A73DD90h
		Table Length	1661 bytes
		OEM ID	CpuDpf
		OEM Table ID	CpuDptf
		OEM Revision	00001000h
		Creator ID	INTL
		Creator Revision	20120913h

[ SSDT: Secondary System Description Table ]

	ACPI Table Properties:
		ACPI Signature	SSDT
		Table Description	Secondary System Description Table
		Memory Address	7A73E410h
		Table Length	88 bytes
		OEM ID	LowPM
		OEM Table ID	LowPwrM
		OEM Revision	00001000h
		Creator ID	INTL
		Creator Revision	20120913h

[ TPM2: TPM 2.0 Hardware Interface Table ]

	ACPI Table Properties:
		ACPI Signature	TPM2
		Table Description	TPM 2.0 Hardware Interface Table
		Memory Address	7A739750h
		Table Length	52 bytes
		OEM Revision	00000000h
		Creator Revision	00000000h

[ UEFI: UEFI ACPI Boot Optimization Table ]

	ACPI Table Properties:
		ACPI Signature	UEFI
		Table Description	UEFI ACPI Boot Optimization Table
		Memory Address	7A738718h
		Table Length	66 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	00000000h
		Creator Revision	00000000h

[ WDAT: Watchdog Action Table ]

	ACPI Table Properties:
		ACPI Signature	WDAT
		Table Description	Watchdog Action Table
		Memory Address	7A739B88h
		Table Length	260 bytes
		OEM Revision	00000000h
		Creator Revision	00000000h

[ XSDT: Extended System Description Table ]

	ACPI Table Properties:
		ACPI Signature	XSDT
		Table Description	Extended System Description Table
		Memory Address	00000000-7A7190B8h
		Table Length	236 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	AMI
		Creator Revision	00010013h
		XSDT Entry #0	00000000-7A733C80h (FACP)
		XSDT Entry #1	00000000-7A733D90h (APIC)
		XSDT Entry #2	00000000-7A733E18h (FPDT)
		XSDT Entry #3	00000000-7A733E60h (FIDT)
		XSDT Entry #4	00000000-7A733F00h (MCFG)
		XSDT Entry #5	00000000-7A733F40h (SSDT)
		XSDT Entry #6	00000000-7A738040h (SSDT)
		XSDT Entry #7	00000000-7A7386C0h (SSDT)
		XSDT Entry #8	00000000-7A738718h (UEFI)
		XSDT Entry #9	00000000-7A738760h (HPET)
		XSDT Entry #10	00000000-7A738798h (SSDT)
		XSDT Entry #11	00000000-7A738F00h (SSDT)
		XSDT Entry #12	00000000-7A739190h (SSDT)
		XSDT Entry #13	00000000-7A739310h (SSDT)
		XSDT Entry #14	00000000-7A739750h (TPM2)
		XSDT Entry #15	00000000-7A739788h (LPIT)
		XSDT Entry #16	00000000-7A739890h (BCFG)
		XSDT Entry #17	00000000-7A7399D0h (PRAM)
		XSDT Entry #18	00000000-7A739A00h (BGRT)
		XSDT Entry #19	00000000-7A739A38h (CSRT)
		XSDT Entry #20	00000000-7A739B88h (WDAT)
		XSDT Entry #21	00000000-7A739C90h (SSDT)
		XSDT Entry #22	00000000-7A73DD90h (SSDT)
		XSDT Entry #23	00000000-7A73E410h (SSDT)
		XSDT Entry #24	00000000-7A529F18h (MSDM)

Operating System


Operating System Properties:
	OS Name	Microsoft Windows 10
	OS Language	English (United States)
	OS Installer Language	English (United States)
	OS Kernel Type	Multiprocessor Free (64-bit)
	OS Version	10.0.10240.16431 (Win10 RTM)
	OS Service Pack	-
	OS Installation Date	20/08/2015
	OS Root	C:\Windows

License Information:
	Registered Owner	galffycsaba@gmail.com
	Registered Organization	Microsoft
	Product ID	00325-80000-00000-AAOEM
	Product Key	37GNV-YCQVD-38XP9-T848R-FC2HD
	Product Activation (WPA)	Required

Current Session:
	Computer Name	LAPTOP-5DNN8R19
	User Name	galff
	Logon Domain	LAPTOP-5DNN8R19
	UpTime	4224 sec (0 days, 1 hours, 10 min, 24 sec)

Components Version:
	Common Controls	6.16
	Windows Mail	10.0.10240.16384 (th1.150709-1700)
	Windows Media Player	12.0.10240.16384 (th1.150709-1700)
	Windows Messenger	-
	MSN Messenger	-
	Internet Information Services (IIS)	-
	.NET Framework	4.6.79.0 built by: NETFXREL2
	Novell Client	-
	DirectX	DirectX 12.0
	OpenGL	10.0.10240.16384 (th1.150709-1700)
	ASPI	-

Operating System Features:
	Debug Version	No
	DBCS Version	No
	Domain Controller	No
	Security Present	No
	Network Present	Yes
	Remote Session	No
	Safe Mode	No
	Slow Processor	No
	Terminal Services	Yes

Processes


Process Name	Process File Name	Type	Used Memory	Used Swap
ACMON.exe	C:\Program Files (x86)\ASUS\Splendid\ACMON.exe	32-bit	296 KB	1 KB
aida64.exe	C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe	32-bit	37696 KB	66 KB
ApplicationFrameHost.exe	C:\Windows\system32\ApplicationFrameHost.exe	64-bit	11632 KB	5 KB
AsHidSrv.exe	C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe	32-bit	516 KB	1 KB
AsLdrSrv.exe	C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe	32-bit	456 KB	1 KB
AsPatchTouchPanel64.exe	C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe	64-bit	284 KB	1 KB
ASUSScreenAdjustService.exe	C:\Program Files\ASUS\ASUS T100HAN DisplayControl\ASUSScreenAdjustService.exe	32-bit	828 KB	7 KB
AsusTPCenter.exe	C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe	64-bit	2964 KB	2 KB
AsusTPHelper.exe	C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe	64-bit	1356 KB	1 KB
AsusTPLoader.exe	C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe	64-bit	2320 KB	1 KB
ATKOSD2.exe	C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe	32-bit	560 KB	1 KB
audiodg.exe	C:\Windows\system32\AUDIODG.EXE	64-bit	25104 KB	19 KB
conhost.exe	C:\Windows\system32\conhost.exe	64-bit	172 KB	0 KB
ContinuumAdjust.exe	C:\Program Files\ASUS\ASUS T100HAN DisplayControl\ContinuumAdjust.exe	32-bit	3636 KB	12 KB
csrss.exe		64-bit	1388 KB	1 KB
csrss.exe		64-bit	1772 KB	1 KB
dasHost.exe	C:\Windows\system32\dashost.exe	32-bit	2216 KB	0 KB
dllhost.exe	C:\Windows\system32\DllHost.exe	32-bit	1992 KB	1 KB
DMedia.exe	C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe	32-bit	504 KB	1 KB
DptfParticipantProcessorService.exe	C:\Windows\system32\DptfParticipantProcessorService.exe	64-bit	352 KB	0 KB
DptfPolicyCriticalService.exe	C:\Windows\system32\DptfPolicyCriticalService.exe	64-bit	344 KB	0 KB
DptfPolicyLpmService.exe	C:\Windows\system32\DptfPolicyLpmService.exe	64-bit	344 KB	0 KB
DptfPolicyLpmServiceHelper.exe	C:\Windows\System32\DptfPolicyLpmServiceHelper.exe	64-bit	196 KB	0 KB
dwm.exe	C:\Windows\system32\dwm.exe	64-bit	32156 KB	39 KB
explorer.exe	C:\Windows\Explorer.EXE	64-bit	45268 KB	39 KB
GFNEXSrv.exe	C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe	32-bit	360 KB	0 KB
HControl.exe	C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe	32-bit	1840 KB	1 KB
igfxCUIService.exe	C:\Windows\system32\igfxCUIService.exe	64-bit	1468 KB	1 KB
igfxEM.exe	C:\Windows\system32\igfxEM.exe	64-bit	4864 KB	3 KB
igfxHK.exe	C:\Windows\system32\igfxHK.exe	64-bit	1512 KB	1 KB
igfxTray.exe	C:\Windows\system32\igfxTray.exe	64-bit	2124 KB	3 KB
isa.exe	C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe	32-bit	8268 KB	16 KB
isa.exe	C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe	32-bit	8404 KB	15 KB
jhi_service.exe	C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe	32-bit	460 KB	1 KB
LiveUpdate.exe	C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe	32-bit	11056 KB	61 KB
LockAppHost.exe	C:\Windows\System32\LockAppHost.exe	64-bit	21008 KB	3 KB
LogonDisplayControl.exe	C:\Program Files\ASUS\ASUS T100HAN DisplayControl\LogonDisplayControl.exe	64-bit	2324 KB	18 KB
lsass.exe	C:\Windows\system32\lsass.exe	64-bit	7264 KB	5 KB
MsMpEng.exe		64-bit	97 MB	112 KB
NetworkUXBroker.exe	C:\Windows\System32\NetworkUXBroker.exe	64-bit	6616 KB	4 KB
NisSrv.exe		64-bit	2324 KB	3 KB
OneDrive.exe	C:\Users\galff\AppData\Local\Microsoft\OneDrive\OneDrive.exe	32-bit	5448 KB	10 KB
PresentationFontCache.exe	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	64-bit	944 KB	23 KB
RtkNGUI64.exe	C:\Program Files\Realtek\Audio\AP\RtkNGUI64.exe	64-bit	1508 KB	3 KB
RuntimeBroker.exe	C:\Windows\System32\RuntimeBroker.exe	64-bit	27960 KB	23 KB
SearchFilterHost.exe	C:\Windows\system32\SearchFilterHost.exe	64-bit	6976 KB	1 KB
SearchIndexer.exe	C:\Windows\system32\SearchIndexer.exe	64-bit	18736 KB	27 KB
SearchProtocolHost.exe	C:\Windows\system32\SearchProtocolHost.exe	64-bit	10616 KB	1 KB
SearchProtocolHost.exe	C:\Windows\system32\SearchProtocolHost.exe	64-bit	6712 KB	1 KB
SearchUI.exe	C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe	64-bit	1464 KB	63 KB
services.exe		64-bit	3860 KB	2 KB
SettingSyncHost.exe	C:\Windows\system32\SettingSyncHost.exe	64-bit	4668 KB	11 KB
ShellExperienceHost.exe	C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe	64-bit	1648 KB	28 KB
sihost.exe	C:\Windows\system32\sihost.exe	64-bit	15324 KB	4 KB
smss.exe		64-bit	216 KB	0 KB
splwow64.exe	C:\Windows\splwow64.exe	64-bit	6124 KB	1 KB
spoolsv.exe	C:\Windows\System32\spoolsv.exe	64-bit	4828 KB	5 KB
sppsvc.exe		64-bit	16596 KB	6 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	15480 KB	9 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	4800 KB	3 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	15476 KB	18 KB
svchost.exe	C:\Windows\System32\svchost.exe	64-bit	8760 KB	6 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	15668 KB	12 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	8128 KB	4 KB
svchost.exe	C:\Windows\System32\svchost.exe	64-bit	11316 KB	6 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	7244 KB	24 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	26440 KB	21 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	3504 KB	5 KB
svchost.exe	C:\Windows\System32\svchost.exe	64-bit	6092 KB	1 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	9844 KB	5 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	6412 KB	4 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	13016 KB	10 KB
System Idle Process			4 KB	0 KB
System		64-bit	35244 KB	0 KB
SystemSettingsBroker.exe	C:\Windows\System32\SystemSettingsBroker.exe	64-bit	4844 KB	3 KB
T100DisplayControl.exe	C:\Program Files\ASUS\ASUS T100HAN DisplayControl\T100DisplayControl.exe	64-bit	280 KB	1 KB
TabTip.exe	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	64-bit	2432 KB	2 KB
TabTip32.exe	C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe	32-bit	252 KB	1 KB
taskhostw.exe	C:\Windows\system32\taskhostw.exe	64-bit	11496 KB	10 KB
Taskmgr.exe	C:\Windows\system32\taskmgr.exe	64-bit	23416 KB	15 KB
wininit.exe		64-bit	104 KB	0 KB
winlogon.exe	C:\Windows\system32\winlogon.exe	64-bit	3244 KB	1 KB
wlanext.exe	C:\Windows\system32\WLANExt.exe	64-bit	1604 KB	1 KB
WmiPrvSE.exe	C:\Windows\system32\wbem\wmiprvse.exe	64-bit	7384 KB	1 KB
WmiPrvSE.exe	C:\Windows\system32\wbem\wmiprvse.exe	64-bit	8104 KB	2 KB
WmiPrvSE.exe	C:\Windows\sysWOW64\wbem\wmiprvse.exe	64-bit	8596 KB	3 KB
WUDFHost.exe	C:\Windows\System32\WUDFHost.exe	64-bit	4516 KB	37 KB

System Drivers


Driver Name	Driver Description	File Name	Version	Type	State
1394ohci	1394 OHCI Compliant Host Controller	1394ohci.sys	10.0.10240.16384	Kernel Driver	Stopped
3ware	3ware	3ware.sys	5.1.0.51	Kernel Driver	Stopped
ACPI	Microsoft ACPI Driver	ACPI.sys	10.0.10240.16397	Kernel Driver	Running
acpiex	Microsoft ACPIEx Driver	acpiex.sys	10.0.10240.16384	Kernel Driver	Running
acpipagr	ACPI Processor Aggregator Driver	acpipagr.sys	10.0.10240.16384	Kernel Driver	Running
AcpiPmi	ACPI Power Meter Driver	acpipmi.sys	10.0.10240.16384	Kernel Driver	Stopped
acpitime	ACPI Wake Alarm Driver	acpitime.sys	10.0.10240.16384	Kernel Driver	Stopped
ADP80XX	ADP80XX	ADP80XX.SYS	1.3.0.10769	Kernel Driver	Stopped
AFD	Ancillary Function Driver for Winsock	afd.sys	10.0.10240.16384	Kernel Driver	Running
agp440	Intel AGP Bus Filter	agp440.sys	10.0.10240.16384	Kernel Driver	Stopped
ahcache	Application Compatibility Cache	ahcache.sys	10.0.10240.16384	Kernel Driver	Running
AIDA64Driver	FinalWire AIDA64 Kernel Driver	kerneld.x64		Kernel Driver	Running
AmdK8	AMD K8 Processor Driver	amdk8.sys	10.0.10240.16384	Kernel Driver	Stopped
AmdPPM	AMD Processor Driver	amdppm.sys	10.0.10240.16384	Kernel Driver	Stopped
amdsata	amdsata	amdsata.sys	1.1.3.277	Kernel Driver	Stopped
amdsbs	amdsbs	amdsbs.sys	3.7.1540.43	Kernel Driver	Stopped
amdxata	amdxata	amdxata.sys	1.1.3.277	Kernel Driver	Stopped
AppID	AppID Driver	appid.sys	10.0.10240.16384	Kernel Driver	Stopped
arcsas	Adaptec SAS/SATA-II RAID Storport's Miniport Driver	arcsas.sys	7.5.0.32048	Kernel Driver	Stopped
ASMMAP64	ASMMAP64	ASMMAP64.sys	1.0.9.1	Kernel Driver	Running
AsusSGDrv	ASUS Touch Service	AsusSGDrv.sys	8.1.0.16	Kernel Driver	Running
AsyncMac	RAS Asynchronous Media Driver	asyncmac.sys	10.0.10240.16384	Kernel Driver	Stopped
atapi	IDE Channel	atapi.sys	10.0.10240.16384	Kernel Driver	Stopped
ATKWMIACPIIO	ATKWMIACPI Driver	atkwmiacpi64.sys	1.0.6.1	Kernel Driver	Running
b06bdrv	Broadcom NetXtreme II VBD	bxvbda.sys	7.4.14.0	Kernel Driver	Stopped
BasicDisplay	BasicDisplay	BasicDisplay.sys	10.0.10240.16384	Kernel Driver	Running
BasicRender	BasicRender	BasicRender.sys	10.0.10240.16384	Kernel Driver	Running
bcmfn2	bcmfn2 Service	bcmfn2.sys	6.3.9391.6	Kernel Driver	Running
BCMSDH43XX	Broadcom 802.11 SDIO Network Adapter Driver	bcmdhd63.sys	5.93.102.19	Kernel Driver	Running
Beep	Beep			Kernel Driver	Running
bowser	Browser Support Driver	bowser.sys	10.0.10240.16384	File System Driver	Running
BthAvrcpTg	Bluetooth Audio/Video Remote Control HID	BthAvrcpTg.sys	10.0.10240.16384	Kernel Driver	Stopped
BthEnum	Bluetooth Enumerator Service	BthEnum.sys	10.0.10240.16384	Kernel Driver	Running
BthHFEnum	Bluetooth Hands-Free Audio and Call Control HID Enumerator	bthhfenum.sys	10.0.10240.16412	Kernel Driver	Stopped
bthhfhid	Bluetooth Hands-Free Call Control HID	BthHFHid.sys	10.0.10240.16384	Kernel Driver	Stopped
BthLEEnum	Bluetooth Low Energy Driver	BthLEEnum.sys	10.0.10240.16384	Kernel Driver	Running
BthMini	Bluetooth Radio Driver	BTHMINI.sys	10.0.10240.16384	Kernel Driver	Running
BTHMODEM	Bluetooth Serial Communications Driver	bthmodem.sys	10.0.10240.16384	Kernel Driver	Stopped
BthPan	Bluetooth Device (Personal Area Network)	bthpan.sys	10.0.10240.16384	Kernel Driver	Running
BTHPORT	Bluetooth Port Driver	BTHport.sys	10.0.10240.16384	Kernel Driver	Stopped
btwampfl	btwampfl	btwampfl.sys	12.0.1.410	Kernel Driver	Stopped
BtwSerialBus	Broadcom Serial Bus Driver over UART Bus Enumerator	BtwSerialBus.sys	12.0.1.590	Kernel Driver	Running
buttonconverter	Service for Portable Device Control devices	buttonconverter.sys	10.0.10240.16384	Kernel Driver	Running
camera	Intel(R) AVStream Camera	iacamera64.sys	1.0.0.1	Kernel Driver	Running
CapImg	HID driver for CapImg touch screen	capimg.sys	10.0.10240.16384	Kernel Driver	Stopped
cdfs	CD/DVD File System Reader	cdfs.sys	10.0.10240.16384	File System Driver	Stopped
cdrom	CD-ROM Driver	cdrom.sys	10.0.10240.16384	Kernel Driver	Stopped
circlass	Consumer IR Devices	circlass.sys	10.0.10240.16384	Kernel Driver	Stopped
CLFS	Common Log (CLFS)	CLFS.sys	10.0.10240.16384	Kernel Driver	Running
CmBatt	Microsoft ACPI Control Method Battery Driver	CmBatt.sys	10.0.10240.16384	Kernel Driver	Running
CNG	CNG	cng.sys	10.0.10240.16392	Kernel Driver	Running
cnghwassist	CNG Hardware Assist algorithm provider	cnghwassist.sys	10.0.10240.16384	Kernel Driver	Stopped
CompositeBus	Composite Bus Enumerator Driver	CompositeBus.sys	6.2.10240.16384	Kernel Driver	Running
condrv	Console Driver	condrv.sys	10.0.10240.16384	Kernel Driver	Running
dam	Desktop Activity Moderator Driver	dam.sys	10.0.10240.16391	Kernel Driver	Running
Dfsc	DFS Namespace Client Driver	dfsc.sys	10.0.10240.16384	File System Driver	Running
disk	Disk Driver	disk.sys	10.0.10240.16384	Kernel Driver	Running
dmvsc	dmvsc	dmvsc.sys	10.0.10240.16384	Kernel Driver	Stopped
DptfDevAmbient	DptfDevAmbient	DptfDevAmbient.sys	604.10146.2651.1559	Kernel Driver	Stopped
DptfDevDBPT	DptfDevDBPT	DptfDevPower.sys	604.10146.2651.1559	Kernel Driver	Stopped
DptfDevDisplay	DptfDevDisplay	DptfDevDisplay.sys	604.10146.2651.1559	Kernel Driver	Running
DptfDevGen	DptfDevGen	DptfDevGen.sys	604.10146.2651.1559	Kernel Driver	Running
DptfDevProc	DptfDevProc	DptfDevProc.sys	604.10146.2651.1559	Kernel Driver	Running
DptfDevWireless	DptfDevWireless	DptfDevWireless.sys	604.10146.2651.1559	Kernel Driver	Stopped
DptfManager	DptfManager	DptfManager.sys	604.10146.2651.1559	Kernel Driver	Running
drmkaud	Microsoft Trusted Audio Drivers	drmkaud.sys	10.0.10240.16384	Kernel Driver	Stopped
DXGKrnl	LDDM Graphics Subsystem	dxgkrnl.sys	10.0.10240.16425	Kernel Driver	Running
ebdrv	QLogic 10 Gigabit Ethernet Adapter VBD	evbda.sys	7.12.2.3	Kernel Driver	Stopped
EhStorClass	Enhanced Storage Filter Driver	EhStorClass.sys	10.0.10240.16384	Kernel Driver	Running
EhStorTcgDrv	Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols	EhStorTcgDrv.sys	10.0.10240.16384	Kernel Driver	Stopped
ErrDev	Microsoft Hardware Error Device Driver	errdev.sys	10.0.10240.16384	Kernel Driver	Stopped
exfat	exFAT File System Driver			File System Driver	Stopped
fastfat	FAT12/16/32 File System Driver			File System Driver	Running
fcvsc	fcvsc	fcvsc.sys	10.0.10240.16384	Kernel Driver	Stopped
fdc	Floppy Disk Controller Driver	fdc.sys	10.0.10240.16384	Kernel Driver	Stopped
FileCrypt	FileCrypt	filecrypt.sys	10.0.10240.16384	File System Driver	Running
FileInfo	File Information FS MiniFilter	fileinfo.sys	10.0.10240.16384	File System Driver	Running
Filetrace	Filetrace	filetrace.sys	10.0.10240.16384	File System Driver	Stopped
flpydisk	Floppy Disk Driver	flpydisk.sys	10.0.10240.16384	Kernel Driver	Stopped
FltMgr	FltMgr	fltmgr.sys	10.0.10240.16384	File System Driver	Running
FsDepends	File System Dependency Minifilter	FsDepends.sys	10.0.10240.16384	File System Driver	Stopped
fvevol	BitLocker Drive Encryption Filter Driver	fvevol.sys	10.0.10240.16384	Kernel Driver	Running
gagp30kx	Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms	gagp30kx.sys	10.0.10240.16384	Kernel Driver	Stopped
gencounter	Microsoft Hyper-V Generation Counter	vmgencounter.sys	10.0.10240.16384	Kernel Driver	Stopped
genericusbfn	Generic USB Function Class	genericusbfn.sys	10.0.10240.16384	Kernel Driver	Stopped
GPIOClx0101	Microsoft GPIO Class Extension Driver	msgpioclx.sys	10.0.10240.16384	Kernel Driver	Running
GpuEnergyDrv	GPU Energy Driver	gpuenergydrv.sys	10.0.10240.16384	Kernel Driver	Running
HDAudBus	Microsoft UAA Bus Driver for High Definition Audio	HDAudBus.sys	10.0.10240.16384	Kernel Driver	Stopped
HID_PCI	HID PCI Minidriver for ISS	HID_PCI.sys	2.0.0.3012	Kernel Driver	Running
HidBatt	HID UPS Battery Driver	HidBatt.sys	10.0.10240.16384	Kernel Driver	Stopped
HidBth	Microsoft Bluetooth HID Miniport	hidbth.sys	10.0.10240.16384	Kernel Driver	Stopped
HidEventFilter	Intel(R) HID Event Filter	HidEventFilter.sys	604.10146.2708.64268	Kernel Driver	Running
hidi2c	Microsoft I2C HID Miniport Driver	hidi2c.sys	10.0.10240.16384	Kernel Driver	Running
hidinterrupt	Common Driver for HID Buttons implemented with interrupts	hidinterrupt.sys	10.0.10240.16384	Kernel Driver	Running
HidIr	Microsoft Infrared HID Driver	hidir.sys	10.0.10240.16384	Kernel Driver	Stopped
HidUsb	Microsoft HID Class Driver	hidusb.sys	10.0.10240.16384	Kernel Driver	Running
HpSAMD	HpSAMD	HpSAMD.sys	8.0.4.0	Kernel Driver	Stopped
HTTP	HTTP Service	HTTP.sys	10.0.10240.16384	Kernel Driver	Running
hwpolicy	Hardware Policy Driver	hwpolicy.sys	10.0.10240.16384	Kernel Driver	Stopped
hyperkbd	hyperkbd	hyperkbd.sys	10.0.10240.16384	Kernel Driver	Stopped
i8042prt	PS/2 Keyboard and Mouse Port Driver	i8042prt.sys	10.0.10240.16384	Kernel Driver	Stopped
iagpioe	Intel Serial IO GPIO Controller Driver	iagpioe.sys	604.10146.2652.361	Kernel Driver	Running
iai2ce	Intel(R) Serial IO I2C Host Controller	iai2ce.sys	604.10146.2654.2819	Kernel Driver	Running
iaisp	Intel(R) Imaging Signal Processor 2401	iaisp64.sys	1.0.0.1	Kernel Driver	Running
iaLPSSi_GPIO	Intel(R) Serial IO GPIO Controller Driver	iaLPSSi_GPIO.sys	1.1.250.0	Kernel Driver	Stopped
iaLPSSi_I2C	Intel(R) Serial IO I2C Controller Driver	iaLPSSi_I2C.sys	1.1.250.0	Kernel Driver	Stopped
iaspie	Intel(R) Serial IO SPI Controller Service	iaspie.sys	604.10146.2657.947	Kernel Driver	Running
iaStorAV	Intel(R) SATA RAID Controller Windows	iaStorAV.sys	13.2.0.1022	Kernel Driver	Stopped
iaStorV	Intel RAID Controller Windows 7	iaStorV.sys	8.6.2.1019	Kernel Driver	Stopped
iauarte	Intel(R) Serial IO UART Controller	iauarte.sys	604.10146.2653.391	Kernel Driver	Running
ibbus	Mellanox InfiniBand Bus/AL (Filter Driver)	ibbus.sys	4.91.10726.0	Kernel Driver	Stopped
igfxLP	igfxLP	igdkmd64lp.sys	10.18.15.4256	Kernel Driver	Running
intelide	intelide	intelide.sys	10.0.10240.16384	Kernel Driver	Stopped
intelpep	Intel(R) Power Engine Plug-in Driver	intelpep.sys	10.0.10240.16384	Kernel Driver	Running
intelppm	Intel Processor Driver	intelppm.sys	10.0.10240.16384	Kernel Driver	Running
IntelSST	Intel SST Audio Device (WDM)	isstrtc.sys	604.10135.6766.2749	Kernel Driver	Running
IoQos	IoQos	ioqos.sys	10.0.10240.16384	File System Driver	Stopped
IpFilterDriver	IP Traffic Filter Driver	ipfltdrv.sys	10.0.10240.16384	Kernel Driver	Stopped
IPMIDRV	IPMIDRV	IPMIDrv.sys	10.0.10240.16384	Kernel Driver	Stopped
IPNAT	IP Network Address Translator	ipnat.sys	10.0.10240.16384	Kernel Driver	Stopped
IRENUM	IR Bus Enumerator	irenum.sys	10.0.10240.16384	Kernel Driver	Stopped
isapnp	isapnp	isapnp.sys	10.0.10240.16384	Kernel Driver	Stopped
iScsiPrt	iScsiPort Driver	msiscsi.sys	10.0.10240.16384	Kernel Driver	Stopped
ISH_BusDriver	ISS Bus Enumerator	ISH_BusDriver.sys	2.0.0.3012	Kernel Driver	Running
ISH	Intel(R) Integrated Sensor Solution	ISH.sys	2.0.0.3012	Kernel Driver	Running
kbdclass	Keyboard Class Driver	kbdclass.sys	10.0.10240.16384	Kernel Driver	Running
kbdhid	Keyboard HID Driver	kbdhid.sys	10.0.10240.16384	Kernel Driver	Running
kdnic	Microsoft Kernel Debug Network Miniport (NDIS 6.20)	kdnic.sys	6.1.0.0	Kernel Driver	Running
KSecDD	KSecDD	ksecdd.sys	10.0.10240.16384	Kernel Driver	Running
KSecPkg	KSecPkg	ksecpkg.sys	10.0.10240.16384	Kernel Driver	Running
ksthunk	Kernel Streaming Thunks	ksthunk.sys	10.0.10240.16384	Kernel Driver	Running
lltdio	Link-Layer Topology Discovery Mapper I/O Driver	lltdio.sys	10.0.10240.16384	Kernel Driver	Running
LSI_SAS	LSI_SAS	lsi_sas.sys	1.34.3.83	Kernel Driver	Stopped
LSI_SAS2i	LSI_SAS2i	lsi_sas2i.sys	2.0.76.80	Kernel Driver	Stopped
LSI_SAS3i	LSI_SAS3i	lsi_sas3i.sys	2.50.96.80	Kernel Driver	Stopped
LSI_SSS	LSI_SSS	lsi_sss.sys	2.10.61.81	Kernel Driver	Stopped
luafv	UAC File Virtualization	luafv.sys	10.0.10240.16384	File System Driver	Running
MBI	Intel(R) Sideband Fabric Device Service	MBI.sys	604.10146.2655.573	Kernel Driver	Running
megasas	megasas	megasas.sys	6.706.6.0	Kernel Driver	Stopped
megasr	megasr	megasr.sys	15.2.2013.129	Kernel Driver	Stopped
mlx4_bus	Mellanox ConnectX Bus Enumerator	mlx4_bus.sys	4.91.10726.0	Kernel Driver	Stopped
MMCSS	Multimedia Class Scheduler	mmcss.sys	10.0.10240.16384	Kernel Driver	Running
Modem	Modem	modem.sys	10.0.10240.16384	Kernel Driver	Stopped
monitor	Microsoft Monitor Class Function Driver Service	monitor.sys	10.0.10240.16384	Kernel Driver	Running
mouclass	Mouse Class Driver	mouclass.sys	10.0.10240.16384	Kernel Driver	Running
mouhid	Mouse HID Driver	mouhid.sys	10.0.10240.16384	Kernel Driver	Running
mountmgr	Mount Point Manager	mountmgr.sys	10.0.10240.16426	Kernel Driver	Running
mpsdrv	Windows Firewall Authorization Driver	mpsdrv.sys	10.0.10240.16384	Kernel Driver	Running
MRxDAV	WebDav Client Redirector Driver	mrxdav.sys	10.0.10240.16384	File System Driver	Stopped
mrxsmb	SMB MiniRedirector Wrapper and Engine	mrxsmb.sys	10.0.10240.16384	File System Driver	Running
mrxsmb10	SMB 1.x MiniRedirector	mrxsmb10.sys	10.0.10240.16384	File System Driver	Running
mrxsmb20	SMB 2.0 MiniRedirector	mrxsmb20.sys	10.0.10240.16384	File System Driver	Running
MsBridge	Microsoft MAC Bridge	bridge.sys	10.0.10240.16384	Kernel Driver	Stopped
Msfs	Msfs			File System Driver	Running
msgpiowin32	Common Driver for Buttons, DockMode and Laptop/Slate Indicator	msgpiowin32.sys	10.0.10240.16425	Kernel Driver	Running
mshidkmdf	Pass-through HID to KMDF Filter Driver	mshidkmdf.sys	10.0.10240.16384	Kernel Driver	Running
mshidumdf	Pass-through HID to UMDF Driver	mshidumdf.sys	10.0.10240.16384	Kernel Driver	Stopped
msisadrv	msisadrv	msisadrv.sys	10.0.10240.16384	Kernel Driver	Running
MSKSSRV	Microsoft Streaming Service Proxy	MSKSSRV.sys	10.0.10240.16384	Kernel Driver	Stopped
MsLldp	Microsoft Link-Layer Discovery Protocol	mslldp.sys	10.0.10240.16384	Kernel Driver	Running
MSPCLOCK	Microsoft Streaming Clock Proxy	MSPCLOCK.sys	10.0.10240.16384	Kernel Driver	Stopped
MSPQM	Microsoft Streaming Quality Manager Proxy	MSPQM.sys	10.0.10240.16384	Kernel Driver	Stopped
MsRPC	MsRPC			Kernel Driver	Stopped
mssmbios	Microsoft System Management BIOS Driver	mssmbios.sys	10.0.10240.16384	Kernel Driver	Running
MSTEE	Microsoft Streaming Tee/Sink-to-Sink Converter	MSTEE.sys	10.0.10240.16384	Kernel Driver	Stopped
MTConfig	Microsoft Input Configuration Driver	MTConfig.sys	10.0.10240.16384	Kernel Driver	Stopped
Mup	Mup	mup.sys	10.0.10240.16384	File System Driver	Running
mvumis	mvumis	mvumis.sys	1.0.5.1016	Kernel Driver	Stopped
NativeWifiP	NativeWiFi Filter	nwifi.sys	10.0.10240.16384	Kernel Driver	Running
ndfltr	NetworkDirect Service	ndfltr.sys	4.91.10726.0	Kernel Driver	Stopped
NDIS	NDIS System Driver	ndis.sys	10.0.10240.16394	Kernel Driver	Running
NdisCap	Microsoft NDIS Capture	ndiscap.sys	10.0.10240.16384	Kernel Driver	Stopped
NdisImPlatform	Microsoft Network Adapter Multiplexor Protocol	NdisImPlatform.sys	10.0.10240.16384	Kernel Driver	Stopped
NdisTapi	Remote Access NDIS TAPI Driver	ndistapi.sys	10.0.10240.16384	Kernel Driver	Stopped
Ndisuio	NDIS Usermode I/O Protocol	ndisuio.sys	10.0.10240.16384	Kernel Driver	Running
NdisVirtualBus	Microsoft Virtual Network Adapter Enumerator	NdisVirtualBus.sys	10.0.10240.16384	Kernel Driver	Running
NdisWan	Remote Access NDIS WAN Driver	ndiswan.sys	10.0.10240.16384	Kernel Driver	Stopped
ndiswanlegacy	Remote Access LEGACY NDIS WAN Driver	ndiswan.sys	10.0.10240.16384	Kernel Driver	Stopped
ndproxy	@%SystemRoot%\system32\drivers\todo.sys,-101;NDIS Proxy	NDProxy.sys	10.0.10240.16384	Kernel Driver	Stopped
Ndu	Windows Network Data Usage Monitoring Driver	Ndu.sys	10.0.10240.16384	Kernel Driver	Running
NetBIOS	NetBIOS Interface	netbios.sys	10.0.10240.16384	File System Driver	Running
NetBT	NetBT	netbt.sys	10.0.10240.16384	Kernel Driver	Running
Npfs	Npfs			File System Driver	Running
npsvctrig	Named pipe service trigger provider	npsvctrig.sys	10.0.10240.16384	Kernel Driver	Running
nsiproxy	NSI Proxy Service Driver	nsiproxy.sys	10.0.10240.16384	Kernel Driver	Running
NTFS	NTFS			File System Driver	Running
Null	Null			Kernel Driver	Running
nv_agp	NVIDIA nForce AGP Bus Filter	nv_agp.sys	10.0.10240.16384	Kernel Driver	Stopped
nvraid	nvraid	nvraid.sys	10.6.0.23	Kernel Driver	Stopped
nvstor	nvstor	nvstor.sys	10.6.0.23	Kernel Driver	Stopped
ov5670	Camera Sensor ov5670	ov5670.sys	10.0.10011.0	Kernel Driver	Running
Parport	Parallel port driver	parport.sys	10.0.10240.16384	Kernel Driver	Stopped
partmgr	Partition Manager	partmgr.sys	10.0.10240.16384	Kernel Driver	Running
pci	PCI Bus Driver	pci.sys	10.0.10240.16390	Kernel Driver	Running
pciide	pciide	pciide.sys	10.0.10240.16384	Kernel Driver	Stopped
pcmcia	pcmcia	pcmcia.sys	10.0.10240.16384	Kernel Driver	Stopped
pcw	Performance Counters for Windows Driver	pcw.sys	10.0.10240.16384	Kernel Driver	Running
pdc	pdc	pdc.sys	10.0.10240.16384	Kernel Driver	Running
PEAUTH	PEAUTH	peauth.sys	10.0.10240.16384	Kernel Driver	Running
percsas2i	percsas2i	percsas2i.sys	6.803.21.0	Kernel Driver	Stopped
percsas3i	percsas3i	percsas3i.sys	6.602.12.0	Kernel Driver	Stopped
PMIC	Intel(R) Power Management IC Device Service	PMIC.sys	604.10146.2656.541	Kernel Driver	Running
PptpMiniport	WAN Miniport (PPTP)	raspptp.sys	10.0.10240.16384	Kernel Driver	Stopped
Processor	Processor Driver	processr.sys	10.0.10240.16384	Kernel Driver	Stopped
Psched	QoS Packet Scheduler	pacer.sys	10.0.10240.16384	Kernel Driver	Running
QWAVEdrv	QWAVE driver	qwavedrv.sys	10.0.10240.16384	Kernel Driver	Stopped
RasAcd	Remote Access Auto Connection Driver	rasacd.sys	10.0.10240.16384	Kernel Driver	Stopped
RasAgileVpn	WAN Miniport (IKEv2)	AgileVpn.sys	10.0.10240.16384	Kernel Driver	Stopped
Rasl2tp	WAN Miniport (L2TP)	rasl2tp.sys	10.0.10240.16384	Kernel Driver	Stopped
RasPppoe	Remote Access PPPOE Driver	raspppoe.sys	10.0.10240.16384	Kernel Driver	Stopped
RasSstp	WAN Miniport (SSTP)	rassstp.sys	10.0.10240.16384	Kernel Driver	Stopped
rdbss	Redirected Buffering Sub System	rdbss.sys	10.0.10240.16384	File System Driver	Running
rdpbus	Remote Desktop Device Redirector Bus Driver	rdpbus.sys	10.0.10240.16384	Kernel Driver	Running
RDPDR	Remote Desktop Device Redirector Driver	rdpdr.sys	10.0.10240.16384	Kernel Driver	Stopped
RdpVideoMiniport	Remote Desktop Video Miniport Driver	rdpvideominiport.sys	10.0.10240.16384	Kernel Driver	Stopped
rdyboost	ReadyBoost	rdyboost.sys	10.0.10240.16428	Kernel Driver	Running
ReFSv1	ReFSv1			File System Driver	Stopped
RFCOMM	Bluetooth Device (RFCOMM Protocol TDI)	rfcomm.sys	10.0.10240.16384	Kernel Driver	Running
rspndr	Link-Layer Topology Discovery Responder	rspndr.sys	10.0.10240.16384	Kernel Driver	Running
rtii2sac64	Realtek I2S Audio Codec Device Driver	rtii2sac.sys	6.4.10147.4290	Kernel Driver	Running
s3cap	s3cap	vms3cap.sys	10.0.10240.16384	Kernel Driver	Stopped
sbp2port	SBP-2 Transport/Protocol Bus Driver	sbp2port.sys	10.0.10240.16384	Kernel Driver	Stopped
scfilter	Smart card PnP Class Filter Driver	scfilter.sys	10.0.10240.16384	Kernel Driver	Stopped
sdbus	sdbus	sdbus.sys	10.0.10240.16384	Kernel Driver	Running
sdstor	SD Storage Port Driver	sdstor.sys	10.0.10240.16384	Kernel Driver	Running
SensorsHIDClassDriver	UMDF Reflector service for Sensors HID Class Driver	WUDFRd.sys	10.0.10240.16384	Kernel Driver	Running
SerCx	Serial UART Support Library	SerCx.sys	10.0.10240.16384	Kernel Driver	Stopped
SerCx2	Serial UART Support Library	SerCx2.sys	10.0.10240.16384	Kernel Driver	Running
Serenum	Serenum Filter Driver	serenum.sys	10.0.10240.16384	Kernel Driver	Running
Serial	Serial port driver	serial.sys	10.0.10240.16384	Kernel Driver	Running
sermouse	Serial Mouse Driver	sermouse.sys	10.0.10240.16384	Kernel Driver	Stopped
sfloppy	High-Capacity Floppy Disk Drive	sfloppy.sys	10.0.10240.16384	Kernel Driver	Stopped
SiSRaid2	SiSRaid2	SiSRaid2.sys	5.1.1039.2600	Kernel Driver	Stopped
SiSRaid4	SiSRaid4	sisraid4.sys	5.1.1039.3600	Kernel Driver	Stopped
spaceport	Storage Spaces Driver	spaceport.sys	10.0.10240.16384	Kernel Driver	Running
SpbCx	Simple Peripheral Bus Support Library	SpbCx.sys	10.0.10240.16384	Kernel Driver	Running
srv	Server SMB 1.xxx Driver	srv.sys	10.0.10240.16384	File System Driver	Running
srv2	Server SMB 2.xxx Driver	srv2.sys	10.0.10240.16384	File System Driver	Running
srvnet	srvnet	srvnet.sys	10.0.10240.16384	File System Driver	Running
stexstor	stexstor	stexstor.sys	5.1.0.10	Kernel Driver	Stopped
storahci	Microsoft Standard SATA AHCI Driver	storahci.sys	10.0.10240.16384	Kernel Driver	Stopped
storflt	Microsoft Hyper-V Storage Accelerator	vmstorfl.sys	10.0.10240.16384	Kernel Driver	Stopped
stornvme	Microsoft Standard NVM Express Driver	stornvme.sys	10.0.10240.16431	Kernel Driver	Stopped
storqosflt	Storage QoS Filter Driver	storqosflt.sys	10.0.10240.16384	File System Driver	Running
storufs	Microsoft Universal Flash Storage (UFS) Driver	storufs.sys	10.0.10240.16384	Kernel Driver	Stopped
storvsc	storvsc	storvsc.sys	10.0.10240.16384	Kernel Driver	Stopped
swenum	Software Bus Driver	swenum.sys	6.2.10240.16384	Kernel Driver	Running
Synth3dVsc	Synth3dVsc	Synth3dVsc.sys	10.0.10240.16384	Kernel Driver	Stopped
Tcpip	TCP/IP Protocol Driver	tcpip.sys	10.0.10240.16384	Kernel Driver	Running
Tcpip6	@todo.dll,-100;Microsoft IPv6 Protocol Driver	tcpip.sys	10.0.10240.16384	Kernel Driver	Stopped
tcpipreg	TCP/IP Registry Compatibility	tcpipreg.sys	10.0.10240.16384	Kernel Driver	Running
tdx	NetIO Legacy TDI Support Driver	tdx.sys	10.0.10240.16384	Kernel Driver	Running
terminpt	Microsoft Remote Desktop Input Driver	terminpt.sys	10.0.10240.16384	Kernel Driver	Stopped
TPM	TPM	tpm.sys	10.0.10240.16384	Kernel Driver	Running
TsUsbFlt	Remote Desktop USB Hub Class Filter Driver	TsUsbFlt.sys	10.0.10240.16384	Kernel Driver	Stopped
TsUsbGD	Remote Desktop Generic USB Device	TsUsbGD.sys	10.0.10240.16384	Kernel Driver	Stopped
tunnel	Microsoft Tunnel Miniport Adapter Driver	tunnel.sys	10.0.10240.16412	Kernel Driver	Running
TXEIx64	Intel(R) Trusted Execution Engine Interface	TXEIx64.sys	2.0.0.1067	Kernel Driver	Running
uagp35	Microsoft AGPv3.5 Filter	uagp35.sys	10.0.10240.16384	Kernel Driver	Stopped
UASPStor	USB Attached SCSI (UAS) Driver	uaspstor.sys	10.0.10240.16384	Kernel Driver	Stopped
UcmCx0101	USB Connector Manager KMDF Class Extension	UcmCx.sys	10.0.10240.16384	Kernel Driver	Stopped
UcmUcsi	USB Connector Manager UCSI Client	UcmUcsi.sys	10.0.10240.16389	Kernel Driver	Stopped
Ucx01000	USB Host Support Library	ucx01000.sys	10.0.10240.16384	Kernel Driver	Running
UdeCx	USB Device Emulation Support Library	udecx.sys		Kernel Driver	Stopped
udfs	udfs	udfs.sys	10.0.10240.16384	File System Driver	Stopped
UEFI	Microsoft UEFI Driver	UEFI.sys	10.0.10240.16384	Kernel Driver	Running
Ufx01000	USB Function Class Extension	ufx01000.sys	10.0.10240.16384	Kernel Driver	Stopped
UfxChipidea	USB Chipidea Controller	UfxChipidea.sys	10.0.10240.16384	Kernel Driver	Stopped
ufxsynopsys	USB Synopsys Controller	ufxsynopsys.sys	10.0.10240.16384	Kernel Driver	Stopped
uliagpkx	Uli AGP Bus Filter	uliagpkx.sys	10.0.10240.16384	Kernel Driver	Stopped
umbus	UMBus Enumerator Driver	umbus.sys	10.0.10240.16384	Kernel Driver	Running
UmPass	Microsoft UMPass Driver	umpass.sys	10.0.10240.16384	Kernel Driver	Stopped
unicam	Camera Sensor UNICAM	hm2051.sys	1.0.0.1	Kernel Driver	Running
UrsChipidea	Chipidea USB Role-Switch Driver	urschipidea.sys	10.0.10240.16384	Kernel Driver	Stopped
UrsCx01000	USB Role-Switch Support Library	urscx01000.sys	10.0.10240.16384	Kernel Driver	Stopped
UrsSynopsys	Synopsys USB Role-Switch Driver	urssynopsys.sys	10.0.10240.16384	Kernel Driver	Stopped
usbccgp	Microsoft USB Generic Parent Driver	usbccgp.sys	10.0.10240.16384	Kernel Driver	Running
usbcir	eHome Infrared Receiver (USBCIR)	usbcir.sys	10.0.10240.16384	Kernel Driver	Stopped
usbehci	Microsoft USB 2.0 Enhanced Host Controller Miniport Driver	usbehci.sys	10.0.10240.16384	Kernel Driver	Stopped
usbhub	Microsoft USB Standard Hub Driver	usbhub.sys	10.0.10240.16401	Kernel Driver	Stopped
USBHUB3	SuperSpeed Hub	UsbHub3.sys	10.0.10240.16425	Kernel Driver	Running
usbohci	Microsoft USB Open Host Controller Miniport Driver	usbohci.sys	10.0.10240.16384	Kernel Driver	Stopped
usbprint	Microsoft USB PRINTER Class	usbprint.sys	10.0.10240.16384	Kernel Driver	Stopped
usbser	Microsoft USB Serial Driver	usbser.sys	10.0.10240.16401	Kernel Driver	Stopped
USBSTOR	USB Mass Storage Driver	USBSTOR.SYS	10.0.10240.16384	Kernel Driver	Stopped
usbuhci	Microsoft USB Universal Host Controller Miniport Driver	usbuhci.sys	10.0.10240.16384	Kernel Driver	Stopped
USBXHCI	USB xHCI Compliant Host Controller	USBXHCI.SYS	10.0.10240.16384	Kernel Driver	Running
vdrvroot	Microsoft Virtual Drive Enumerator	vdrvroot.sys	10.0.10240.16384	Kernel Driver	Running
VerifierExt	VerifierExt	VerifierExt.sys	10.0.10240.16384	Kernel Driver	Stopped
vhdmp	vhdmp	vhdmp.sys	10.0.10240.16384	Kernel Driver	Stopped
vhf	Virtual HID Framework (VHF) Driver	vhf.sys	10.0.10240.16384	Kernel Driver	Stopped
vmbus	Virtual Machine Bus	vmbus.sys	10.0.10240.16384	Kernel Driver	Stopped
VMBusHID	VMBusHID	VMBusHID.sys	10.0.10240.16384	Kernel Driver	Stopped
volmgr	Volume Manager Driver	volmgr.sys	10.0.10240.16384	Kernel Driver	Running
volmgrx	Dynamic Volume Manager	volmgrx.sys	10.0.10240.16384	Kernel Driver	Running
volsnap	Storage volumes	volsnap.sys	10.0.10240.16384	Kernel Driver	Running
vpci	Microsoft Hyper-V Virtual PCI Bus	vpci.sys	10.0.10240.16384	Kernel Driver	Stopped
vsmraid	vsmraid	vsmraid.sys	7.0.9600.6352	Kernel Driver	Stopped
VSTXRAID	VIA StorX Storage RAID Controller Windows Driver	vstxraid.sys	8.0.9200.8110	Kernel Driver	Stopped
vwifibus	Virtual WiFi Bus Driver	vwifibus.sys	10.0.10240.16384	Kernel Driver	Running
vwififlt	Virtual WiFi Filter Driver	vwififlt.sys	10.0.10240.16384	Kernel Driver	Running
vwifimp	Virtual WiFi Miniport Service	vwifimp.sys	10.0.10240.16384	Kernel Driver	Running
WacomPen	Wacom Serial Pen HID Driver	wacompen.sys	10.0.10240.16384	Kernel Driver	Stopped
wanarp	Remote Access IP ARP Driver	wanarp.sys	10.0.10240.16384	Kernel Driver	Stopped
wanarpv6	Remote Access IPv6 ARP Driver	wanarp.sys	10.0.10240.16384	Kernel Driver	Stopped
WdBoot	Windows Defender Boot Driver	WdBoot.sys	4.8.10240.16384	Kernel Driver	Stopped
Wdf01000	Kernel Mode Driver Frameworks service	Wdf01000.sys	1.15.10240.16384	Kernel Driver	Running
WdFilter	Windows Defender Mini-Filter Driver	WdFilter.sys	4.8.10240.16384	File System Driver	Running
wdiwifi	WDI Driver Framework	wdiwifi.sys	10.0.10240.16428	Kernel Driver	Stopped
WdNisDrv	Windows Defender Network Inspection System Driver	WdNisDrv.sys	4.8.10240.16384	Kernel Driver	Running
wfpcapture	Microsoft WFP Message Capture	wfpcapture.sys		Kernel Driver	Stopped
WFPLWFS	Microsoft Windows Filtering Platform	wfplwfs.sys	10.0.10240.16384	Kernel Driver	Running
WIMMount	WIMMount	wimmount.sys	10.0.10240.16384	File System Driver	Stopped
WindowsTrustedRT	Windows Trusted Execution Environment Class Extension	WindowsTrustedRT.sys	10.0.10240.16384	Kernel Driver	Running
WindowsTrustedRTProxy	Microsoft Windows Trusted Runtime Secure Service	WindowsTrustedRTProxy.sys	10.0.10240.16384	Kernel Driver	Running
WinMad	WinMad Service	winmad.sys	4.91.10726.0	Kernel Driver	Stopped
WINUSB	WinUsb Driver	WinUSB.SYS	10.0.10240.16384	Kernel Driver	Stopped
WinVerbs	WinVerbs Service	winverbs.sys	4.91.10726.0	Kernel Driver	Stopped
WmiAcpi	Microsoft Windows Management Interface for ACPI	wmiacpi.sys	10.0.10240.16384	Kernel Driver	Running
Wof	Windows Overlay File System Filter Driver			File System Driver	Running
wpcfltr	Family Safety Filter Driver	wpcfltr.sys	10.0.10240.16425	Kernel Driver	Stopped
WpdUpFltr	WPD Upper Class Filter Driver	WpdUpFltr.sys	10.0.10240.16384	Kernel Driver	Stopped
ws2ifsl	Winsock IFS Driver	ws2ifsl.sys	10.0.10240.16384	Kernel Driver	Stopped
WudfPf	User Mode Driver Frameworks Platform Driver	WudfPf.sys	10.0.10240.16384	Kernel Driver	Running
WUDFRd	Windows Driver Foundation - User-mode Driver Framework Reflector	WUDFRd.sys	10.0.10240.16384	Kernel Driver	Running
xboxgip	Xbox Game Input Protocol Driver	xboxgip.sys	10.0.10240.16384	Kernel Driver	Stopped
xinputhid	XINPUT HID Filter Driver	xinputhid.sys	10.0.10240.16384	Kernel Driver	Stopped

Services


Service Name	Service Description	File Name	Version	Type	State	Account
AJRouter	AllJoyn Router Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
ALG	Application Layer Gateway Service	alg.exe	10.0.10240.16384	Own Process	Stopped	NT AUTHORITY\LocalService
AppIDSvc	Application Identity	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT Authority\LocalService
Appinfo	Application Information	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
AppReadiness	App Readiness	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
AppXSvc	AppX Deployment Service (AppXSVC)	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
AsHidService	ASUS HID Access Service	AsHidSrv.exe	1.0.87.1	Own Process	Running	LocalSystem
ASLDRService	ASLDR Service	AsLdrSrv.exe	1.0.87.2	Own Process	Running	LocalSystem
ASUSScreenAdjustService	ASUSScreenAdjustService	ASUSScreenAdjustService.exe	1.0.15.7081	Own Process	Running	LocalSystem
ATKGFNEXSrv	ATKGFNEX Service	GFNEXSrv.exe	1.0.12.2	Own Process	Running	LocalSystem
AudioEndpointBuilder	Windows Audio Endpoint Builder	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
Audiosrv	Windows Audio	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
AxInstSV	ActiveX Installer (AxInstSV)	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
BcmBtRSupport	Bluetooth Driver Management Service	BtwRSupportService.exe	12.0.0.8048	Own Process	Stopped	LocalSystem
BDESVC	BitLocker Drive Encryption Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	localSystem
BFE	Base Filtering Engine	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
BITS	Background Intelligent Transfer Service	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
BrokerInfrastructure	Background Tasks Infrastructure Service	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
Browser	Computer Browser	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
BthHFSrv	Bluetooth Handsfree Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
bthserv	Bluetooth Support Service	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
CDPSvc	CDPSvc	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
CertPropSvc	Certificate Propagation	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
ClipSVC	Client License Service (ClipSVC)	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
COMSysApp	COM+ System Application	dllhost.exe	6.2.10240.16384	Own Process	Stopped	LocalSystem
CoreMessagingRegistrar	CoreMessaging	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
cphs	Intel(R) Content Protection HECI Service	IntelCpHeciSvc.exe	9.0.31.9000	Own Process	Stopped	LocalSystem
CryptSvc	Cryptographic Services	svchost.exe	6.2.10240.16384	Share Process	Running	NT Authority\NetworkService
DcomLaunch	DCOM Server Process Launcher	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
DcpSvc	DataCollectionPublishingService	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
defragsvc	Optimize drives	svchost.exe	6.2.10240.16384	Own Process	Stopped	localSystem
DeviceAssociationService	Device Association Service	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
DeviceInstall	Device Install Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
DevQueryBroker	DevQuery Background Discovery Broker	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
Dhcp	DHCP Client	svchost.exe	6.2.10240.16384	Share Process	Running	NT Authority\LocalService
diagnosticshub.standardcollector.service	Microsoft (R) Diagnostics Hub Standard Collector Service	DiagnosticsHub.StandardCollector.Service.exe	11.0.10240.16384	Own Process	Stopped	LocalSystem
DiagTrack	Diagnostics Tracking Service	svchost.exe	6.2.10240.16384	Own Process	Running	LocalSystem
DmEnrollmentSvc	Device Management Enrollment Service	svchost.exe	6.2.10240.16384	Own Process	Stopped	LocalSystem
dmwappushservice	dmwappushsvc	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
Dnscache	DNS Client	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\NetworkService
DoSvc	Delivery Optimization	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
dot3svc	Wired AutoConfig	svchost.exe	6.2.10240.16384	Share Process	Stopped	localSystem
DPS	Diagnostic Policy Service	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
DptfParticipantProcessorService	Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application	DptfParticipantProcessorService.exe	604.10146.2651.1559	Own Process	Running	LocalSystem
DptfParticipantWirelessService	Intel(R) Dynamic Platform & Thermal Framework Wireless Participant Service Application	DptfParticipantWirelessService.exe	604.10146.2651.1559	Own Process	Stopped	LocalSystem
DptfPolicyCriticalService	Intel(R) Dynamic Platform & Thermal Framework Critical Service Application	DptfPolicyCriticalService.exe	604.10146.2651.1559	Own Process	Running	LocalSystem
DptfPolicyLpmService	Intel(R) Dynamic Platform & Thermal Framework Low Power Mode Service Application	DptfPolicyLpmService.exe	604.10146.2651.1559	Own Process	Running	LocalSystem
DsmSvc	Device Setup Manager	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
DsSvc	Data Sharing Service	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
Eaphost	Extensible Authentication Protocol	svchost.exe	6.2.10240.16384	Share Process	Stopped	localSystem
EFS	Encrypting File System (EFS)	lsass.exe	10.0.10240.16384	Share Process	Stopped	LocalSystem
embeddedmode	embeddedmode	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
EntAppSvc	Enterprise App Management Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
EventLog	Windows Event Log	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
EventSystem	COM+ Event System	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
Fax	Fax	fxssvc.exe	10.0.10240.16384	Own Process	Stopped	NT AUTHORITY\NetworkService
fdPHost	Function Discovery Provider Host	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
FDResPub	Function Discovery Resource Publication	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
fhsvc	File History Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
FontCache	Windows Font Cache Service	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
FontCache3.0.0.0	Windows Presentation Foundation Font Cache 3.0.0.0	PresentationFontCache.exe	3.0.6920.8674	Own Process	Running	NT Authority\LocalService
gpsvc	Group Policy Client	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
hidserv	Human Interface Device Service	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
HomeGroupListener	HomeGroup Listener	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
HomeGroupProvider	HomeGroup Provider	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
icssvc	Windows Mobile Hotspot Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT Authority\LocalService
IEEtwCollectorService	Internet Explorer ETW Collector Service	IEEtwCollector.exe	11.0.10240.16384	Own Process	Stopped	LocalSystem
igfxCUIService2.0.0.0	Intel(R) HD Graphics Control Panel Service	igfxCUIService.exe	6.15.10.4256	Own Process	Running	LocalSystem
IKEEXT	IKE and AuthIP IPsec Keying Modules	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
Intel(R) Capability Licensing Service TCP IP Interface	Intel(R) Capability Licensing Service TCP IP Interface	SocketHeciServer.exe	1.42.17.0	Own Process	Stopped	LocalSystem
Intel(R) Security Assist	Intel(R) Security Assist	isa.exe	1.0.0.523	Own Process	Running	LocalSystem
iphlpsvc	IP Helper	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
isaHelperSvc	Intel(R) Security Assist Helper	isaHelperService.exe		Own Process	Stopped	LocalSystem
jhi_service	Intel(R) Dynamic Application Loader Host Interface	jhi_service.exe	2.0.0.1062	Own Process	Running	LocalSystem
KeyIso	CNG Key Isolation	lsass.exe	10.0.10240.16384	Share Process	Running	LocalSystem
KtmRm	KtmRm for Distributed Transaction Coordinator	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\NetworkService
LanmanServer	Server	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
LanmanWorkstation	Workstation	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\NetworkService
lfsvc	Geolocation Service	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
LicenseManager	Windows License Manager Service	svchost.exe	6.2.10240.16384	Share Process	Running	NT Authority\LocalService
lltdsvc	Link-Layer Topology Discovery Mapper	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
lmhosts	TCP/IP NetBIOS Helper	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
LSM	Local Session Manager	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
MapsBroker	Downloaded Maps Manager	svchost.exe	6.2.10240.16384	Own Process	Stopped	NT AUTHORITY\NetworkService
MpsSvc	Windows Firewall	svchost.exe	6.2.10240.16384	Share Process	Running	NT Authority\LocalService
MSDTC	Distributed Transaction Coordinator	msdtc.exe	2001.12.10941.16384	Own Process	Stopped	NT AUTHORITY\NetworkService
MSiSCSI	Microsoft iSCSI Initiator Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
msiserver	Windows Installer	msiexec.exe	5.0.10240.16386	Own Process	Stopped	LocalSystem
NcaSvc	Network Connectivity Assistant	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
NcbService	Network Connection Broker	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
NcdAutoSetup	Network Connected Devices Auto-Setup	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
Netlogon	Netlogon	lsass.exe	10.0.10240.16384	Share Process	Stopped	LocalSystem
Netman	Network Connections	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
netprofm	Network List Service	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
NetSetupSvc	Network Setup Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
NetTcpPortSharing	Net.Tcp Port Sharing Service	SMSvcHost.exe	4.6.79.0	Share Process	Stopped	NT AUTHORITY\LocalService
NgcCtnrSvc	Microsoft Passport Container	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
NgcSvc	Microsoft Passport	lsass.exe	10.0.10240.16384	Share Process	Stopped	LocalSystem
NlaSvc	Network Location Awareness	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\NetworkService
nsi	Network Store Interface Service	svchost.exe	6.2.10240.16384	Share Process	Running	NT Authority\LocalService
p2pimsvc	Peer Networking Identity Manager	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
p2psvc	Peer Networking Grouping	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
PcaSvc	Program Compatibility Assistant Service	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
PerfHost	Performance Counter DLL Host	perfhost.exe	6.2.10240.16384	Own Process	Stopped	NT AUTHORITY\LocalService
pla	Performance Logs & Alerts	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
PlugPlay	Plug and Play	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
PNRPAutoReg	PNRP Machine Name Publication Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
PNRPsvc	Peer Name Resolution Protocol	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
PolicyAgent	IPsec Policy Agent	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT Authority\NetworkService
Power	Power	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
PrintNotify	Printer Extensions and Notifications	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
ProfSvc	User Profile Service	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
QWAVE	Quality Windows Audio Video Experience	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
RasAuto	Remote Access Auto Connection Manager	svchost.exe	6.2.10240.16384	Share Process	Stopped	localSystem
RasMan	Remote Access Connection Manager	svchost.exe	6.2.10240.16384	Share Process	Stopped	localSystem
RemoteAccess	Routing and Remote Access	svchost.exe	6.2.10240.16384	Share Process	Stopped	localSystem
RemoteRegistry	Remote Registry	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
RetailDemo	Retail Demo Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
RpcEptMapper	RPC Endpoint Mapper	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\NetworkService
RpcLocator	Remote Procedure Call (RPC) Locator	locator.exe	10.0.10240.16384	Own Process	Stopped	NT AUTHORITY\NetworkService
RpcSs	Remote Procedure Call (RPC)	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\NetworkService
SamSs	Security Accounts Manager	lsass.exe	10.0.10240.16384	Share Process	Running	LocalSystem
SCardSvr	Smart Card	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
ScDeviceEnum	Smart Card Device Enumeration Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
Schedule	Task Scheduler	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
SCPolicySvc	Smart Card Removal Policy	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
SDRSVC	Windows Backup	svchost.exe	6.2.10240.16384	Own Process	Stopped	localSystem
seclogon	Secondary Logon	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
SENS	System Event Notification Service	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
SensorDataService	Sensor Data Service	SensorDataService.exe	10.0.10240.16387	Own Process	Stopped	LocalSystem
SensorService	Sensor Service	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
SensrSvc	Sensor Monitoring Service	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
SessionEnv	Remote Desktop Configuration	svchost.exe	6.2.10240.16384	Share Process	Stopped	localSystem
SharedAccess	Internet Connection Sharing (ICS)	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
ShellHWDetection	Shell Hardware Detection	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
smphost	Microsoft Storage Spaces SMP	svchost.exe	6.2.10240.16384	Own Process	Stopped	NT AUTHORITY\NetworkService
SmsRouter	Microsoft Windows SMS Router Service.	svchost.exe	6.2.10240.16384	Share Process	Stopped	localSystem
SNMPTRAP	SNMP Trap	snmptrap.exe	10.0.10240.16384	Own Process	Stopped	NT AUTHORITY\LocalService
Spooler	Print Spooler	spoolsv.exe	10.0.10240.16384	Own Process	Running	LocalSystem
sppsvc	Software Protection	sppsvc.exe	10.0.10240.16384	Own Process	Running	NT AUTHORITY\NetworkService
SSDPSRV	SSDP Discovery	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
SstpSvc	Secure Socket Tunneling Protocol Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT Authority\LocalService
StateRepository	State Repository Service	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
stisvc	Windows Image Acquisition (WIA)	svchost.exe	6.2.10240.16384	Own Process	Stopped	NT Authority\LocalService
StorSvc	Storage Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
svsvc	Spot Verifier	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
swprv	Microsoft Software Shadow Copy Provider	svchost.exe	6.2.10240.16384	Own Process	Running	LocalSystem
SysMain	Superfetch	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
SystemEventsBroker	System Events Broker	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
TabletInputService	Touch Keyboard and Handwriting Panel Service	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
TapiSrv	Telephony	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\NetworkService
TermService	Remote Desktop Services	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT Authority\NetworkService
Themes	Themes	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
tiledatamodelsvc	Tile Data model server	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
TimeBroker	Time Broker	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
TrkWks	Distributed Link Tracking Client	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
TrustedInstaller	Windows Modules Installer	TrustedInstaller.exe	6.2.10240.16384	Own Process	Stopped	localSystem
UI0Detect	Interactive Services Detection	UI0Detect.exe	10.0.10240.16384	Own Process	Stopped	LocalSystem
UmRdpService	Remote Desktop Services UserMode Port Redirector	svchost.exe	6.2.10240.16384	Share Process	Stopped	localSystem
upnphost	UPnP Device Host	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
UserManager	User Manager	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
UsoSvc	Update Orchestrator Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
VaultSvc	Credential Manager	lsass.exe	10.0.10240.16384	Share Process	Running	LocalSystem
vds	Virtual Disk	vds.exe	10.0.10240.16384	Own Process	Stopped	LocalSystem
vmicguestinterface	Hyper-V Guest Service Interface	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
vmicheartbeat	Hyper-V Heartbeat Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
vmickvpexchange	Hyper-V Data Exchange Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
vmicrdv	Hyper-V Remote Desktop Virtualization Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
vmicshutdown	Hyper-V Guest Shutdown Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
vmictimesync	Hyper-V Time Synchronization Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
vmicvmsession	Hyper-V VM Session Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
vmicvss	Hyper-V Volume Shadow Copy Requestor	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
VSS	Volume Shadow Copy	vssvc.exe	10.0.10240.16384	Own Process	Stopped	LocalSystem
W32Time	Windows Time	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
WalletService	WalletService	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
wbengine	Block Level Backup Engine Service	wbengine.exe	10.0.10240.16384	Own Process	Stopped	localSystem
WbioSrvc	Windows Biometric Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
Wcmsvc	Windows Connection Manager	svchost.exe	6.2.10240.16384	Share Process	Running	NT Authority\LocalService
wcncsvc	Windows Connect Now - Config Registrar	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
WcsPlugInService	Windows Color System	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
WdiServiceHost	Diagnostic Service Host	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
WdiSystemHost	Diagnostic System Host	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
WdNisSvc	Windows Defender Network Inspection Service	NisSrv.exe		Own Process	Running	NT AUTHORITY\LocalService
WebClient	WebClient	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
Wecsvc	Windows Event Collector	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\NetworkService
WEPHOSTSVC	Windows Encryption Provider Host Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
wercplsupport	Problem Reports and Solutions Control Panel Support	svchost.exe	6.2.10240.16384	Share Process	Stopped	localSystem
WerSvc	Windows Error Reporting Service	svchost.exe	6.2.10240.16384	Own Process	Stopped	localSystem
WiaRpc	Still Image Acquisition Events	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
WinDefend	Windows Defender Service	MsMpEng.exe		Own Process	Running	LocalSystem
WinHttpAutoProxySvc	WinHTTP Web Proxy Auto-Discovery Service	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
Winmgmt	Windows Management Instrumentation	svchost.exe	6.2.10240.16384	Share Process	Running	localSystem
WinRM	Windows Remote Management (WS-Management)	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\NetworkService
WlanSvc	WLAN AutoConfig	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
wlidsvc	Microsoft Account Sign-in Assistant	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
wmiApSrv	WMI Performance Adapter	WmiApSrv.exe	10.0.10240.16384	Own Process	Stopped	localSystem
WMPNetworkSvc	Windows Media Player Network Sharing Service	wmpnetwk.exe		Own Process	Stopped	NT AUTHORITY\NetworkService
workfolderssvc	Work Folders	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
WPDBusEnum	Portable Device Enumerator Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
WpnService	Windows Push Notifications Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
wscsvc	Security Center	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
WSearch	Windows Search	SearchIndexer.exe	7.0.10240.16392	Own Process	Running	LocalSystem
WSService	Windows Store Service (WSService)	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
wuauserv	Windows Update	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
wudfsvc	Windows Driver Foundation - User-mode Driver Framework	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
WwanSvc	WWAN AutoConfig	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT Authority\LocalService
XblAuthManager	Xbox Live Auth Manager	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
XblGameSave	Xbox Live Game Save	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
XboxNetApiSvc	Xbox Live Networking Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem

AX Files


AX File	Version	Description
bdaplgin.ax	6.2.10240.16384	Microsoft BDA Device Control Plug-in for MPEG2 based networks.
g711codc.ax	6.2.10240.16384	Intel G711 CODEC
iac25_32.ax	2.0.5.53	Indeo� audio software
ir41_32.ax	6.2.10240.16384	IR41_32 WRAPPER DLL
ivfsrc.ax	5.10.2.51	Intel Indeo� video IVF Source Filter 5.10
ksproxy.ax	6.2.10240.16384	WDM Streaming ActiveMovie Proxy
kstvtune.ax	6.2.10240.16384	WDM Streaming TvTuner
kswdmcap.ax	6.2.10240.16384	WDM Streaming Video Capture
ksxbar.ax	6.2.10240.16384	WDM Streaming Crossbar
mpeg2data.ax	6.2.10240.16384	Microsoft MPEG-2 Section and Table Acquisition Module
mpg2splt.ax	6.2.10240.16384	DirectShow MPEG-2 Splitter.
msdvbnp.ax	6.2.10240.16384	Microsoft Network Provider for MPEG2 based networks.
msnp.ax	6.2.10240.16384	Microsoft Network Provider for MPEG2 based networks.
psisrndr.ax	6.2.10240.16384	Microsoft Transport Information Filter for MPEG2 based networks.
vbicodec.ax	6.2.10240.16384	Microsoft VBI Codec
vbisurf.ax	6.2.10240.16384	VBI Surface Allocator Filter
vidcap.ax	6.2.10240.16384	Video Capture Interface Server
wstpager.ax	6.2.10240.16384	Microsoft Teletext Server

DLL Files


DLL File	Version	Description
abovelockapphost.dll	6.2.10240.16384	AboveLockAppHost
accessibilitycpl.dll	6.2.10240.16384	Ease of access control panel
accountscontrolinternal.dll	6.2.10240.16384	Accounts Control Broker Objects
acctres.dll	6.2.10240.16384	Microsoft Internet Account Manager Resources
acledit.dll	6.2.10240.16384	Access Control List Editor
aclui.dll	6.2.10240.16384	Security Descriptor Editor
acppage.dll	6.2.10240.16384	Compatibility Tab Shell Extension Library
actioncenter.dll	6.2.10240.16427	Security and Maintenance
actioncentercpl.dll	6.2.10240.16384	Security and Maintenance Control Panel
activationclient.dll	6.2.10240.16384	Activation Client
activeds.dll	6.2.10240.16384	ADs Router Layer DLL
actxprxy.dll	6.2.10240.16390	ActiveX Interface Marshaling Library
addressparser.dll	6.2.10240.16384	ADDRESSPARSER
adprovider.dll	6.2.10240.16384	adprovider DLL
adsldp.dll	6.2.10240.16384	ADs LDAP Provider DLL
adsldpc.dll	6.2.10240.16384	ADs LDAP Provider C DLL
adsmsext.dll	6.2.10240.16384	ADs LDAP Provider DLL
adsnt.dll	6.2.10240.16384	ADs Windows NT Provider DLL
adtschema.dll	6.2.10240.16384	Security Audit Schema DLL
advapi32.dll	6.2.10240.16384	Advanced Windows 32 Base API
advapi32res.dll	6.2.10240.16384	Advanced Windows 32 Base API
advpack.dll	11.0.10240.16384	ADVPACK
aeevts.dll	6.2.10240.16384	Application Experience Event Resources
amsi.dll	4.8.10240.16384	Anti-Malware Scan Interface
amstream.dll	6.2.10240.16384	DirectShow Runtime.
apds.dll	6.2.10240.16384	Microsoft� Help Data Services Module
appcapture.dll	6.2.10240.16384	Windows Runtime AppCapture DLL
appcontracts.dll	6.2.10240.16387	Windows AppContracts API Server
apphelp.dll	6.2.10240.16384	Application Compatibility Client Library
apphlpdm.dll	6.2.10240.16384	Application Compatibility Help Module
appidapi.dll	6.2.10240.16384	Application Identity APIs Dll
applockercsp.dll	6.2.10240.16384	AppLockerCSP
appointmentactivation.dll	6.2.10240.16384	DLL for AppointmentActivation
appointmentapis.dll	6.2.10240.16384	DLL for CalendarRT
apprepapi.dll	6.2.10240.16384	Application Reputation APIs Dll
apprepsync.dll	6.2.10240.16384	AppRepSync Task
appxalluserstore.dll	6.2.10240.16389	AppX All User Store DLL
appxapplicabilityengine.dll	6.2.10240.16384	AppX Applicability Engine
appxdeploymentclient.dll	6.2.10240.16445	AppX Deployment Client DLL
appxpackaging.dll	6.2.10240.16384	Native Code Appx Packaging Library
appxsip.dll	6.2.10240.16384	Appx Subject Interface Package
asferror.dll	12.0.10240.16384	ASF Error Definitions
aspnet_counters.dll	4.6.79.0	Microsoft ASP.NET Performance Counter Shim DLL
asycfilt.dll	6.2.10240.16384
atl.dll	3.5.2284.0	ATL Module for Windows XP (Unicode)
atl100.dll	10.0.40219.1	ATL Module for Windows
atlthunk.dll	6.2.10240.16384	atlthunk.dll
atmfd.dll	5.1.2.243	Windows NT OpenType/Type 1 Font Driver
atmlib.dll	5.1.2.243	Windows NT OpenType/Type 1 API Library.
audiodev.dll	6.2.10240.16384	Portable Media Devices Shell Extension
audioeng.dll	6.2.10240.16412	Audio Engine
audiokse.dll	6.2.10240.16384	Audio Ks Endpoint
audioses.dll	6.2.10240.16412	Audio Session
authbroker.dll	6.2.10240.16384	Web Authentication WinRT API
authbrokerui.dll	6.2.10240.16384	AuthBroker UI
authext.dll	6.2.10240.16384	Authentication Extensions
authfwcfg.dll	6.2.10240.16384	Windows Firewall with Advanced Security Configuration Helper
authfwgp.dll	6.2.10240.16384	Windows Firewall with Advanced Security Group Policy Editor Extension
authfwsnapin.dll	6.2.10240.16384	Microsoft.WindowsFirewall.SnapIn
authfwwizfwk.dll	6.2.10240.16384	Wizard Framework
authui.dll	6.2.10240.16384	Windows Authentication UI
authz.dll	6.2.10240.16384	Authorization Framework
autoplay.dll	6.2.10240.16384	AutoPlay Control Panel
avicap32.dll	6.2.10240.16384	AVI Capture window class
avifil32.dll	6.2.10240.16384	Microsoft AVI File support library
avrt.dll	6.2.10240.16384	Multimedia Realtime Runtime
azroles.dll	6.2.10240.16384	azroles Module
azroleui.dll	6.2.10240.16384	Authorization Manager
azsqlext.dll	6.2.10240.16384	AzMan Sql Audit Extended Stored Procedures Dll
azuresettingsyncprovider.dll	6.2.10240.16384	Azure Setting Sync Provider
backgroundmediapolicy.dll	6.2.10240.16384	<d> Background Media Policy DLL
basecsp.dll	6.2.10240.16384	Microsoft Base Smart Card Crypto Provider
batmeter.dll	6.2.10240.16384	Battery Meter Helper DLL
bcastdvr.proxy.dll	6.2.10240.16384	Broadcast DVR Proxy
bcd.dll	6.2.10240.16393	BCD DLL
bcp47langs.dll	6.2.10240.16384	BCP47 Language Classes
bcrypt.dll	6.2.10240.16384	Windows Cryptographic Primitives Library
bcryptprimitives.dll	6.2.10240.16384	Windows Cryptographic Primitives Library
bidispl.dll	6.2.10240.16384	Bidispl DLL
bingmaps.dll	6.2.10240.16392	Bing Map Control
bingonlineservices.dll	6.2.10240.16384	Bing online services
biocredprov.dll	6.2.10240.16384	WinBio Credential Provider
bitsperf.dll	7.8.10240.16384	Perfmon Counter Access
bitsproxy.dll	7.8.10240.16384	Background Intelligent Transfer Service Proxy
biwinrt.dll	6.2.10240.16384	Windows Background Broker Infrastructure
blackbox.dll	11.0.10240.16384	BlackBox DLL
bluetoothapis.dll	6.2.10240.16384	Bluetooth Usermode Api host
bootvid.dll	6.2.10240.16384	VGA Boot Driver
browcli.dll	6.2.10240.16384	Browser Service Client DLL
browsersettingsync.dll	6.2.10240.16384	Browser Setting Synchronization
browseui.dll	6.2.10240.16384	Shell Browser UI Library
btpanui.dll	6.2.10240.16384	Bluetooth PAN User Interface
bwcontexthandler.dll	1.0.0.1	ContextH Application
c_g18030.dll	6.2.10240.16384	GB18030 DBCS-Unicode Conversion DLL
c_gsm7.dll	6.2.10240.16384	GSM 7bit Code Page Translation DLL for SMS
c_is2022.dll	6.2.10240.16384	ISO-2022 Code Page Translation DLL
c_iscii.dll	6.2.10240.16384	ISCII Code Page Translation DLL
cabinet.dll	6.2.10240.16384	Microsoft� Cabinet File API
cabview.dll	6.2.10240.16384	Cabinet File Viewer Shell Extension
callbuttons.dll	6.2.10240.16384	Windows Runtime CallButtonsServer DLL
callbuttons.proxystub.dll	6.2.10240.16384	Windows Runtime CallButtonsServer ProxyStub DLL
callhistoryclient.dll	6.2.10240.16384	Client DLL for accessing CallHistory information
cameracaptureui.dll	6.2.10240.16384	Microsoft� Windows� Operating System
capiprovider.dll	6.2.10240.16384	capiprovider DLL
capisp.dll	6.2.10240.16384	Sysprep cleanup dll for CAPI
catsrv.dll	2001.12.10941.16384	COM+ Configuration Catalog Server
catsrvps.dll	2001.12.10941.16384	COM+ Configuration Catalog Server Proxy/Stub
catsrvut.dll	2001.12.10941.16384	COM+ Configuration Catalog Server Utilities
cca.dll	6.2.10240.16384	CCA DirectShow Filter.
cdosys.dll	6.6.10240.16384	Microsoft CDO for Windows Library
cdp.dll	6.2.10240.16384	Microsoft (R) CDP Client API
cemapi.dll	6.2.10240.16384	CEMAPI
certca.dll	6.2.10240.16384	Microsoft� Active Directory Certificate Services CA
certcli.dll	6.2.10240.16384	Microsoft� Active Directory Certificate Services Client
certcredprovider.dll	6.2.10240.16384	Cert Credential Provider
certenc.dll	6.2.10240.16384	Active Directory Certificate Services Encoding
certenroll.dll	6.2.10240.16384	Microsoft� Active Directory Certificate Services Enrollment Client
certenrollui.dll	6.2.10240.16384	X509 Certificate Enrollment UI
certmgr.dll	6.2.10240.16384	Certificates snap-in
certpoleng.dll	6.2.10240.16384	Certificate Policy Engine
cewmdm.dll	12.0.10240.16384	Windows CE WMDM Service Provider
cfgbkend.dll	6.2.10240.16384	Configuration Backend Interface
cfgmgr32.dll	6.2.10240.16384	Configuration Manager DLL
cfmifs.dll	6.2.10240.16384	FmIfs Engine
cfmifsproxy.dll	6.2.10240.16384	Microsoft� FmIfs Proxy Library
chakra.dll	11.0.10240.16431	Microsoft � JScript
chakradiag.dll	11.0.10240.16384	Microsoft � JScript Diagnostics
chartv.dll	6.2.10240.16384	Chart View
chatapis.dll	6.2.10240.16384	DLL for ChatRT
chxreadingstringime.dll	6.2.10240.16384	CHxReadingStringIME
cic.dll	6.2.10240.16384	CIC - MMC controls for Taskpad
cilkrts20_32.dll	2.0.4232.0	Intel� Cilk� Plus Runtime
clb.dll	6.2.10240.16384	Column List Box
clbcatq.dll	2001.12.10941.16384	COM+ Configuration Catalog
clfsw32.dll	6.2.10240.16384	Common Log Marshalling Win32 DLL
cliconfg.dll	6.2.10240.16384	SQL Client Configuration Utility DLL
clipboardserver.dll	6.2.10240.16384	Modern Clipboard API Server
clipc.dll	6.2.10240.16384	Client Licensing Platform Client
clrhost.dll	6.2.10240.16384	In Proc server for managed servers in the Windows Runtime
clusapi.dll	6.2.10240.16384	Cluster API Library
cmcfg32.dll	7.2.10240.16384	Microsoft Connection Manager Configuration Dll
cmdext.dll	6.2.10240.16384	cmd.exe Extension DLL
cmdial32.dll	7.2.10240.16384	Microsoft Connection Manager
cmifw.dll	6.2.10240.16384	Windows Firewall rule configuration plug-in
cmipnpinstall.dll	6.2.10240.16384	PNP plugin installer for CMI
cmlua.dll	7.2.10240.16384	Connection Manager Admin API Helper
cmpbk32.dll	7.2.10240.16384	Microsoft Connection Manager Phonebook
cmstplua.dll	7.2.10240.16384	Connection Manager Admin API Helper for Setup
cmutil.dll	7.2.10240.16384	Microsoft Connection Manager Utility Lib
cngcredui.dll	6.2.10240.16384	Microsoft CNG CredUI Provider
cngprovider.dll	6.2.10240.16384	cngprovider DLL
cnvfat.dll	6.2.10240.16384	FAT File System Conversion Utility DLL
colbact.dll	2001.12.10941.16384	COM+
colorcnv.dll	6.2.10240.16384	Windows Media Color Conversion
colorui.dll	6.2.10240.16384	Microsoft Color Control Panel
combase.dll	6.2.10240.16384	Microsoft COM for Windows
comcat.dll	6.2.10240.16384	Microsoft Component Category Manager Library
comctl32.dll	5.82.10240.16384	User Experience Controls Library
comdlg32.dll	6.2.10240.16405	Common Dialogs DLL
coml2.dll	6.2.10240.16384	Microsoft COM for Windows
common_clang32.dll	4.0.0.0	Intel(R) OpenCL(TM) Runtime
commstypehelperutil_ca.dll	6.2.10240.16384	Comms Type Helper Util
compobj.dll	3.10.0.103	Windows Win16 Application Launcher
comppkgsup.dll	12.0.10240.16384	Component Package Support DLL
compstui.dll	6.2.10240.16384	Common Property Sheet User Interface DLL
comrepl.dll	2001.12.10941.16384	COM+
comres.dll	2001.12.10941.16384	COM+ Resources
comsnap.dll	2001.12.10941.16384	COM+ Explorer MMC Snapin
comsvcs.dll	2001.12.10941.16384	COM+ Services
comuid.dll	2001.12.10941.16384	COM+ Explorer UI
configureexpandedstorage.dll	6.2.10240.16384	ConfigureExpandedStorage
connect.dll	6.2.10240.16384	Get Connected Wizards
connectedaccountstate.dll	6.2.10240.16384	ConnectedAccountState.dll
console.dll	6.2.10240.16384	Control Panel Console Applet
contactactivation.dll	6.2.10240.16384	DLL for ContactActivation
contactapis.dll	6.2.10240.16397	DLL for ContactsRT
coremessaging.dll	6.2.10240.16397	Microsoft CoreMessaging Dll
coremmres.dll	6.2.10240.16384	General Core Multimedia Resources
coreuicomponents.dll
cortana.persona.dll	6.2.10240.16384	Cortana.Persona
cortanamapihelper.dll	6.2.10240.16384	CortanaMapiHelper
cortanamapihelper.proxystub.dll	6.2.10240.16384	CortanaMapiHelper.ProxyStub
cpfilters.dll	6.2.10240.16384	PTFilter & Encypter/Decrypter Tagger Filters.
credentialmigrationhandler.dll	6.2.10240.16384	Credential Migration Handler
credprovdatamodel.dll	6.2.10240.16412	Cred Prov Data Model
credprovhost.dll	6.2.10240.16384	Credential Provider Framework Host
credprovs.dll	6.2.10240.16384	Credential Providers
credssp.dll	6.2.10240.16384	Credential Delegation Security Package
credui.dll	6.2.10240.16384	Credential Manager User Interface
crtdll.dll	4.0.1183.1	Microsoft C Runtime Library
crypt32.dll	6.2.10240.16384	Crypto API32
cryptbase.dll	6.2.10240.16384	Base cryptographic API DLL
cryptdlg.dll	6.2.10240.16384	Microsoft Common Certificate Dialogs
cryptdll.dll	6.2.10240.16384	Cryptography Manager
cryptext.dll	6.2.10240.16384	Crypto Shell Extensions
cryptnet.dll	6.2.10240.16384	Crypto Network Related API
cryptngc.dll	6.2.10240.16384	Microsoft Passport API
cryptowinrt.dll	6.2.10240.16384	Crypto WinRT Library
cryptsp.dll	6.2.10240.16384	Cryptographic Service Provider API
crypttpmeksvc.dll	6.2.10240.16384	Cryptographic TPM Endorsement Key Services
cryptui.dll	6.2.10240.16384	Microsoft Trust UI Provider
cryptuiwizard.dll	6.2.10240.16384	Microsoft Trust UI Provider
cryptxml.dll	6.2.10240.16384	XML DigSig API
cscapi.dll	6.2.10240.16384	Offline Files Win32 API
cscdll.dll	6.2.10240.16384	Offline Files Temporary Shim
ctl3d32.dll	2.31.0.0	Ctl3D 3D Windows Controls
d2d1.dll	6.2.10240.16384	Microsoft D2D Library
d3d10.dll	6.2.10240.16384	Direct3D 10 Runtime
d3d10_1.dll	6.2.10240.16384	Direct3D 10.1 Runtime
d3d10_1core.dll	6.2.10240.16384	Direct3D 10.1 Runtime
d3d10core.dll	6.2.10240.16384	Direct3D 10 Runtime
d3d10level9.dll	6.2.10240.16384	Direct3D 10 to Direct3D9 Translation Runtime
d3d10warp.dll	6.2.10240.16384	Direct3D 10 Rasterizer
d3d11.dll	6.2.10240.16384	Direct3D 11 Runtime
d3d12.dll	6.2.10240.16384	Direct3D 12 Runtime
d3d8.dll	6.2.10240.16384	Microsoft Direct3D
d3d8thk.dll	6.2.10240.16384	Microsoft Direct3D OS Thunk Layer
d3d9.dll	6.2.10240.16412	Direct3D 9 Runtime
d3dcompiler_47.dll	6.2.10240.16384	Direct3D HLSL Compiler
d3dim.dll	6.2.10240.16384	Microsoft Direct3D
d3dim700.dll	6.2.10240.16384	Microsoft Direct3D
d3dramp.dll	6.2.10240.16384	Microsoft Direct3D
d3dxof.dll	6.2.10240.16384	DirectX Files DLL
dabapi.dll	6.2.10240.16384	Desktop Activity Broker API
dafcdp.dll	6.2.10240.16384	DAF CDP Provider
dafprintprovider.dll	6.2.10240.16384	DAF Print Provider DLL
daotpcredentialprovider.dll	6.2.10240.16384	DirectAccess One-Time Password Credential Provider
dataclen.dll	6.2.10240.16384	Disk Space Cleaner for Windows
dataexchange.dll	6.2.10240.16384	Data exchange
davclnt.dll	6.2.10240.16384	Web DAV Client DLL
davhlpr.dll	6.2.10240.16384	DAV Helper DLL
dbgcore.dll	6.2.10240.16384	Windows Core Debugging Helpers
dbgeng.dll	6.2.10240.16384	Windows Symbolic Debugger Engine
dbghelp.dll	6.2.10240.16384	Windows Image Helper
dbgmodel.dll	6.2.10240.16384	Windows Debugger Data Model
dbnetlib.dll	6.2.10240.16384	Winsock Oriented Net DLL for SQL Clients
dbnmpntw.dll	6.2.10240.16384	Named Pipes Net DLL for SQL Clients
dciman32.dll	6.2.10240.16384	DCI Manager
dcomp.dll	6.2.10240.16384	Microsoft DirectComposition Library
ddaclsys.dll	6.2.10240.16384	SysPrep module for Resetting Data Drive ACL
ddoiproxy.dll	6.2.10240.16384	DDOI Interface Proxy
ddores.dll	6.2.10240.16384	Device Category information and resources
ddraw.dll	6.2.10240.16384	Microsoft DirectDraw
ddrawex.dll	6.2.10240.16384	Direct Draw Ex
defaultdevicemanager.dll	6.2.10240.16384	Default Device Manager
defaultprinterprovider.dll	6.2.10240.16384	Microsoft Windows Default Printer Provider
delegatorprovider.dll	6.2.10240.16384	WMI PassThru Provider for Storage Management
deskadp.dll	6.2.10240.16384	Advanced display adapter properties
deskmon.dll	6.2.10240.16384	Advanced display monitor properties
devdispitemprovider.dll	6.2.10240.16384	DeviceItem inproc devquery subsystem
devenum.dll	6.2.10240.16384	Device enumeration.
deviceaccess.dll	6.2.10240.16384	Device Broker And Policy COM Server
deviceassociation.dll	6.2.10240.16384	Device Association Client DLL
devicecenter.dll	6.2.10240.16384	Device Center
devicedisplaystatusmanager.dll	6.2.10240.16384	Device Display Status Manager
devicepairing.dll	6.2.10240.16384	Shell extensions for Device Pairing
devicepairingfolder.dll	6.2.10240.16384	Device Pairing Folder
devicepairingproxy.dll	6.2.10240.16384	Device Pairing Proxy Dll
devicesetupstatusprovider.dll	6.2.10240.16384	Device Setup Status Provider Dll
deviceuxres.dll	6.2.10240.16384	Windows Device User Experience Resource File
devmgr.dll	6.2.10240.16384	Device Manager MMC Snapin
devobj.dll	6.2.10240.16384	Device Information Set DLL
devrtl.dll	6.2.10240.16384	Device Management Run Time Library
dfscli.dll	6.2.10240.16384	Windows NT Distributed File System Client DLL
dfshim.dll	6.2.10240.16384	ClickOnce Application Deployment Support Library
dfsshlex.dll	6.2.10240.16384	Distributed File System shell extension
dhcpcmonitor.dll	6.2.10240.16384	DHCP Client Monitor Dll
dhcpcore.dll	6.2.10240.16384	DHCP Client Service
dhcpcore6.dll	6.2.10240.16384	DHCPv6 Client
dhcpcsvc.dll	6.2.10240.16384	DHCP Client Service
dhcpcsvc6.dll	6.2.10240.16384	DHCPv6 Client
dhcpsapi.dll	6.2.10240.16384	DHCP Server API Stub DLL
dialclient.dll	12.0.10240.16384	DIAL DLL
dictationmanager.dll	6.2.0.1	Dictation Manager
difxapi.dll	2.1.0.0	Driver Install Frameworks for API library module
dimsjob.dll	6.2.10240.16384	DIMS Job DLL
dimsroam.dll	6.2.10240.16384	Key Roaming DIMS Provider DLL
dinput.dll	6.2.10240.16384	Microsoft DirectInput
dinput8.dll	6.2.10240.16384	Microsoft DirectInput
directdb.dll	6.2.10240.16384	Microsoft Direct Database API
directmanipulation.dll	6.2.10240.16431	Microsoft Direct Manipulation Component
dismapi.dll	6.2.10240.16384	DISM API Framework
dispex.dll	5.812.10240.16384	Microsoft � DispEx
display.dll	6.2.10240.16384	Display Control Panel
displaymanager.dll	6.2.10240.16386	DisplayManager
dlnashext.dll	12.0.10240.16384	DLNA Namespace DLL
dmband.dll	6.2.10240.16384	Microsoft DirectMusic Band
dmcmnutils.dll	6.2.10240.16384	dmcmnutils
dmcompos.dll	6.2.10240.16384	Microsoft DirectMusic Composer
dmdlgs.dll	6.2.10240.16384	Disk Management Snap-in Dialogs
dmdskmgr.dll	6.2.10240.16384	Disk Management Snap-in Support Library
dmdskres.dll	6.2.10240.16384	Disk Management Snap-in Resources
dmdskres2.dll	6.2.10240.16384	Disk Management Snap-in Resources
dmime.dll	6.2.10240.16384	Microsoft DirectMusic Interactive Engine
dmintf.dll	6.2.10240.16384	Disk Management DCOM Interface Stub
dmloader.dll	6.2.10240.16384	Microsoft DirectMusic Loader
dmocx.dll	6.2.10240.16384	TreeView OCX
dmscript.dll	6.2.10240.16384	Microsoft DirectMusic Scripting
dmstyle.dll	6.2.10240.16384	Microsoft DirectMusic Style Engline
dmsynth.dll	6.2.10240.16384	Microsoft DirectMusic Software Synthesizer
dmusic.dll	6.2.10240.16384	Microsoft DirectMusic Core Services
dmutil.dll	6.2.10240.16384	Logical Disk Manager Utility Library
dmvdsitf.dll	6.2.10240.16384	Disk Management Snap-in Support Library
dnsapi.dll	6.2.10240.16384	DNS Client API DLL
dnscmmc.dll	6.2.10240.16384	DNS Client MMC Snap-in DLL
docprop.dll	6.2.10240.16384	OLE DocFile Property Page
dolbydecmft.dll	6.2.10240.16384	Media Foundation Dolby Digital Decoders
dot3api.dll	6.2.10240.16384	802.3 Autoconfiguration API
dot3cfg.dll	6.2.10240.16384	802.3 Netsh Helper
dot3dlg.dll	6.2.10240.16384	802.3 UI Helper
dot3gpclnt.dll	6.2.10240.16384	802.3 Group Policy Client
dot3gpui.dll	6.2.10240.16384	802.3 Network Policy Management Snap-in
dot3hc.dll	6.2.10240.16384	Dot3 Helper Class
dot3msm.dll	6.2.10240.16384	802.3 Media Specific Module
dot3ui.dll	6.2.10240.16384	802.3 Advanced UI
dpapi.dll	6.2.10240.16384	Data Protection API
dpapiprovider.dll	6.2.10240.16384	dpapiprovider DLL
dplayx.dll	10.0.10240.16384	DirectPlay Stub
dpmodemx.dll	10.0.10240.16384	DirectPlay Stub
dpnaddr.dll	10.0.10240.16384	DirectPlay Stub
dpnathlp.dll	10.0.10240.16384	DirectPlay Stub
dpnet.dll	10.0.10240.16384	DirectPlay Stub
dpnhpast.dll	10.0.10240.16384	DirectPlay Stub
dpnhupnp.dll	10.0.10240.16384	DirectPlay Stub
dpnlobby.dll	10.0.10240.16384	DirectPlay Stub
dpwsockx.dll	10.0.10240.16384	DirectPlay Stub
dpx.dll	6.2.10240.16384	Microsoft(R) Delta Package Expander
drmmgrtn.dll	11.0.10240.16384	DRM Migration DLL
drmv2clt.dll	11.0.10100.0	DRMv2 Client DLL
drprov.dll	6.2.10240.16384	Microsoft Remote Desktop Session Host Server Network Provider
drt.dll	6.2.10240.16384	Distributed Routing Table
drtprov.dll	6.2.10240.16384	Distributed Routing Table Providers
drttransport.dll	6.2.10240.16384	Distributed Routing Table Transport Provider
drvstore.dll	6.2.10240.16384	Driver Store API
dsauth.dll	6.2.10240.16384	DS Authorization for Services
dsccoreconfprov.dll	6.2.9200.16384	DSC
dsclient.dll	6.2.10240.16384	Data Sharing Service Client DLL
dsdmo.dll	6.2.10240.16384	DirectSound Effects
dskquota.dll	6.2.10240.16384	Windows Shell Disk Quota Support DLL
dskquoui.dll	6.2.10240.16384	Windows Shell Disk Quota UI DLL
dsound.dll	6.2.10240.16384	DirectSound
dsparse.dll	6.2.10240.16384	Active Directory Domain Services API
dsprop.dll	6.2.10240.16384	Windows Active Directory Property Pages
dsquery.dll	6.2.10240.16384	Directory Service Find
dsreg.dll	6.2.10240.16384	AD/AAD User Device Registration
dsrole.dll	6.2.10240.16384	DS Setup Client DLL
dssec.dll	6.2.10240.16384	Directory Service Security UI
dssenh.dll	6.2.10240.16384	Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
dsui.dll	6.2.10240.16384	Device Setup UI Pages
dsuiext.dll	6.2.10240.16384	Directory Service Common UI
dswave.dll	6.2.10240.16384	Microsoft DirectMusic Wave
dtsh.dll	6.2.10240.16384	Detection and Sharing Status API
dui70.dll	6.2.10240.16384	Windows DirectUI Engine
duser.dll	6.2.10240.16384	Windows DirectUser Engine
dwmapi.dll	6.2.10240.16392	Microsoft Desktop Window Manager API
dwmcore.dll	6.2.10240.16431	Microsoft DWM Core Library
dwrite.dll	6.2.10240.16430	Microsoft DirectX Typography Services
dxdiagn.dll	6.2.10240.16384	Microsoft DirectX Diagnostic Tool
dxgi.dll	6.2.10240.16412	DirectX Graphics Infrastructure
dxmasf.dll	12.0.10240.16384	Microsoft Windows Media Component Removal File.
dxptasksync.dll	6.2.10240.16384	Microsoft Windows DXP Sync.
dxtmsft.dll	11.0.10240.16384	DirectX Media -- Image DirectX Transforms
dxtrans.dll	11.0.10240.16384	DirectX Media -- DirectX Transform Core
dxva2.dll	6.2.10240.16384	DirectX Video Acceleration 2.0 DLL
eapp3hst.dll	6.2.10240.16384	Microsoft ThirdPartyEapDispatcher
eappcfg.dll	6.2.10240.16384	Eap Peer Config
eappgnui.dll	6.2.10240.16384	EAP Generic UI
eapphost.dll	6.2.10240.16384	Microsoft EAPHost Peer service
eappprxy.dll	6.2.10240.16384	Microsoft EAPHost Peer Client DLL
eapprovp.dll	6.2.10240.16384	EAP extension DLL
easwrt.dll	6.2.10240.16384	Exchange ActiveSync Windows Runtime DLL
edgehtml.dll	11.0.10240.16431	Microsoft (R) HTML Viewer
editbuffertesthook.dll
edpauditapi.dll	6.2.10240.16384	EDP Audit API
edputil.dll	6.2.10240.16384	EDP util
efsadu.dll	6.2.10240.16384	File Encryption Utility
efscore.dll	6.2.10240.16392	EFS Core Library
efsext.dll
efsutil.dll	6.2.10240.16384	EFS Utility Library
efswrt.dll	6.2.10240.16384	Storage Protection Windows Runtime DLL
ehstorapi.dll	6.2.10240.16384	Windows Enhanced Storage API
ehstorpwdmgr.dll	6.2.10240.16384	Microsoft Enhanced Storage Password Manager
els.dll	6.2.10240.16384	Event Viewer Snapin
elscore.dll	6.2.10240.16384	Els Core Platform DLL
elshyph.dll	6.2.10240.16384	ELS Hyphenation Service
elslad.dll	6.2.10240.16384	ELS Language Detection
elstrans.dll	6.2.10240.16384	ELS Transliteration Service
emailapis.dll	6.2.10240.16384	DLL for EmailRT
embeddedmodesvcapi.dll	6.2.10240.16384	Embedded Mode Service Client DLL
encapi.dll	6.2.10240.16384	Encoder API
encdec.dll	6.2.10240.16384	XDSCodec & Encypter/Decrypter Tagger Filters.
eqossnap.dll	6.2.10240.16384	EQoS Snapin extension
errordetails.dll	6.2.10240.16384	Microsoft Windows operating system.
es.dll	2001.12.10941.16384	COM+
esdsip.dll	6.2.10240.16384	Crypto SIP provider for signing and verifying .esd Electronic Software Distribution files
esent.dll	6.2.10240.16384	Extensible Storage Engine for Microsoft(R) Windows(R)
esentprf.dll	6.2.10240.16384	Extensible Storage Engine Performance Monitoring Library for Microsoft(R) Windows(R)
esevss.dll	6.2.10240.16384	Microsoft(R) ESENT shadow utilities
etwcoreuicomponentsresources.dll	6.2.10240.16384	Microsoft CoreComponents UI ETW manifest Dll
etweseproviderresources.dll	6.2.10240.16384	Microsoft ESE ETW
eventcls.dll	6.2.10240.16384	Microsoft� Volume Shadow Copy Service event class
evr.dll	6.2.10240.16384	Enhanced Video Renderer DLL
execmodelclient.dll	6.2.10240.16384	ExecModelClient
execmodelproxy.dll	6.2.10240.16384	ExecModelProxy
explorerframe.dll	6.2.10240.16405	ExplorerFrame
expsrv.dll	6.0.72.9589	Visual Basic for Applications Runtime - Expression Service
exsmime.dll	6.2.10240.16384	LExsmime
extrasxmlparser.dll	6.2.10240.16384	Extras XML parser used to extract extension information from XML
f3ahvoas.dll	6.2.10240.16384	JP Japanese Keyboard Layout for Fujitsu FMV oyayubi-shift keyboard
familysafetyext.dll	6.2.10240.16384	FamilySafety ChildAccount Extensions
faultrep.dll	6.2.10240.16384	Windows User Mode Crash Reporting DLL
fdbth.dll	6.2.10240.16384	Function Discovery Bluetooth Provider Dll
fdbthproxy.dll	6.2.10240.16384	Bluetooth Provider Proxy Dll
fddevquery.dll	6.2.10240.16384	Microsoft Windows Device Query Helper
fde.dll	6.2.10240.16384	Folder Redirection Snapin Extension
fdeploy.dll	6.2.10240.16384	Folder Redirection Group Policy Extension
fdpnp.dll	6.2.10240.16384	Pnp Provider Dll
fdprint.dll	6.2.10240.16384	Function Discovery Print Provider Dll
fdproxy.dll	6.2.10240.16384	Function Discovery Proxy Dll
fdssdp.dll	6.2.10240.16384	Function Discovery SSDP Provider Dll
fdwcn.dll	6.2.10240.16384	Windows Connect Now - Config Function Discovery Provider DLL
fdwnet.dll	6.2.10240.16384	Function Discovery WNet Provider Dll
fdwsd.dll	6.2.10240.16384	Function Discovery WS Discovery Provider Dll
feclient.dll	6.2.10240.16384	Windows NT File Encryption Client Interfaces
filemgmt.dll	6.2.10240.16384	Services and Shared Folders
findnetprinters.dll	6.2.10240.16384	Find Network Printers COM Component
fingerprintcredential.dll	6.2.10240.16384	WinBio Fingerprint Credential
firewallapi.dll	6.2.10240.16384	Windows Firewall API
firewallcontrolpanel.dll	6.2.10240.16384	Windows Firewall Control Panel
fltlib.dll	6.2.10240.16384	Filter Library
fmifs.dll	6.2.10240.16384	FM IFS Utility DLL
fms.dll	6.2.10240.16384	Font Management Services
fontext.dll	6.2.10240.16384	Windows Font Folder
fontsub.dll	6.2.10240.16384	Font Subsetting DLL
fphc.dll	6.2.10240.16384	Filtering Platform Helper Class
framedyn.dll	6.2.10240.16384	WMI SDK Provider Framework
framedynos.dll	6.2.10240.16384	WMI SDK Provider Framework
frprov.dll	6.2.10240.16384	Folder Redirection WMI Provider
fsutilext.dll	6.2.10240.16384	FS Utility Extension DLL
fundisc.dll	6.2.10240.16384	Function Discovery Dll
fwbase.dll	6.2.10240.16384	Firewall Base DLL
fwcfg.dll	6.2.10240.16384	Windows Firewall Configuration Helper
fwpolicyiomgr.dll	6.2.10240.16412	FwPolicyIoMgr DLL
fwpuclnt.dll	6.2.10240.16384	FWP/IPsec User-Mode API
fwremotesvr.dll	6.2.10240.16384	Windows Firewall Remote APIs Server
fxsapi.dll	6.2.10240.16384	Microsoft Fax API Support DLL
fxscom.dll	6.2.10240.16384	Microsoft Fax Server COM Client Interface
fxscomex.dll	6.2.10240.16384	Microsoft Fax Server Extended COM Client Interface
fxsext32.dll	6.2.10240.16384	Microsoft Fax Exchange Command Extension
fxsresm.dll	6.2.10240.16384	Microsoft Fax Resource DLL
fxsxp32.dll	6.2.10240.16384	Microsoft Fax Transport Provider
gameux.dll	6.2.10240.16384	Games Explorer
gameuxlegacygdfs.dll	1.0.0.1	Legacy GDF resource DLL
gamingtcui.dll	6.2.10240.16384	Windows Gaming Internal CallableUI dll
gcdef.dll	6.2.10240.16384	Game Controllers Default Sheets
gdi32.dll	6.2.10240.16390	GDI Client DLL
gdiplus.dll	6.2.10240.16384	Microsoft GDI+
geocommon.dll	6.2.10240.16384	Geocommon
geolocation.dll	6.2.10240.16384	Geolocation Runtime DLL
geolocatorhelper.dll	6.2.10240.16384	GeoLocatorHelper
getuname.dll	6.2.10240.16384	Unicode name Dll for UCE
glmf32.dll	6.2.10240.16384	OpenGL Metafiling DLL
globcollationhost.dll	6.2.10240.16384	GlobCollationHost
globinputhost.dll	6.2.10240.16384	Windows Globalization Extension API for Input
glu32.dll	6.2.10240.16384	OpenGL Utility Library DLL
gpapi.dll	6.2.10240.16384	Group Policy Client API
gpedit.dll	6.2.10240.16384	GPEdit
gpprnext.dll	6.2.10240.16384	Group Policy Printer Extension
gptext.dll	6.2.10240.16384	GPTExt
hbaapi.dll	6.2.10240.16384	HBA API data interface dll for HBA_API_Rev_2-18_2002MAR1.doc
hcproviders.dll	6.2.10240.16384	Security and Maintenance Providers
helppaneproxy.dll	6.2.10240.16384	Microsoft� Help Proxy
hevcdecoder.dll	6.2.10240.16384	Windows H265 Video Decoder
hgcpl.dll	6.2.10240.16384	HomeGroup Control Panel
hhsetup.dll	6.2.10240.16384	Microsoft� HTML Help
hid.dll	6.2.10240.16384	Hid User Library
hidserv.dll	6.2.10240.16384	Human Interface Device Service
hlink.dll	6.2.10240.16384	Microsoft Office 2000 component
hmkd.dll	6.2.10240.16385	Windows HMAC Key Derivation API
hnetcfg.dll	6.2.10240.16384	Home Networking Configuration Manager
hnetmon.dll	6.2.10240.16384	Home Networking Monitor DLL
hrtfapo.dll
httpapi.dll	6.2.10240.16384	HTTP Protocol Stack API
htui.dll	6.2.10240.16384	Common halftone Color Adjustment Dialogs
ias.dll	6.2.10240.16384	Network Policy Server
iasacct.dll	6.2.10240.16384	NPS Accounting Provider
iasads.dll	6.2.10240.16384	NPS Active Directory Data Store
iasdatastore.dll	6.2.10240.16384	NPS Datastore server
iashlpr.dll	6.2.10240.16384	NPS Surrogate Component
iasmigplugin.dll	6.2.10240.16384	NPS Migration DLL
iasnap.dll	6.2.10240.16384	NPS NAP Provider
iaspolcy.dll	6.2.10240.16384	NPS Pipeline
iasrad.dll	6.2.10240.16384	NPS RADIUS Protocol Component
iasrecst.dll	6.2.10240.16384	NPS XML Datastore Access
iassam.dll	6.2.10240.16384	NPS NT SAM Provider
iassdo.dll	6.2.10240.16384	NPS SDO Component
iassvcs.dll	6.2.10240.16384	NPS Services Component
iccvid.dll	1.10.0.12	Cinepak� Codec
icm32.dll	6.2.10240.16384	Microsoft Color Management Module (CMM)
icmp.dll	6.2.10240.16384	ICMP DLL
icmui.dll	6.2.10240.16384	Microsoft Color Matching System User Interface DLL
iconcodecservice.dll	6.2.10240.16384	Converts a PNG part of the icon to a legacy bmp icon
icsigd.dll	6.2.10240.16384	Internet Gateway Device properties
idctrls.dll	6.2.10240.16384	Identity Controls
idndl.dll	6.2.10240.16384	Downlevel DLL
idstore.dll	6.2.10240.16384	Identity Store
ieadvpack.dll	11.0.10240.16384	ADVPACK
ieapfltr.dll	11.0.10240.16384	Microsoft SmartScreen Filter
iedkcs32.dll	18.0.10240.16384	IEAK branding
ieetwproxystub.dll	11.0.10240.16384	IE ETW Collector Proxy Stub Resources
ieframe.dll	11.0.10240.16425	Internet Browser
iepeers.dll	11.0.10240.16384	Internet Explorer Peer Objects
ieproxy.dll	11.0.10240.16386	IE ActiveX Interface Marshaling Library
iernonce.dll	11.0.10240.16384	Extended RunOnce processing with UI
iertutil.dll	11.0.10240.16431	Run time utility for Internet Explorer
iesetup.dll	11.0.10240.16384	IOD Version Map
iesysprep.dll	11.0.10240.16384	IE Sysprep Provider
ieui.dll	11.0.10240.16384	Internet Explorer UI Engine
ifmon.dll	6.2.10240.16384	IF Monitor DLL
ifsutil.dll	6.2.10240.16384	IFS Utility DLL
ifsutilx.dll	6.2.10240.16384	IFS Utility Extension DLL
ig8icd32.dll	10.18.15.4256	OpenGL(R) Driver for Intel(R) Graphics Accelerator
igc32.dll	10.18.15.4256	Intel Graphics Shader Compiler for Intel(R) Graphics Accelerator
igd10idpp32.dll	10.18.15.4256	User Mode DPP Driver for Intel(R) Graphics Technology
igd10iumd32.dll	10.18.15.4256	User Mode Driver for Intel(R) Graphics Technology
igd11dxva32.dll	10.18.15.4256	User Mode Driver for Intel(R) Graphics Technology
igd12umd32.dll	10.18.15.4256	User Mode Driver for Intel(R) Graphics Technology
igdail32.dll	10.18.15.4256	Application Settings for Intel(R) Graphics Technology
igdbcl32.dll	10.18.15.4256	OpenCL User Mode Driver for Intel(R) Graphics Technology
igdde32.dll	10.18.15.4256	User Mode Driver for Intel(R) Graphics Technology
igdfcl32.dll	10.18.15.4256	OpenCL User Mode Driver for Intel(R) Graphics Technology
igdmcl32.dll	10.18.15.4256	OpenCL User Mode Driver for Intel(R) Graphics Technology
igdmd32.dll	10.18.15.4256	Metrics Discovery API for Intel(R) Graphics Accelerator
igdrcl32.dll	10.18.15.4256	OpenCL User Mode Driver for Intel(R) Graphics Technology
igdumdim32.dll	10.18.15.4256	User Mode Driver for Intel(R) Graphics Technology
igdusc32.dll	10.18.15.4256	Unified Shader Compiler for Intel(R) Graphics Accelerator
igfx11cmrt32.dll	5.0.0.1084	MDF(CM) Runtime DX11 Dynamic Link Library
igfxcmjit32.dll	5.0.0.1084	MDF(CM) JIT Dynamic Link Library
igfxcmrt32.dll	5.0.0.1084	MDF(CM) Runtime Dynamic Link Library
igfxexps32.dll	6.15.10.4256	igfxext Module
iglhcp32.dll	3.0.1.26	iglhcp32 Dynamic Link Library
iglhsip32.dll	9.0.30.9000	iglhsip32 Dynamic Link Library
imagehlp.dll	6.2.10240.16384	Windows NT Image Helper
imageres.dll	6.2.10240.16384	Windows Image Resource
imagesp1.dll	6.2.10240.16384	Windows SP1 Image Resource
imapi.dll	6.2.10240.16384	Image Mastering API
imapi2.dll	6.2.10240.16384	Image Mastering API v2
imapi2fs.dll	6.2.10240.16384	Image Mastering File System Imaging API v2
imgutil.dll	11.0.10240.16384	IE plugin image decoder support DLL
imm32.dll	6.2.10240.16384	Multi-User Windows IMM32 API Client DLL
inetcomm.dll	6.2.10240.16384	Microsoft Internet Messaging API Resources
inetmib1.dll	6.2.10240.16384	Microsoft MIB-II subagent
inetres.dll	6.2.10240.16384	Microsoft Internet Messaging API Resources
inkanalysis.dll	6.2.10240.16384	InkAnalysis DLL
inked.dll	6.2.10240.16384	Microsoft Tablet PC InkEdit Control
inkobjcore.dll	6.2.10240.16384	Microsoft Tablet PC Ink Platform Component
input.dll	6.2.10240.16384	InputSetting DLL
inputinjectionbroker.dll	6.2.10240.16384	Broker for WinRT input injection.
inputlocalemanager.dll
inputservice.dll
inputswitch.dll	6.2.10240.16384	Microsoft Windows Input Switcher
inseng.dll	11.0.10240.16384	Install engine
intel_opencl_icd32.dll	2.0.2.0	OpenCL Client DLL
intelcameraplugin.dll	1.0.0.1	Intel(R) Camera MFT
intelopencl32.dll	10.18.15.4256	Intel(R) OpenCL(TM) Common Runtime Driver
intelsocyuvcopy.dll	1.0.0.1	Intel(R) SoC YUV Copy Filter
iologmsg.dll	6.2.10240.16384	IO Logging DLL
iotassignedaccesslockframework.dll	6.2.10240.16384	Windows Runtime Assigned Access Management DLL
ipeloggingdictationhelper.dll	1.0.0.1	IPE Logging Library Helper
iphlpapi.dll	6.2.10240.16384	IP Helper API
iprop.dll	6.2.10240.16384	OLE PropertySet Implementation
iprtprio.dll	6.2.10240.16384	IP Routing Protocol Priority DLL
iprtrmgr.dll	6.2.10240.16384	IP Router Manager
ipsecsnp.dll	6.2.10240.16384	IP Security Policy Management Snap-in
ipsmsnap.dll	6.2.10240.16384	IP Security Monitor Snap-in
ir32_32.dll	6.2.10240.16384	IR32_32 WRAPPER DLL
ir32_32original.dll	3.24.15.3	Intel Indeo(R) Video R3.2 32-bit Driver
ir41_32original.dll	4.51.16.3	Intel Indeo� Video 4.5
ir41_qc.dll	6.2.10240.16384	IR41_QC WRAPPER DLL
ir41_qcoriginal.dll	4.30.62.2	Intel Indeo� Video Interactive Quick Compressor
ir41_qcx.dll	6.2.10240.16384	IR41_QCX WRAPPER DLL
ir41_qcxoriginal.dll	4.30.64.1	Intel Indeo� Video Interactive Quick Compressor
ir50_32.dll	6.2.10240.16384	IR50_32 WRAPPER DLL
ir50_32original.dll	5.2562.15.55	Intel Indeo� video 5.10
ir50_qc.dll	6.2.10240.16384	IR50_QC WRAPPER DLL
ir50_qcoriginal.dll	5.0.63.48	Intel Indeo� video 5.10 Quick Compressor
ir50_qcx.dll	6.2.10240.16384	IR50_QCX WRAPPER DLL
ir50_qcxoriginal.dll	5.0.64.48	Intel Indeo� video 5.10 Quick Compressor
irclass.dll	6.2.10240.16384	Infrared Class Coinstaller
iscsicpl.dll	5.2.3790.1830	iSCSI Initiator Control Panel Applet
iscsidsc.dll	6.2.10240.16384	iSCSI Discovery api
iscsied.dll	6.2.10240.16384	iSCSI Extension DLL
iscsium.dll	6.2.10240.16384	iSCSI Discovery api
iscsiwmi.dll	6.2.10240.16384	MS iSCSI Initiator WMI Provider
iscsiwmiv2.dll	6.2.10240.16384	WMI Provider for iSCSI
itircl.dll	6.2.10240.16384	Microsoft� InfoTech IR Local DLL
itss.dll	6.2.10240.16384	Microsoft� InfoTech Storage System Library
iuseventlog.dll	1.42.17.0	Intel(R) TCS Event Log messages definitions
iyuv_32.dll	6.2.10240.16384	Intel Indeo(R) Video YUV Codec
javascriptcollectionagent.dll	11.0.10240.16384	JavaScript Performance Collection Agent
joinproviderol.dll	6.2.10240.16384	Online Join Provider DLL
joinutil.dll	6.2.10240.16384	Join Utility DLL
jpmapcontrol.dll	6.2.10240.16384	Jupiter Map Control
jscript.dll	5.812.10240.16384	Microsoft � JScript
jscript9.dll	11.0.10240.16386	Microsoft � JScript
jscript9diag.dll	11.0.10240.16384	Microsoft � JScript Diagnostics
jsproxy.dll	11.0.10240.16384	JScript Proxy Auto-Configuration
kbd101.dll	6.2.10240.16384	JP Japanese Keyboard Layout for 101
kbd101a.dll	6.2.10240.16384	KO Hangeul Keyboard Layout for 101 (Type A)
kbd101b.dll	6.2.10240.16384	KO Hangeul Keyboard Layout for 101(Type B)
kbd101c.dll	6.2.10240.16384	KO Hangeul Keyboard Layout for 101(Type C)
kbd103.dll	6.2.10240.16384	KO Hangeul Keyboard Layout for 103
kbd106.dll	6.2.10240.16384	JP Japanese Keyboard Layout for 106
kbd106n.dll	6.2.10240.16384	JP Japanese Keyboard Layout for 106
kbda1.dll	6.2.10240.16384	Arabic_English_101 Keyboard Layout
kbda2.dll	6.2.10240.16384	Arabic_2 Keyboard Layout
kbda3.dll	6.2.10240.16384	Arabic_French_102 Keyboard Layout
kbdal.dll	6.2.10240.16384	Albania Keyboard Layout
kbdarme.dll	6.2.10240.16384	Eastern Armenian Keyboard Layout
kbdarmph.dll	6.2.10240.16384	Armenian Phonetic Keyboard Layout
kbdarmty.dll	6.2.10240.16384	Armenian Typewriter Keyboard Layout
kbdarmw.dll	6.2.10240.16384	Western Armenian Keyboard Layout
kbdax2.dll	6.2.10240.16384	JP Japanese Keyboard Layout for AX2
kbdaze.dll	6.2.10240.16384	Azerbaijan_Cyrillic Keyboard Layout
kbdazel.dll	6.2.10240.16384	Azeri-Latin Keyboard Layout
kbdazst.dll	6.2.10240.16384	Azerbaijani (Standard) Keyboard Layout
kbdbash.dll	6.2.10240.16384	Bashkir Keyboard Layout
kbdbe.dll	6.2.10240.16384	Belgian Keyboard Layout
kbdbene.dll	6.2.10240.16384	Belgian Dutch Keyboard Layout
kbdbgph.dll	6.2.10240.16384	Bulgarian Phonetic Keyboard Layout
kbdbgph1.dll	6.2.10240.16384	Bulgarian (Phonetic Traditional) Keyboard Layout
kbdbhc.dll	6.2.10240.16384	Bosnian (Cyrillic) Keyboard Layout
kbdblr.dll	6.2.10240.16384	Belarusian Keyboard Layout
kbdbr.dll	6.2.10240.16384	Brazilian Keyboard Layout
kbdbu.dll	6.2.10240.16384	Bulgarian (Typewriter) Keyboard Layout
kbdbug.dll	6.2.10240.16384	Buginese Keyboard Layout
kbdbulg.dll	6.2.10240.16384	Bulgarian Keyboard Layout
kbdca.dll	6.2.10240.16384	Canadian Multilingual Keyboard Layout
kbdcan.dll	6.2.10240.16384	Canadian Multilingual Standard Keyboard Layout
kbdcher.dll	6.2.10240.16384	Cherokee Nation Keyboard Layout
kbdcherp.dll	6.2.10240.16384	Cherokee Phonetic Keyboard Layout
kbdcr.dll	6.2.10240.16384	Croatian/Slovenian Keyboard Layout
kbdcz.dll	6.2.10240.16384	Czech Keyboard Layout
kbdcz1.dll	6.2.10240.16384	Czech_101 Keyboard Layout
kbdcz2.dll	6.2.10240.16384	Czech_Programmer's Keyboard Layout
kbdda.dll	6.2.10240.16384	Danish Keyboard Layout
kbddiv1.dll	6.2.10240.16384	Divehi Phonetic Keyboard Layout
kbddiv2.dll	6.2.10240.16384	Divehi Typewriter Keyboard Layout
kbddv.dll	6.2.10240.16384	Dvorak US English Keyboard Layout
kbddzo.dll	6.2.10240.16384	Dzongkha Keyboard Layout
kbdes.dll	6.2.10240.16384	Spanish Alernate Keyboard Layout
kbdest.dll	6.2.10240.16384	Estonia Keyboard Layout
kbdfa.dll	6.2.10240.16384	Persian Keyboard Layout
kbdfar.dll	6.2.10240.16384	Persian Standard Keyboard Layout
kbdfc.dll	6.2.10240.16384	Canadian French Keyboard Layout
kbdfi.dll	6.2.10240.16384	Finnish Keyboard Layout
kbdfi1.dll	6.2.10240.16384	Finnish-Swedish with Sami Keyboard Layout
kbdfo.dll	6.2.10240.16384	F�roese Keyboard Layout
kbdfr.dll	6.2.10240.16384	French Keyboard Layout
kbdfthrk.dll	6.2.10240.16384	Futhark Keyboard Layout
kbdgae.dll	6.2.10240.16384	Scottish Gaelic (United Kingdom) Keyboard Layout
kbdgeo.dll	6.2.10240.16384	Georgian Keyboard Layout
kbdgeoer.dll	6.2.10240.16384	Georgian (Ergonomic) Keyboard Layout
kbdgeome.dll	6.2.10240.16384	Georgian (MES) Keyboard Layout
kbdgeooa.dll	6.2.10240.16384	Georgian (Old Alphabets) Keyboard Layout
kbdgeoqw.dll	6.2.10240.16384	Georgian (QWERTY) Keyboard Layout
kbdgkl.dll	6.2.10240.16384	Greek_Latin Keyboard Layout
kbdgn.dll	6.2.10240.16384	Guarani Keyboard Layout
kbdgr.dll	6.2.10240.16384	German Keyboard Layout
kbdgr1.dll	6.2.10240.16384	German_IBM Keyboard Layout
kbdgrlnd.dll	6.2.10240.16384	Greenlandic Keyboard Layout
kbdgthc.dll	6.2.10240.16384	Gothic Keyboard Layout
kbdhau.dll	6.2.10240.16384	Hausa Keyboard Layout
kbdhaw.dll	6.2.10240.16384	Hawaiian Keyboard Layout
kbdhe.dll	6.2.10240.16384	Greek Keyboard Layout
kbdhe220.dll	6.2.10240.16384	Greek IBM 220 Keyboard Layout
kbdhe319.dll	6.2.10240.16384	Greek IBM 319 Keyboard Layout
kbdheb.dll	6.2.10240.16384	KBDHEB Keyboard Layout
kbdhebl3.dll	6.2.10240.16384	Hebrew Standard Keyboard Layout
kbdhela2.dll	6.2.10240.16384	Greek IBM 220 Latin Keyboard Layout
kbdhela3.dll	6.2.10240.16384	Greek IBM 319 Latin Keyboard Layout
kbdhept.dll	6.2.10240.16384	Greek_Polytonic Keyboard Layout
kbdhu.dll	6.2.10240.16384	Hungarian Keyboard Layout
kbdhu1.dll	6.2.10240.16384	Hungarian 101-key Keyboard Layout
kbdibm02.dll	6.2.10240.16384	JP Japanese Keyboard Layout for IBM 5576-002/003
kbdibo.dll	6.2.10240.16384	Igbo Keyboard Layout
kbdic.dll	6.2.10240.16384	Icelandic Keyboard Layout
kbdinasa.dll	6.2.10240.16384	Assamese (Inscript) Keyboard Layout
kbdinbe1.dll	6.2.10240.16384	Bengali - Inscript (Legacy) Keyboard Layout
kbdinbe2.dll	6.2.10240.16384	Bengali (Inscript) Keyboard Layout
kbdinben.dll	6.2.10240.16384	Bengali Keyboard Layout
kbdindev.dll	6.2.10240.16384	Devanagari Keyboard Layout
kbdinen.dll	6.2.10240.16384	English (India) Keyboard Layout
kbdinguj.dll	6.2.10240.16384	Gujarati Keyboard Layout
kbdinhin.dll	6.2.10240.16384	Hindi Keyboard Layout
kbdinkan.dll	6.2.10240.16384	Kannada Keyboard Layout
kbdinmal.dll	6.2.10240.16384	Malayalam Keyboard Layout Keyboard Layout
kbdinmar.dll	6.2.10240.16384	Marathi Keyboard Layout
kbdinori.dll	6.2.10240.16384	Odia Keyboard Layout
kbdinpun.dll	6.2.10240.16384	Punjabi/Gurmukhi Keyboard Layout
kbdintam.dll	6.2.10240.16384	Tamil Keyboard Layout
kbdintel.dll	6.2.10240.16384	Telugu Keyboard Layout
kbdinuk2.dll	6.2.10240.16384	Inuktitut Naqittaut Keyboard Layout
kbdir.dll	6.2.10240.16384	Irish Keyboard Layout
kbdit.dll	6.2.10240.16384	Italian Keyboard Layout
kbdit142.dll	6.2.10240.16384	Italian 142 Keyboard Layout
kbdiulat.dll	6.2.10240.16384	Inuktitut Latin Keyboard Layout
kbdjav.dll	6.2.10240.16384	Javanese Keyboard Layout
kbdjpn.dll	6.2.10240.16384	JP Japanese Keyboard Layout Stub driver
kbdkaz.dll	6.2.10240.16384	Kazak_Cyrillic Keyboard Layout
kbdkhmr.dll	6.2.10240.16384	Cambodian Standard Keyboard Layout
kbdkni.dll	6.2.10240.16384	Khmer (NIDA) Keyboard Layout
kbdkor.dll	6.2.10240.16384	KO Hangeul Keyboard Layout Stub driver
kbdkurd.dll	6.2.10240.16384	Central Kurdish Keyboard Layout
kbdkyr.dll	6.2.10240.16384	Kyrgyz Keyboard Layout
kbdla.dll	6.2.10240.16384	Latin-American Spanish Keyboard Layout
kbdlao.dll	6.2.10240.16384	Lao Standard Keyboard Layout
kbdlisub.dll	6.2.10240.16384	Lisu Basic Keyboard Layout
kbdlisus.dll	6.2.10240.16384	Lisu Standard Keyboard Layout
kbdlk41a.dll	6.2.10240.16384	DEC LK411-AJ Keyboard Layout
kbdlt.dll	6.2.10240.16384	Lithuania Keyboard Layout
kbdlt1.dll	6.2.10240.16384	Lithuanian Keyboard Layout
kbdlt2.dll	6.2.10240.16384	Lithuanian Standard Keyboard Layout
kbdlv.dll	6.2.10240.16384	Latvia Keyboard Layout
kbdlv1.dll	6.2.10240.16384	Latvia-QWERTY Keyboard Layout
kbdlvst.dll	6.2.10240.16384	Latvian (Standard) Keyboard Layout
kbdmac.dll	6.2.10240.16384	Macedonian (FYROM) Keyboard Layout
kbdmacst.dll	6.2.10240.16384	Macedonian (FYROM) - Standard Keyboard Layout
kbdmaori.dll	6.2.10240.16384	Maori Keyboard Layout
kbdmlt47.dll	6.2.10240.16384	Maltese 47-key Keyboard Layout
kbdmlt48.dll	6.2.10240.16384	Maltese 48-key Keyboard Layout
kbdmon.dll	6.2.10240.16384	Mongolian Keyboard Layout
kbdmonmo.dll	6.2.10240.16384	Mongolian (Mongolian Script) Keyboard Layout
kbdmonst.dll	6.2.10240.16384	Traditional Mongolian (Standard) Keyboard Layout
kbdmyan.dll	6.2.10240.16384	Myanmar Keyboard Layout
kbdne.dll	6.2.10240.16384	Dutch Keyboard Layout
kbdnec.dll	6.2.10240.16384	JP Japanese Keyboard Layout for (NEC PC-9800)
kbdnec95.dll	6.2.10240.16384	JP Japanese Keyboard Layout for (NEC PC-9800 Windows 95)
kbdnecat.dll	6.2.10240.16384	JP Japanese Keyboard Layout for (NEC PC-9800 on PC98-NX)
kbdnecnt.dll	6.2.10240.16384	JP Japanese NEC PC-9800 Keyboard Layout
kbdnepr.dll	6.2.10240.16384	Nepali Keyboard Layout
kbdnko.dll	6.2.10240.16384	N'Ko Keyboard Layout
kbdno.dll	6.2.10240.16384	Norwegian Keyboard Layout
kbdno1.dll	6.2.10240.16384	Norwegian with Sami Keyboard Layout
kbdnso.dll	6.2.10240.16384	Sesotho sa Leboa Keyboard Layout
kbdntl.dll	6.2.10240.16384	New Tai Leu Keyboard Layout
kbdogham.dll	6.2.10240.16384	Ogham Keyboard Layout
kbdolch.dll	6.2.10240.16384	Ol Chiki Keyboard Layout
kbdoldit.dll	6.2.10240.16384	Old Italic Keyboard Layout
kbdosm.dll	6.2.10240.16384	Osmanya Keyboard Layout
kbdpash.dll	6.2.10240.16384	Pashto (Afghanistan) Keyboard Layout
kbdphags.dll	6.2.10240.16384	Phags-pa Keyboard Layout
kbdpl.dll	6.2.10240.16384	Polish Keyboard Layout
kbdpl1.dll	6.2.10240.16384	Polish Programmer's Keyboard Layout
kbdpo.dll	6.2.10240.16384	Portuguese Keyboard Layout
kbdro.dll	6.2.10240.16384	Romanian (Legacy) Keyboard Layout
kbdropr.dll	6.2.10240.16384	Romanian (Programmers) Keyboard Layout
kbdrost.dll	6.2.10240.16384	Romanian (Standard) Keyboard Layout
kbdru.dll	6.2.10240.16384	Russian Keyboard Layout
kbdru1.dll	6.2.10240.16384	Russia(Typewriter) Keyboard Layout
kbdrum.dll	6.2.10240.16384	Russian - Mnemonic Keyboard Layout
kbdsf.dll	6.2.10240.16384	Swiss French Keyboard Layout
kbdsg.dll	6.2.10240.16384	Swiss German Keyboard Layout
kbdsl.dll	6.2.10240.16384	Slovak Keyboard Layout
kbdsl1.dll	6.2.10240.16384	Slovak(QWERTY) Keyboard Layout
kbdsmsfi.dll	6.2.10240.16384	Sami Extended Finland-Sweden Keyboard Layout
kbdsmsno.dll	6.2.10240.16384	Sami Extended Norway Keyboard Layout
kbdsn1.dll	6.2.10240.16384	Sinhala Keyboard Layout
kbdsora.dll	6.2.10240.16384	Sora Keyboard Layout
kbdsorex.dll	6.2.10240.16384	Sorbian Extended Keyboard Layout
kbdsors1.dll	6.2.10240.16384	Sorbian Standard Keyboard Layout
kbdsorst.dll	6.2.10240.16384	Sorbian Standard (Legacy) Keyboard Layout
kbdsp.dll	6.2.10240.16384	Spanish Keyboard Layout
kbdsw.dll	6.2.10240.16384	Swedish Keyboard Layout
kbdsw09.dll	6.2.10240.16384	Sinhala - Wij 9 Keyboard Layout
kbdsyr1.dll	6.2.10240.16384	Syriac Standard Keyboard Layout
kbdsyr2.dll	6.2.10240.16384	Syriac Phoenetic Keyboard Layout
kbdtaile.dll	6.2.10240.16384	Tai Le Keyboard Layout
kbdtajik.dll	6.2.10240.16384	Tajik Keyboard Layout
kbdtat.dll	6.2.10240.16384	Tatar (Legacy) Keyboard Layout
kbdth0.dll	6.2.10240.16384	Thai Kedmanee Keyboard Layout
kbdth1.dll	6.2.10240.16384	Thai Pattachote Keyboard Layout
kbdth2.dll	6.2.10240.16384	Thai Kedmanee (non-ShiftLock) Keyboard Layout
kbdth3.dll	6.2.10240.16384	Thai Pattachote (non-ShiftLock) Keyboard Layout
kbdtifi.dll	6.2.10240.16384	Tifinagh (Basic) Keyboard Layout
kbdtifi2.dll	6.2.10240.16384	Tifinagh (Extended) Keyboard Layout
kbdtiprc.dll	6.2.10240.16384	Tibetan (PRC) Keyboard Layout
kbdtiprd.dll	6.2.10240.16384	Tibetan (PRC) - Updated Keyboard Layout
kbdtt102.dll	6.2.10240.16384	Tatar Keyboard Layout
kbdtuf.dll	6.2.10240.16384	Turkish F Keyboard Layout
kbdtuq.dll	6.2.10240.16384	Turkish Q Keyboard Layout
kbdturme.dll	6.2.10240.16384	Turkmen Keyboard Layout
kbdtzm.dll	6.2.10240.16384	Central Atlas Tamazight Keyboard Layout
kbdughr.dll	6.2.10240.16384	Uyghur (Legacy) Keyboard Layout
kbdughr1.dll	6.2.10240.16384	Uyghur Keyboard Layout
kbduk.dll	6.2.10240.16384	United Kingdom Keyboard Layout
kbdukx.dll	6.2.10240.16384	United Kingdom Extended Keyboard Layout
kbdur.dll	6.2.10240.16384	Ukrainian Keyboard Layout
kbdur1.dll	6.2.10240.16384	Ukrainian (Enhanced) Keyboard Layout
kbdurdu.dll	6.2.10240.16384	Urdu Keyboard Layout
kbdus.dll	6.2.10240.16384	United States Keyboard Layout
kbdusa.dll	6.2.10240.16384	US IBM Arabic 238_L Keyboard Layout
kbdusl.dll	6.2.10240.16384	Dvorak Left-Hand US English Keyboard Layout
kbdusr.dll	6.2.10240.16384	Dvorak Right-Hand US English Keyboard Layout
kbdusx.dll	6.2.10240.16384	US Multinational Keyboard Layout
kbduzb.dll	6.2.10240.16384	Uzbek_Cyrillic Keyboard Layout
kbdvntc.dll	6.2.10240.16384	Vietnamese Keyboard Layout
kbdwol.dll	6.2.10240.16384	Wolof Keyboard Layout
kbdyak.dll	6.2.10240.16384	Sakha - Russia Keyboard Layout
kbdyba.dll	6.2.10240.16384	Yoruba Keyboard Layout
kbdycc.dll	6.2.10240.16384	Serbian (Cyrillic) Keyboard Layout
kbdycl.dll	6.2.10240.16384	Serbian (Latin) Keyboard Layout
kerbclientshared.dll	6.2.10240.16384	Kerberos Client Shared Functionality
kerberos.dll	6.2.10240.16384	Kerberos Security Package
kernel.appcore.dll	6.2.10240.16384	AppModel API Host
kernel32.dll	6.2.10240.16384	Windows NT BASE API Client DLL
kernelbase.dll	6.2.10240.16384	Windows NT BASE API Client DLL
keyiso.dll	6.2.10240.16384	CNG Key Isolation Service
keymgr.dll	6.2.10240.16384	Stored User Names and Passwords
ksuser.dll	6.2.10240.16384	User CSA Library
ktmw32.dll	6.2.10240.16384	Windows KTM Win32 Client DLL
l2gpstore.dll	6.2.10240.16384	Policy Storage dll
l2nacp.dll	6.2.10240.16384	Windows Onex Credential Provider
l2sechc.dll	6.2.10240.16384	Layer 2 Security Diagnostics Helper Classes
laprxy.dll	12.0.10240.16384	Windows Media Logagent Proxy
lfsvc.dll	6.2.10240.16384	Geolocation Service
libia_cp.dll
licensemanager.dll	6.2.10240.16412	LicenseManager
licmgr10.dll	11.0.10240.16384	Microsoft� License Manager DLL
linkinfo.dll	6.2.10240.16384	Windows Volume Tracking
loadperf.dll	6.2.10240.16384	Load & Unload Performance Counters
localsec.dll	6.2.10240.16384	Local Users and Groups MMC Snapin
locationapi.dll	6.2.10240.16384	Microsoft Windows Location API
locationframework.dll	6.2.10240.16384	Windows Geolocation Framework
locationframeworkinternalps.dll	6.2.10240.16384	Windows Geolocation Framework Internal PS
locationframeworkps.dll	6.2.10240.16384	Windows Geolocation Framework PS
lockappbroker.dll	6.2.10240.16425	Windows Lock App Broker DLL
loghours.dll	6.2.10240.16384	Schedule Dialog
logoncli.dll	6.2.10240.16384	Net Logon Client DLL
logoncontroller.dll	6.2.10240.16425	Logon UX Controller
lpk.dll	6.2.10240.16384	Language Pack
lsmproxy.dll	6.2.10240.16384	LSM interfaces proxy Dll
luainstall.dll	6.2.10240.16384	Lua manifest install
lz32.dll	6.2.10240.16384	LZ Expand/Compress API DLL
magnification.dll	6.2.10240.16384	Microsoft Magnification API
mapconfiguration.dll	6.2.10240.16392	MapConfiguration
mapcontrolcore.dll	6.2.10240.16384	Map Control Core
mapcontrolstringsres.dll	6.2.10240.16384	Map control resource strings
mapi32.dll	1.0.2536.0	Extended MAPI 1.0 for Windows NT
mapistub.dll	1.0.2536.0	Extended MAPI 1.0 for Windows NT
mapsbtsvc.dll	6.2.10240.16384	Maps Background Transfer Service
mbaeapi.dll	6.2.10240.16431	Mobile Broadband Account Experience API
mbaeapipublic.dll	6.2.10240.16431	Mobile Broadband Account API
mbsmsapi.dll	6.2.10240.16384	Microsoft Windows Mobile Broadband SMS API
mbussdapi.dll	6.2.10240.16384	Microsoft Windows Mobile Broadband USSD API
mcewmdrmndbootstrap.dll	1.3.2310.10	Windows� Media Center WMDRM-ND Receiver Bridge Bootstrap DLL
mciavi32.dll	6.2.10240.16384	Video For Windows MCI driver
mcicda.dll	6.2.10240.16384	MCI driver for cdaudio devices
mciqtz32.dll	6.2.10240.16384	DirectShow MCI Driver
mciseq.dll	6.2.10240.16384	MCI driver for MIDI sequencer
mciwave.dll	6.2.10240.16384	MCI driver for waveform audio
mcrecvsrc.dll	12.0.10240.16385	Miracast Media Foundation Source DLL
mdminst.dll	6.2.10240.16384	Modem Class Installer
mdmregistration.dll	6.2.10240.16384	MDM Registration DLL
messagingdatamodel2.dll	6.2.10240.16394	MessagingDataModel2
mf.dll	12.0.10240.16384	Media Foundation DLL
mf3216.dll	6.2.10240.16384	32-bit to 16-bit Metafile Conversion DLL
mfaacenc.dll	6.2.10240.16384	Media Foundation AAC Encoder
mfasfsrcsnk.dll	12.0.10240.16384	Media Foundation ASF Source and Sink DLL
mfc100.dll	10.0.40219.1	MFCDLL Shared Library - Retail Version
mfc100u.dll	10.0.40219.1	MFCDLL Shared Library - Retail Version
mfc40.dll	4.1.0.6140	MFCDLL Shared Library - Retail Version
mfc40u.dll	4.1.0.6140	MFCDLL Shared Library - Retail Version
mfc42.dll	6.6.8063.0	MFCDLL Shared Library - Retail Version
mfc42u.dll	6.6.8063.0	MFCDLL Shared Library - Retail Version
mfcaptureengine.dll	12.0.10240.16384	Media Foundation CaptureEngine DLL
mfcm100.dll	10.0.40219.1	MFC Managed Library - Retail Version
mfcm100u.dll	10.0.40219.1	MFC Managed Library - Retail Version
mfcore.dll	12.0.10240.16431	Media Foundation Core DLL
mfcsubs.dll	2001.12.10941.16384	COM+
mfds.dll	12.0.10240.16384	Media Foundation Direct Show wrapper DLL
mfdvdec.dll	6.2.10240.16384	Media Foundation DV Decoder
mferror.dll	12.0.10240.16384	Media Foundation Error DLL
mfh263enc.dll	6.2.10240.16384	Media Foundation h263 Encoder
mfh264enc.dll	6.2.10240.16384	Media Foundation H264 Encoder
mfh265enc.dll	6.2.10240.16384	Media Foundation H265 Encoder
mfmediaengine.dll	6.2.10240.16431	Media Foundation Media Engine DLL
mfmjpegdec.dll	6.2.10240.16384	Media Foundation MJPEG Decoder
mfmkvsrcsnk.dll	6.2.10240.16412	Media Foundation MKV Media Source and Sink DLL
mfmp4srcsnk.dll	12.0.10240.16412	Media Foundation MPEG4 Source and Sink DLL
mfmpeg2srcsnk.dll	12.0.10240.16412	Media Foundation MPEG2 Source and Sink DLL
mfnetcore.dll	12.0.10240.16384	Media Foundation Net Core DLL
mfnetsrc.dll	12.0.10240.16384	Media Foundation Net Source DLL
mfperfhelper.dll	12.0.10240.16384	MFPerf DLL
mfplat.dll	12.0.10240.16431	Media Foundation Platform DLL
mfplay.dll	12.0.10240.16412	Media Foundation Playback API DLL
mfps.dll	12.0.10240.16384	Media Foundation Proxy DLL
mfreadwrite.dll	12.0.10240.16384	Media Foundation ReadWrite DLL
mfsrcsnk.dll	12.0.10240.16412	Media Foundation Source and Sink DLL
mfsvr.dll	6.2.10240.16427	Media Foundation Simple Video Renderer DLL
mftranscode.dll	12.0.10240.16384	Media Foundation Transcode DLL
mfvdsp.dll	6.2.10240.16384	Windows Media Foundation Video DSP Components
mfwmaaec.dll	6.2.10240.16384	Windows Media Audio AEC for Media Foundation
mgmtapi.dll	6.2.10240.16384	Microsoft SNMP Manager API (uses WinSNMP)
mi.dll	6.2.10240.16384	Management Infrastructure
mibincodec.dll	6.2.10240.16384	Management Infrastructure binary codec component
microsoft.management.infrastructure.native.unmanaged.dll	6.2.10240.16384	Microsoft.Management.Infrastructure.Native.Unmanaged.dll
microsoftaccountextension.dll	6.2.10240.16384	Microsoft Account Extension DLL
microsoftaccounttokenprovider.dll	6.2.10240.16384	Microsoft� Account Token Provider
microsoft-windows-mapcontrols.dll	6.2.10240.16384	Map Event Resources
microsoft-windows-moshost.dll	6.2.10240.16384	MosHost Event Resources
microsoft-windows-mostrace.dll	6.2.10240.16384	MOS Event Resources
midimap.dll	6.2.10240.16384	Microsoft MIDI Mapper
migisol.dll	6.2.10240.16384	Migration System Isolation Layer
miguiresource.dll	6.2.10240.16384	MIG wini32 resources
mimefilt.dll	2008.0.10240.16384	MIME Filter
mimofcodec.dll	6.2.10240.16384	Management Infrastructure mof codec component
minstoreevents.dll	6.2.10240.16384	Minstore Event Resource
miracastreceiver.dll	12.0.10240.16384	Miracast Receiver API
mirrordrvcompat.dll	6.2.10240.16384	Mirror Driver Compatibility Helper
mispace.dll	6.2.10240.16384	Storage Management Provider for Spaces
miutils.dll	6.2.10240.16384	Management Infrastructure
mlang.dll	6.2.10240.16384	Multi Language Support DLL
mmcbase.dll	6.2.10240.16384	MMC Base DLL
mmci.dll	6.2.10240.16384	Media class installer
mmcico.dll	6.2.10240.16384	Media class co-installer
mmcndmgr.dll	6.2.10240.16384	MMC Node Manager DLL
mmcshext.dll	6.2.10240.16384	MMC Shell Extension DLL
mmdevapi.dll	6.2.10240.16384	MMDevice API
mmres.dll	6.2.10240.16384	General Audio Resources
modemui.dll	6.2.10240.16384	Windows Modem Properties
moricons.dll	6.2.10240.16384	Windows NT Setup Icon Resources Library
mos.dll	6.2.10240.16392	mos
moshostclient.dll	6.2.10240.16384	MosHostClient
mp3dmod.dll	6.2.10240.16384	Microsoft MP3 Decoder DMO
mp43decd.dll	6.2.10240.16384	Windows Media MPEG-4 Video Decoder
mp4sdecd.dll	6.2.10240.16384	Windows Media MPEG-4 S Video Decoder
mpg4decd.dll	6.2.10240.16384	Windows Media MPEG-4 Video Decoder
mpr.dll	6.2.10240.16384	Multiple Provider Router DLL
mprapi.dll	6.2.10240.16384	Windows NT MP Router Administration DLL
mprddm.dll	6.2.10240.16384	Demand Dial Manager Supervisor
mprdim.dll	6.2.10240.16384	Dynamic Interface Manager
mprext.dll	6.2.10240.16384	Multiple Provider Router Extension DLL
mprmsg.dll	6.2.10240.16384	Multi-Protocol Router Service Messages DLL
mrmcorer.dll	6.2.10240.16385	Microsoft Windows MRM
mrmindexer.dll	6.2.10240.16384	Microsoft Windows MRM
mrt_map.dll	1.0.22929.0	Microsoft .NET Native Error Reporting Helper
mrt100.dll	1.0.22929.0	Microsoft .NET Native Runtime
ms3dthumbnailprovider.dll	6.2.10240.16384	3MF Metadata Handler
msaatext.dll	2.0.10413.0	Active Accessibility text support
msac3enc.dll	6.2.10240.16384	Microsoft AC-3 Encoder
msacm32.dll	6.2.10240.16384	Microsoft ACM Audio Filter
msadce.dll	6.2.10240.16384	OLE DB Cursor Engine
msadcer.dll	6.2.10240.16384	OLE DB Cursor Engine Resources
msadco.dll	6.2.10240.16384	Remote Data Services Data Control
msadcor.dll	6.2.10240.16384	Remote Data Services Data Control Resources
msadds.dll	6.2.10240.16384	OLE DB Data Shape Provider
msaddsr.dll	6.2.10240.16384	OLE DB Data Shape Provider Resources
msader15.dll	6.2.10240.16384	ActiveX Data Objects Resources
msado15.dll	6.2.10240.16384	ActiveX Data Objects
msadomd.dll	6.2.10240.16384	ActiveX Data Objects (Multi-Dimensional)
msador15.dll	6.2.10240.16384	Microsoft ActiveX Data Objects Recordset
msadox.dll	6.2.10240.16384	ActiveX Data Objects Extensions
msadrh15.dll	6.2.10240.16384	ActiveX Data Objects Rowset Helper
msafd.dll	6.2.10240.16384	Microsoft Windows Sockets 2.0 Service Provider
msajapi.dll	6.2.10240.16384	AllJoyn API Library
msalacdecoder.dll	6.2.10240.16384	Media Foundation ALAC Decoder
msalacencoder.dll	6.2.10240.16384	Media Foundation ALAC Encoder
msamrnbdecoder.dll	6.2.10240.16384	AMR Narrowband Decoder DLL
msamrnbencoder.dll	6.2.10240.16384	AMR Narrowband Encoder DLL
msamrnbsink.dll	6.2.10240.16384	AMR Narrowband Sink DLL
msamrnbsource.dll	6.2.10240.16384	AMR Narrowband Source DLL
msasn1.dll	6.2.10240.16384	ASN.1 Runtime APIs
msauddecmft.dll	6.2.10240.16384	Media Foundation Audio Decoders
msaudite.dll	6.2.10240.16384	Security Audit Events DLL
msauserext.dll	6.2.10240.16384	MSA USER Extension DLL
mscandui.dll	6.2.10240.16384	MSCANDUI Server DLL
mscat32.dll	6.2.10240.16384	MSCAT32 Forwarder DLL
msclmd.dll	10.0.10240.16384	Microsoft Class Mini-driver
mscms.dll	6.2.10240.16384	Microsoft Color Matching System DLL
mscoree.dll	6.2.10240.16384	Microsoft .NET Runtime Execution Engine
mscorier.dll	6.2.10240.16384	Microsoft .NET Runtime IE resources
mscories.dll	2.0.50727.8662	Microsoft .NET IE SECURITY REGISTRATION
mscpx32r.dll	6.2.10240.16384	ODBC Code Page Translator Resources
mscpxl32.dll	6.2.10240.16384	ODBC Code Page Translator
msctf.dll	6.2.10240.16384	MSCTF Server DLL
msctfmonitor.dll	6.2.10240.16384	MsCtfMonitor DLL
msctfp.dll	6.2.10240.16384	MSCTFP Server DLL
msctfui.dll	6.2.10240.16384	MSCTFUI Server DLL
msctfuimanager.dll	6.2.10240.16425	Microsoft UIManager DLL
msdadc.dll	6.2.10240.16384	OLE DB Data Conversion Stub
msdadiag.dll	6.2.10240.16384	Built-In Diagnostics
msdaenum.dll	6.2.10240.16384	OLE DB Root Enumerator Stub
msdaer.dll	6.2.10240.16384	OLE DB Error Collection Stub
msdaora.dll	6.2.10240.16384	OLE DB Provider for Oracle
msdaorar.dll	6.2.10240.16384	OLE DB Provider for Oracle Resources
msdaosp.dll	6.2.10240.16384	OLE DB Simple Provider
msdaprsr.dll	6.2.10240.16384	OLE DB Persistence Services Resources
msdaprst.dll	6.2.10240.16384	OLE DB Persistence Services
msdaps.dll	6.2.10240.16384	OLE DB Interface Proxies/Stubs
msdarem.dll	6.2.10240.16384	OLE DB Remote Provider
msdaremr.dll	6.2.10240.16384	OLE DB Remote Provider Resources
msdart.dll	6.2.10240.16384	OLE DB Runtime Routines
msdasc.dll	6.2.10240.16384	OLE DB Service Components Stub
msdasql.dll	6.2.10240.16384	OLE DB Provider for ODBC Drivers
msdasqlr.dll	6.2.10240.16384	OLE DB Provider for ODBC Drivers Resources
msdatl3.dll	6.2.10240.16384	OLE DB Implementation Support Routines
msdatt.dll	6.2.10240.16384	OLE DB Temporary Table Services
msdaurl.dll	6.2.10240.16384	OLE DB RootBinder Stub
msdelta.dll	6.2.10240.16384	Microsoft Patch Engine
msdfmap.dll	6.2.10240.16384	Data Factory Handler
msdmo.dll	6.2.10240.16384	DMO Runtime
msdrm.dll	6.2.10240.16384	Windows Rights Management client
msdtcprx.dll	2001.12.10941.16384	Microsoft Distributed Transaction Coordinator OLE Transactions Interface Proxy DLL
msdtcuiu.dll	2001.12.10941.16384	Microsoft Distributed Transaction Coordinator Administrative DLL
msdtcvsp1res.dll	2001.12.10941.16384	Microsoft Distributed Transaction Coordinator Resources for Vista SP1
msexch40.dll	4.0.9756.0	Microsoft Jet Exchange Isam
msexcl40.dll	4.0.9756.0	Microsoft Jet Excel Isam
msfeeds.dll	11.0.10240.16384	Microsoft Feeds Manager
msfeedsbs.dll	11.0.10240.16384	Microsoft Feeds Background Sync
msflacdecoder.dll	6.2.10240.16384	Media Foundation FLAC Decoder
msflacencoder.dll	6.2.10240.16384	Media Foundation FLAC Encoder
msftedit.dll	6.2.10240.16386	Rich Text Edit Control, v7.5
mshtml.dll	11.0.10240.16445	Microsoft (R) HTML Viewer
mshtmldac.dll	11.0.10240.16384	DAC for Trident DOM
mshtmled.dll	11.0.10240.16384	Microsoft� HTML Editing Component
mshtmler.dll	11.0.10240.16384	Microsoft� HTML Editing Component's Resource DLL
msi.dll	5.0.10240.16386	Windows Installer
msidcrl40.dll	6.2.10240.16384	Microsoft� Account Dynamic Link Library
msident.dll	6.2.10240.16384	Microsoft Identity Manager
msidle.dll	6.2.10240.16384	User Idle Monitor
msidntld.dll	6.2.10240.16384	Microsoft Identity Manager
msieftp.dll	6.2.10240.16384	Microsoft Internet Explorer FTP Folder Shell Extension
msihnd.dll	5.0.10240.16384	Windows� installer
msiltcfg.dll	5.0.10240.16384	Windows Installer Configuration API Stub
msimg32.dll	6.2.10240.16384	GDIEXT Client DLL
msimsg.dll	5.0.10240.16384	Windows� Installer International Messages
msimtf.dll	6.2.10240.16384	Active IMM Server DLL
msisip.dll	5.0.10240.16384	MSI Signature SIP Provider
msiwer.dll	5.0.10240.16384	MSI Windows Error Reporting
msjet40.dll	4.0.9765.0	Microsoft Jet Engine Library
msjetoledb40.dll	4.0.9756.0
msjint40.dll	4.0.9765.0	Microsoft Jet Database Engine International DLL
msjro.dll	6.2.10240.16384	Jet and Replication Objects
msjter40.dll	4.0.9756.0	Microsoft Jet Database Engine Error DLL
msjtes40.dll	4.0.9756.0	Microsoft Jet Expression Service
mskeyprotcli.dll	6.2.10240.16384	Windows Client Key Protection Provider
mskeyprotect.dll	6.2.10240.16384	Microsoft Key Protection Provider
msls31.dll	3.10.349.0	Microsoft Line Services library file
msltus40.dll	4.0.9756.0	Microsoft Jet Lotus 1-2-3 Isam
msmpeg2adec.dll	12.0.10133.0	Microsoft DTV-DVD Audio Decoder
msmpeg2enc.dll	12.0.10240.16384	Microsoft MPEG-2 Encoder
msmpeg2vdec.dll	12.0.10133.0	Microsoft DTV-DVD Video Decoder
msnetobj.dll	11.0.10240.16384	DRM ActiveX Network Object
msobjs.dll	6.2.10240.16384	System object audit names
msoeacct.dll	6.2.10240.16384	Microsoft Internet Account Manager
msoert2.dll	6.2.10240.16384	Microsoft Windows Mail RT Lib
msorc32r.dll	6.2.10240.16384	ODBC Driver for Oracle Resources
msorcl32.dll	6.2.10240.16384	ODBC Driver for Oracle
mspatcha.dll	6.2.10240.16384	Microsoft File Patch Application API
mspatchc.dll	6.2.10240.16384	Microsoft Patch Creation Engine
mspbde40.dll	4.0.9756.0	Microsoft Jet Paradox Isam
msphotography.dll	6.2.10240.16384	MS Photography DLL
msports.dll	6.2.10240.16384	Ports Class Installer
msrating.dll	11.0.10240.16384	Internet Ratings and Local User Management DLL
msrd2x40.dll	4.0.9756.0	Microsoft (R) Red ISAM
msrd3x40.dll	4.0.9756.0	Microsoft (R) Red ISAM
msrdc.dll	6.2.10240.16384	Remote Differential Compression COM server
msrdpwebaccess.dll	6.2.10240.16384	Microsoft Remote Desktop Services Web Access Control
msrepl40.dll	4.0.9756.0	Microsoft Replication Library
msrle32.dll	6.2.10240.16384	Microsoft RLE Compressor
msscntrs.dll	7.0.10240.16384	PKM Perfmon Counter DLL
msscp.dll	11.0.10240.16384	Windows Media Secure Content Provider
msshooks.dll	7.0.10240.16384	Microsoft Search Hooks
mssign32.dll	6.2.10240.16384	Microsoft Trust Signing APIs
mssip32.dll	6.2.10240.16384	MSSIP32 Forwarder DLL
mssitlb.dll	7.0.10240.16384	mssitlb
msspellcheckingfacility.dll	6.2.10240.16384	Microsoft Spell Checking Facility
mssph.dll	7.0.10240.16384	Microsoft Search Protocol Handler
mssphtb.dll	7.0.10240.16384	Outlook MSSearch Connector
mssprxy.dll	7.0.10240.16384	Microsoft Search Proxy
mssrch.dll	7.0.10240.16431	Microsoft Embedded Search
mssvp.dll	7.0.10240.16384	MSSearch Vista Platform
mstask.dll	6.2.10240.16384	Task Scheduler interface DLL
mstext40.dll	4.0.9756.0	Microsoft Jet Text Isam
mstscax.dll	6.2.10240.16384	Remote Desktop Services ActiveX Client
msutb.dll	6.2.10240.16384	MSUTB Server DLL
msv1_0.dll	6.2.10240.16384	Microsoft Authentication Package v1.0
msvbvm60.dll	6.0.98.15	Visual Basic Virtual Machine
msvcirt.dll	7.0.10240.16384	Windows NT IOStreams DLL
msvcp_win.dll	6.2.10240.16384	Microsoft� C Runtime Library
msvcp100.dll	10.0.40219.1	Microsoft� C Runtime Library
msvcp110.dll	11.0.50727.1	Microsoft� C Runtime Library
msvcp110_win.dll	6.2.10240.16384	Microsoft� STL110 C++ Runtime Library
msvcp120.dll	12.0.21005.1	Microsoft� C Runtime Library
msvcp120_clr0400.dll	12.0.52512.0	Microsoft� C Runtime Library
msvcp60.dll	7.0.10240.16384	Windows NT C++ Runtime Library DLL
msvcr100.dll	10.0.40219.1	Microsoft� C Runtime Library
msvcr100_clr0400.dll	14.0.79.0	Microsoft� .NET Framework
msvcr110.dll	11.0.50727.1	Microsoft� C Runtime Library
msvcr120.dll	12.0.21005.1	Microsoft� C Runtime Library
msvcr120_clr0400.dll	12.0.52512.0	Microsoft� C Runtime Library
msvcrt.dll	7.0.10240.16384	Windows NT CRT DLL
msvcrt20.dll	2.12.0.0	Microsoft� C Runtime Library
msvcrt40.dll	6.2.10240.16384	VC 4.x CRT DLL (Forwarded to msvcrt.dll)
msvfw32.dll	6.2.10240.16384	Microsoft Video for Windows DLL
msvidc32.dll	6.2.10240.16384	Microsoft Video 1 Compressor
msvidctl.dll	6.5.10240.16384	ActiveX control for streaming video
msvideodsp.dll	6.2.10240.16384	Video Stabilization MFT
msvproc.dll	12.0.10240.16384	Media Foundation Video Processor
mswb7.dll	6.2.10240.16384	MSWB7 DLL
mswdat10.dll	4.0.9756.0	Microsoft Jet Sort Tables
mswmdm.dll	12.0.10240.16384	Windows Media Device Manager Core
mswsock.dll	6.2.10240.16384	Microsoft Windows Sockets 2.0 Service Provider
mswstr10.dll	4.0.9765.0	Microsoft Jet Sort Library
msxactps.dll	6.2.10240.16384	OLE DB Transaction Proxies/Stubs
msxbde40.dll	4.0.9756.0	Microsoft Jet xBASE Isam
msxml3.dll	8.110.10240.16384	MSXML 3.0
msxml3r.dll	8.110.10240.16384	XML Resources
msxml6.dll	6.30.10240.16384	MSXML 6.0
msxml6r.dll	6.30.10240.16384	XML Resources
msyuv.dll	6.2.10240.16384	Microsoft UYVY Video Decompressor
mtf.dll
mtxclu.dll	2001.12.10941.16384	Microsoft Distributed Transaction Coordinator Failover Clustering Support DLL
mtxdm.dll	2001.12.10941.16384	COM+
mtxex.dll	2001.12.10941.16384	COM+
mtxlegih.dll	2001.12.10941.16384	COM+
mtxoci.dll	2001.12.10941.16384	Microsoft Distributed Transaction Coordinator Database Support DLL for Oracle
muifontsetup.dll	6.2.10240.16384	MUI Callback for font registry settings
mycomput.dll	6.2.10240.16384	Computer Management
mydocs.dll	6.2.10240.16384	My Documents Folder UI
napcrypt.dll	6.2.10240.16384	NAP Cryptographic API helper
napinsp.dll	6.2.10240.16384	E-mail Naming Shim Provider
naturallanguage6.dll	6.2.10240.16384	Natural Language Development Platform 6
ncaapi.dll	6.2.10240.16384	Microsoft Network Connectivity Assistant API
ncdprop.dll	6.2.10240.16384	Advanced network device properties
nci.dll	6.2.10240.16384	CoInstaller: NET
ncobjapi.dll	6.2.10240.16384	Microsoft� Windows� Operating System
ncrypt.dll	6.2.10240.16384	Windows NCrypt Router
ncryptprov.dll	6.2.10240.16384	Microsoft KSP
ncryptsslp.dll	6.2.10240.16384	Microsoft SChannel Provider
nddeapi.dll	6.2.10240.16384	Network DDE Share Management APIs
ndfapi.dll	6.2.10240.16384	Network Diagnostic Framework Client API
ndfetw.dll	6.2.10240.16384	Network Diagnostic Engine Event Interface
ndfhcdiscovery.dll	6.2.10240.16384	Network Diagnostic Framework HC Discovery API
ndiscapcfg.dll	6.2.10240.16384	NdisCap Notify Object
ndishc.dll	6.2.10240.16384	NDIS Helper Classes
ndproxystub.dll	6.2.10240.16384	Network Diagnostic Engine Proxy/Stub
negoexts.dll	6.2.10240.16384	NegoExtender Security Package
netapi32.dll	6.2.10240.16384	Net Win32 API DLL
netbios.dll	6.2.10240.16384	NetBIOS Interface Library
netcenter.dll	6.2.10240.16384	Network Center control panel
netcfgx.dll	6.2.10240.16384	Network Configuration Objects
netcorehc.dll	6.2.10240.16384	Networking Core Diagnostics Helper Classes
netdiagfx.dll	6.2.10240.16384	Network Diagnostic Framework
netevent.dll	6.2.10240.16384	Net Event Handler
netfxperf.dll	6.2.10240.16384	Extensible Performance Counter Shim
neth.dll	6.2.10240.16384	Net Help Messages DLL
netid.dll	6.2.10240.16384	System Control Panel Applet; Network ID Page
netiohlp.dll	6.2.10240.16384	Netio Helper DLL
netjoin.dll	6.2.10240.16384	Domain Join DLL
netlogon.dll	6.2.10240.16384	Net Logon Services DLL
netmsg.dll	6.2.10240.16384	Net Messages DLL
netplwiz.dll	6.2.10240.16384	Map Network Drives/Network Places Wizard
netprofm.dll	6.2.10240.16384	Network List Manager
netprovfw.dll	6.2.10240.16384	Provisioning Service Framework DLL
netprovisionsp.dll	6.2.10240.16384	Provisioning Service Provider DLL
netsetupapi.dll	6.2.10240.16384	Network Configuration API
netsetupengine.dll	6.2.10240.16384	Network Configuration Engine
netsetupshim.dll	6.2.10240.16384	Network Configuration API
netshell.dll	6.2.10240.16384	Network Connections Shell
netutils.dll	6.2.10240.16384	Net Win32 API Helpers DLL
networkcollectionagent.dll	11.0.10240.16384	Network Collection Agent
networkexplorer.dll	6.2.10240.16384	Network Explorer
networkitemfactory.dll	6.2.10240.16384	NetworkItem Factory
newdev.dll	6.0.5054.0	Add Hardware Device Library
ngcksp.dll	6.2.10240.16384	Microsoft Passport Key Storage Provider
ninput.dll	6.2.10240.16384	Microsoft Pen and Touch Input Component
nlaapi.dll	6.2.10240.16384	Network Location Awareness 2
nlhtml.dll	2008.0.10240.16384	HTML filter
nlmgp.dll	6.2.10240.16384	Network List Manager Snapin
nlmproxy.dll	6.2.10240.16384	Network List Manager Public Proxy
nlmsprep.dll	6.2.10240.16384	Network List Manager Sysprep Module
nlsbres.dll	6.2.10240.16384	NLSBuild resource DLL
nlsdata0000.dll	6.2.10240.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0009.dll	6.2.10240.16384	Microsoft English Natural Language Server Data and Code
nlsdl.dll	6.2.10240.16384	Nls Downlevel DLL
nlslexicons0009.dll	6.2.10240.16384	Microsoft English Natural Language Server Data and Code
nmaa.dll	6.2.10240.16384	NMAA
nmadirect.dll	8.1.0.65535	master branch
normaliz.dll	6.2.10240.16384	Unicode Normalization DLL
notificationobjfactory.dll	6.2.10240.16425	Notifications Object Factory
npmproxy.dll	6.2.10240.16384	Network List Manager Proxy
npsmdesktopprovider.dll	6.2.10240.16384	<d> NPSM Desktop Local Provider DLL
nshhttp.dll	6.2.10240.16384	HTTP netsh DLL
nshipsec.dll	6.2.10240.16384	Net Shell IP Security helper DLL
nshwfp.dll	6.2.10240.16384	Windows Filtering Platform Netsh Helper
nsi.dll	6.2.10240.16384	NSI User-mode interface DLL
ntasn1.dll	6.2.10240.16384	Microsoft ASN.1 API
ntdll.dll	6.2.10240.16430	NT Layer DLL
ntdsapi.dll	6.2.10240.16384	Active Directory Domain Services API
ntlanman.dll	6.2.10240.16384	Microsoft� Lan Manager
ntlanui2.dll	6.2.10240.16384	Network object shell UI
ntlmshared.dll	6.2.10240.16384	NTLM Shared Functionality
ntmarta.dll	6.2.10240.16384	Windows NT MARTA provider
ntprint.dll	6.2.10240.16384	Spooler Setup DLL
ntshrui.dll	6.2.10240.16405	Shell extensions for sharing
ntvdm64.dll	6.2.10240.16384	16-bit Emulation on NT64
objsel.dll	6.2.10240.16384	Object Picker Dialog
occache.dll	11.0.10240.16384	Object Control Viewer
ocsetapi.dll	6.2.10240.16384	Windows Optional Component Setup API
odbc32.dll	6.2.10240.16384	ODBC Driver Manager
odbcbcp.dll	6.2.10240.16384	BCP for ODBC
odbcconf.dll	6.2.10240.16384	ODBC Driver Configuration Program
odbccp32.dll	6.2.10240.16384	ODBC Installer
odbccr32.dll	6.2.10240.16384	ODBC Cursor Library
odbccu32.dll	6.2.10240.16384	ODBC Cursor Library
odbcint.dll	6.2.10240.16384	ODBC Resources
odbcji32.dll	6.2.10240.16384	Microsoft ODBC Desktop Driver Pack 3.5
odbcjt32.dll	6.2.10240.16384	Microsoft ODBC Desktop Driver Pack 3.5
odbctrac.dll	6.2.10240.16384	ODBC Driver Manager Trace
oddbse32.dll	6.2.10240.16384	ODBC (3.0) driver for DBase
odexl32.dll	6.2.10240.16384	ODBC (3.0) driver for Excel
odfox32.dll	6.2.10240.16384	ODBC (3.0) driver for FoxPro
odpdx32.dll	6.2.10240.16384	ODBC (3.0) driver for Paradox
odtext32.dll	6.2.10240.16384	ODBC (3.0) driver for text files
oemlicense.dll	6.2.10240.16384	Client Licensing Platform Client Provisioning
offfilt.dll	2008.0.10240.16384	OFFICE Filter
offlinelsa.dll	6.2.10240.16384	Windows
offlinesam.dll	6.2.10240.16384	Windows
offreg.dll	6.2.10240.16384	Offline registry DLL
ogldrv.dll	6.2.10240.16384	MSOGL
ole2.dll	3.10.0.103	Windows Win16 Application Launcher
ole2disp.dll	3.10.0.103	Windows Win16 Application Launcher
ole2nls.dll	3.10.0.103	Windows Win16 Application Launcher
ole32.dll	6.2.10240.16384	Microsoft OLE for Windows
oleacc.dll	7.2.10240.16384	Active Accessibility Core Component
oleacchooks.dll	7.2.10240.16384	Active Accessibility Event Hooks Library
oleaccrc.dll	7.2.10240.16384	Active Accessibility Resource DLL
oleaut32.dll	6.2.10240.16384
olecli32.dll	6.2.10240.16384	Object Linking and Embedding Client Library
oledb32.dll	6.2.10240.16384	OLE DB Core Services
oledb32r.dll	6.2.10240.16384	OLE DB Core Services Resources
oledlg.dll	6.2.10240.16384	OLE User Interface Support
oleprn.dll	6.2.10240.16384	Oleprn DLL
olepro32.dll	6.2.10240.16384
olesvr32.dll	6.2.10240.16384	Object Linking and Embedding Server Library
olethk32.dll	6.2.10240.16384	Microsoft OLE for Windows
ondemandbrokerclient.dll	6.2.10240.16384	OnDemandBrokerClient
ondemandconnroutehelper.dll	6.2.10240.16384	On Demand Connctiond Route Helper
onedrivesettingsyncprovider.dll	6.2.10240.16431	OneDrive Setting Sync
onex.dll	6.2.10240.16384	IEEE 802.1X supplicant library
onexui.dll	6.2.10240.16384	IEEE 802.1X supplicant UI library
oobefldr.dll	6.2.10240.16384	Getting Started
opcservices.dll	6.2.10240.16384	Native Code OPC Services Library
opencl.dll	2.0.2.0	OpenCL Client DLL
opengl32.dll	6.2.10240.16384	OpenGL Client DLL
osbaseln.dll	6.2.10240.16384	Service Reporting API
osksupport.dll	6.2.10240.16384	Microsoft On-Screen Keyboard Support Utilities
osuninst.dll	6.2.10240.16384	Uninstall Interface
p2p.dll	6.2.10240.16384	Peer-to-Peer Grouping
p2pgraph.dll	6.2.10240.16384	Peer-to-Peer Graphing
p2pnetsh.dll	6.2.10240.16384	Peer-to-Peer NetSh Helper
packager.dll	6.2.10240.16384	Object Packager2
packagestateroaming.dll	6.2.10240.16384	Package State Roaming
panmap.dll	6.2.10240.16384	PANOSE(tm) Font Mapper
pautoenr.dll	6.2.10240.16384	Auto Enrollment DLL
pcacli.dll	6.2.10240.16384	Program Compatibility Assistant Client Module
pcaui.dll	6.2.10240.16384	Program Compatibility Assistant User Interface Module
pcpksp.dll	6.2.10240.16384	Microsoft Platform Key Storage Provider for Platform Crypto Provider
pcptpm12.dll	6.2.10240.16384	Microsoft Platform Crypto Provider for Trusted Platform Module 1.2
pcwum.dll	6.2.10240.16384	Performance Counters for Windows Native DLL
pdh.dll	6.2.10240.16384	Windows Performance Data Helper DLL
pdhui.dll	6.2.10240.16384	PDH UI
perfctrs.dll	6.2.10240.16384	Performance Counters
perfdisk.dll	6.2.10240.16384	Windows Disk Performance Objects DLL
perfnet.dll	6.2.10240.16384	Windows Network Service Performance Objects DLL
perfos.dll	6.2.10240.16384	Windows System Performance Objects DLL
perfproc.dll	6.2.10240.16384	Windows System Process Performance Objects DLL
perfts.dll	6.2.10240.16384	Windows Remote Desktop Services Performance Objects
personax.dll	6.2.10240.16384	PersonaX
phonecallhistoryapis.dll	6.2.10240.16384	DLL for PhoneCallHistoryRT
phoneutil.dll	6.2.10240.16384	Phone utilities
phoneutilres.dll	6.2.10240.16384	Resource DLL for Phone utilities
photometadatahandler.dll	6.2.10240.16384	Photo Metadata Handler
photowiz.dll	6.2.10240.16384	Photo Printing Wizard
pid.dll	6.2.10240.16384	Microsoft PID
pidgenx.dll	6.2.10240.16384	Pid Generation
pifmgr.dll	6.2.10240.16384	Windows NT PIF Manager Icon Resources Library
pimindexmaintenanceclient.dll	6.2.10240.16384	Client dll for Pim Index Maintenance
pimstore.dll	6.2.10240.16384	POOM
pku2u.dll	6.2.10240.16384	Pku2u Security Package
pla.dll	6.2.10240.16384	Performance Logs & Alerts
playlistfolder.dll	6.2.10240.16384	Playlist Folder
playsndsrv.dll	6.2.10240.16384	PlaySound Service
playtodevice.dll	12.0.10240.16384	PLAYTODEVICE DLL
playtomanager.dll	6.2.10240.16412	Microsoft Windows PlayTo Manager
playtomenu.dll	12.0.10240.16384	Cast to Device Menu DLL
playtoreceiver.dll	12.0.10240.16384	DLNA DMR DLL
playtostatusprovider.dll	6.2.10240.16384	PlayTo Status Provider Dll
pngfilt.dll	11.0.10240.16384	IE PNG plugin image decoder
pnrpnsp.dll	6.2.10240.16384	PNRP Name Space Provider
policymanager.dll	6.2.10240.16384	Policy Manager DLL
polstore.dll	6.2.10240.16384	Policy Storage dll
portabledeviceapi.dll	6.2.10240.16384	Windows Portable Device API Components
portabledeviceclassextension.dll	6.2.10240.16384	Windows Portable Device Class Extension Component
portabledeviceconnectapi.dll	6.2.10240.16384	Portable Device Connection API Components
portabledevicestatus.dll	6.2.10240.16384	Microsoft Windows Portable Device Status Provider
portabledevicesyncprovider.dll	6.2.10240.16384	Microsoft Windows Portable Device Provider.
portabledevicetypes.dll	6.2.10240.16384	Windows Portable Device (Parameter) Types Component
portabledevicewiacompat.dll	6.2.10240.16384	PortableDevice WIA Compatibility Driver
portabledevicewmdrm.dll	6.2.10240.16384	Windows Portable Device WMDRM Component
posyncservices.dll	6.2.10240.16384	Change Tracking
pots.dll	6.2.10240.16384	Power Troubleshooter
powercpl.dll	6.2.10240.16384	Power Options Control Panel
powrprof.dll	6.2.10240.16384	Power Profile Helper DLL
presentationcffrasterizernative_v0300.dll	3.0.6920.8674	WinFX OpenType/CFF Rasterizer
presentationhostproxy.dll	6.2.10240.16384	Windows Presentation Foundation Host Proxy
presentationnative_v0300.dll	3.0.6920.8674	PresentationNative_v0300.dll
prflbmsg.dll	6.2.10240.16384	Perflib Event Messages
printconfig.dll	0.3.10240.16384	PrintConfig User Interface
printdialogs.dll	6.2.10240.16384	Microsoft� Windows� Operating System
printplatformconfig.dll	6.2.10240.16384	Legacy Print Platform Adapter
printui.dll	6.2.10240.16384	Printer Settings User Interface
prncache.dll	6.2.10240.16384	Print UI Cache
prnfldr.dll	6.2.10240.16384	prnfldr dll
prnntfy.dll	6.2.10240.16384	prnntfy DLL
prntvpt.dll	6.2.10240.16384	Print Ticket Services Module
profapi.dll	6.2.10240.16384	User Profile Basic API
profext.dll	6.2.10240.16384	profext
propsys.dll	7.0.10240.16384	Microsoft Property System
provcore.dll	6.2.10240.16384	Microsoft Wireless Provisioning Core
provsvc.dll	6.2.10240.16384	Windows HomeGroup
provthrd.dll	6.2.10240.16384	WMI Provider Thread & Log Library
proximitycommon.dll	6.2.10240.16384	Proximity Common Implementation
proximitycommonpal.dll	6.2.10240.16384	Proximity Common PAL
proximityrtapipal.dll	6.2.10240.16384	Proximity WinRT API PAL
prvdmofcomp.dll	6.2.10240.16384	WMI
psapi.dll	6.2.10240.16384	Process Status Helper
pshed.dll	6.2.10240.16384	Platform Specific Hardware Error Driver
psisdecd.dll	6.2.10240.16384	Microsoft SI/PSI parser for MPEG2 based networks.
psmodulediscoveryprovider.dll	6.2.10240.16384	WMI
pstorec.dll	6.2.10240.16384	Deprecated Protected Storage COM interfaces
puiapi.dll	6.2.10240.16384	puiapi DLL
puiobj.dll	6.2.10240.16384	PrintUI Objects DLL
pvl.dll
pwrshplugin.dll	6.2.10240.16384	pwrshplugin.dll
qasf.dll	12.0.10240.16384	DirectShow ASF Support
qcap.dll	6.2.10240.16384	DirectShow Runtime.
qdv.dll	6.2.10240.16384	DirectShow Runtime.
qdvd.dll	6.2.10240.16384	DirectShow DVD PlayBack Runtime.
qedit.dll	6.2.10240.16384	DirectShow Editing.
qedwipes.dll	6.2.10240.16384	DirectShow Editing SMPTE Wipes
quartz.dll	6.2.10240.16384	DirectShow Runtime.
query.dll	6.2.10240.16384	Content Index Utility DLL
qwave.dll	6.2.10240.16384	Windows NT
racengn.dll	6.2.10240.16384	Reliability analysis metrics calculation engine
racpldlg.dll	6.2.10240.16384	Remote Assistance Contact List
radardt.dll	6.2.10240.16384	Microsoft Windows Resource Exhaustion Detector
radarrs.dll	6.2.10240.16384	Microsoft Windows Resource Exhaustion Resolver
radcui.dll	6.2.10240.16384	RemoteApp and Desktop Connection UI Component
rasadhlp.dll	6.2.10240.16384	Remote Access AutoDial Helper
rasapi32.dll	6.2.10240.16384	Remote Access API
rascfg.dll	6.2.10240.16384	RAS Configuration Objects
raschap.dll	6.2.10240.16384	Remote Access PPP CHAP
raschapext.dll	6.2.10240.16384	Windows Extension library for raschap
rasctrs.dll	6.2.10240.16384	Windows NT Remote Access Perfmon Counter dll
rasdiag.dll	6.2.10240.16384	RAS Diagnostics Helper Classes
rasdlg.dll	6.2.10240.16384	Remote Access Common Dialog API
rasgcw.dll	6.2.10240.16384	RAS Wizard Pages
rasman.dll	6.2.10240.16384	Remote Access Connection Manager
rasmontr.dll	6.2.10240.16384	RAS Monitor DLL
rasmxs.dll	6.2.10240.16384	Remote Access Device DLL for modems, PADs and switches
rasplap.dll	6.2.10240.16384	RAS PLAP Credential Provider
rasppp.dll	6.2.10240.16384	Remote Access PPP
rasser.dll	6.2.10240.16384	Remote Access Media DLL for COM ports
rastapi.dll	6.2.10240.16384	Remote Access TAPI Compliance Layer
rastls.dll	6.2.10240.16384	Remote Access PPP EAP-TLS
rastlsext.dll	6.2.10240.16384	Windows Extension library for rastls
rdpcore.dll	6.2.10240.16384	RDP Core DLL
rdpencom.dll	6.2.10240.16384	RDPSRAPI COM Objects
rdpendp.dll	6.2.10240.16384	RDP Audio Endpoint
rdpsaps.dll	6.2.10240.16384	RDP Session Agent Proxy Stub
rdvidcrl.dll	6.2.10240.16384	Remote Desktop Services Client for Microsoft Online Services
rdvvmtransport.dll	6.2.10240.16384	RdvVmTransport EndPoints
reagent.dll	6.2.10240.16431	Microsoft Windows Recovery Agent DLL
regapi.dll	6.2.10240.16384	Registry Configuration APIs
regctrl.dll	6.2.10240.16384	RegCtrl
reinfo.dll	6.2.10240.16431	Microsoft Windows Recovery Info DLL
remoteaudioendpoint.dll	6.2.10240.16384	Remote Audio Endpoint
remotenaturallanguage.dll	1.0.0.1	Speech Client Communication To Backend Speech Services Library.
remotepg.dll	6.2.10240.16384	Remote Sessions CPL Extension
removedevicecontexthandler.dll	6.2.10240.16384	Devices & Printers Remove Device Context Menu Handler
removedeviceelevated.dll	6.2.10240.16384	RemoveDeviceElevated Proxy Dll
resampledmo.dll	6.2.10240.16384	Windows Media Resampler
resutils.dll	6.2.10240.16384	Microsoft Cluster Resource Utility DLL
rfxvmt.dll	6.2.10240.16384	Microsoft RemoteFX VM Transport
rgb9rast.dll	6.2.10240.16384	Microsoft� Windows� Operating System
riched20.dll	5.31.23.1231	Rich Text Edit Control, v3.1
riched32.dll	6.2.10240.16384	Wrapper Dll for Richedit 1.0
rmclient.dll	6.2.10240.16384	Resource Manager Client
rnr20.dll	6.2.10240.16384	Windows Socket2 NameSpace DLL
rometadata.dll	4.6.79.0	Microsoft MetaData Library
rpchttp.dll	6.2.10240.16384	RPC HTTP DLL
rpcns4.dll	6.2.10240.16384	Remote Procedure Call Name Service Client
rpcnsh.dll	6.2.10240.16384	RPC Netshell Helper
rpcrt4.dll	6.2.10240.16412	Remote Procedure Call Runtime
rpcrtremote.dll	6.2.10240.16384	Remote RPC Extension
rsaenh.dll	6.2.10240.16384	Microsoft Enhanced Cryptographic Provider
rshx32.dll	6.2.10240.16384	Security Shell Extension
rstrtmgr.dll	6.2.10240.16384	Restart Manager
rtffilt.dll	2008.0.10240.16384	RTF Filter
rtm.dll	6.2.10240.16384	Routing Table Manager
rtmediaframe.dll	6.2.10240.16384	Windows Runtime MediaFrame DLL
rtutils.dll	6.2.10240.16384	Routing Utilities
rtworkq.dll	12.0.10240.16384	Realtime WorkQueue DLL
samcli.dll	6.2.10240.16384	Security Accounts Manager Client DLL
samlib.dll	6.2.10240.16384	SAM Library DLL
sas.dll	6.2.10240.16384	WinLogon Software SAS Library
sbe.dll	6.2.10240.16384	DirectShow Stream Buffer Filter.
sbeio.dll	12.0.10240.16384	Stream Buffer IO DLL
sberes.dll	6.2.10240.16384	DirectShow Stream Buffer Filter Resouces.
scansetting.dll	6.2.10240.16384	Microsoft� Windows(TM) ScanSettings Profile and Scanning implementation
scarddlg.dll	6.2.10240.16384	SCardDlg - Smart Card Common Dialog
scecli.dll	6.2.10240.16384	Windows Security Configuration Editor Client Engine
scesrv.dll	6.2.10240.16384	Windows Security Configuration Editor Engine
schannel.dll	6.2.10240.16384	TLS / SSL Security Provider
schedcli.dll	6.2.10240.16384	Scheduler Service Client DLL
scksp.dll	6.2.10240.16384	Microsoft Smart Card Key Storage Provider
scripto.dll	6.6.10240.16384	Microsoft ScriptO
scrobj.dll	5.812.10240.16384	Windows � Script Component Runtime
scrrun.dll	5.812.10240.16384	Microsoft � Script Runtime
sdiageng.dll	6.2.10240.16384	Scripted Diagnostics Execution Engine
sdiagprv.dll	6.2.10240.16384	Windows Scripted Diagnostic Provider API
sdohlp.dll	6.2.10240.16384	NPS SDO Helper Component
search.protocolhandler.mapi2.dll	7.0.10240.16384	Microsoft Search Protocol Handler for MAPI2
searchfolder.dll	6.2.10240.16405	SearchFolder
sechost.dll	6.2.10240.16384	Host for SCM/SDDL/LSA Lookup APIs
secproc.dll	6.2.10240.16384	Windows Rights Management Desktop Security Processor
secproc_isv.dll	6.2.10240.16384	Windows Rights Management Desktop Security Processor
secproc_ssp.dll	6.2.10240.16384	Windows Rights Management Services Server Security Processor
secproc_ssp_isv.dll	6.2.10240.16384	Windows Rights Management Services Server Security Processor (Pre-production)
secur32.dll	6.2.10240.16384	Security Support Provider Interface
security.dll	6.2.10240.16384	Security Support Provider Interface
sendmail.dll	6.2.10240.16405	Send Mail
sensapi.dll	6.2.10240.16384	SENS Connectivity API DLL
sensorsapi.dll	6.2.10240.16390	Sensor API
sensorscpl.dll	6.2.10240.16384	Open Location and Other Sensors
sensorsnativeapi.dll	6.2.10240.16384	Sensors Native API
sensorsnativeapi.v2.dll	6.2.10240.16412	Sensors Native API (V2 stack)
sensorsutilsv2.dll	6.2.10240.16384	Sensors v2 Utilities DLL
serialui.dll	6.2.10240.16384	Serial Port Property Pages
serwvdrv.dll	6.2.10240.16384	Unimodem Serial Wave driver
sessenv.dll	6.2.10240.16384	Remote Desktop Configuration service
settingmonitor.dll	6.2.10240.16384	Setting Synchronization Change Monitor
settingsync.dll	6.2.10240.16384	Setting Synchronization
settingsynccore.dll	6.2.10240.16384	Setting Synchronization Core
settingsyncpolicy.dll	6.2.10240.16384	SettingSync Policy
setupapi.dll	6.2.10240.16384	Windows Setup API
setupcln.dll	6.2.10240.16384	Setup Files Cleanup
sfc.dll	6.2.10240.16384	Windows File Protection
sfc_os.dll	6.2.10240.16384	Windows File Protection
shacct.dll	6.2.10240.16384	Shell Accounts Classes
sharehost.dll	6.2.10240.16384	ShareHost
shcore.dll	6.2.10240.16384	SHCORE
shdocvw.dll	6.2.10240.16384	Shell Doc Object and Control Library
shell32.dll	6.2.10240.16425	Windows Shell Common Dll
shellstyle.dll	6.2.10240.16384	Windows Shell Style Resource Dll
shfolder.dll	6.2.10240.16384	Shell Folder Service
shgina.dll	6.2.10240.16384	Windows Shell User Logon
shimeng.dll	6.2.10240.16384	Shim Engine DLL
shimgvw.dll	6.2.10240.16384	Photo Gallery Viewer
shlwapi.dll	6.2.10240.16384	Shell Light-weight Utility Library
shpafact.dll	6.2.10240.16384	Windows Shell LUA/PA Elevation Factory Dll
shsetup.dll	6.2.10240.16384	Shell setup helper
shsvcs.dll	6.2.10240.16384	Windows Shell Services Dll
shunimpl.dll	6.2.10240.16384	Windows Shell Obsolete APIs
shwebsvc.dll	6.2.10240.16384	Windows Shell Web Services
signdrv.dll	6.2.10240.16384	WMI provider for Signed Drivers
simauth.dll	6.2.10240.16384	EAP SIM run-time dll
simcfg.dll	6.2.10240.16384	EAP SIM config dll
sisbkup.dll	6.2.10240.16384	Single-Instance Store Backup Support Functions
slc.dll	6.2.10240.16384	Software Licensing Client Dll
slcext.dll	6.2.10240.16384	Software Licensing Client Extension Dll
slwga.dll	6.2.10240.16384	Software Licensing WGA API
smartcardcredentialprovider.dll	6.2.10240.16384	Windows Smartcard Credential Provider
smbhelperclass.dll	1.0.0.1	SMB (File Sharing) Helper Class for Network Diagnostic Framework
smphost.dll	6.2.10240.16384	Storage Management Provider (SMP) host service
sndvolsso.dll	6.2.10240.16384	SCA Volume
snmpapi.dll	6.2.10240.16384	SNMP Utility Library
softkbd.dll	6.2.10240.16384	Soft Keyboard Server and Tip
softpub.dll	6.2.10240.16384	Softpub Forwarder DLL
sortserver2003compat.dll	6.2.10240.16384	Sort Version Server 2003
sortwindows61.dll	6.2.10240.16384	SortWindows61 Dll
sortwindows6compat.dll	6.2.10240.16384	Sort Version Windows 6.0
spbcd.dll	6.2.10240.16393	BCD Sysprep Plugin
spfileq.dll	6.2.10240.16384	Windows SPFILEQ
spinf.dll	6.2.10240.16384	Windows SPINF
spnet.dll	6.2.10240.16384	Net Sysprep Plugin
spopk.dll	6.2.10240.16384	OPK Sysprep Plugin
spp.dll	6.2.10240.16384	Microsoft� Windows Shared Protection Point Library
sppc.dll	6.2.10240.16384	Software Licensing Client Dll
sppcext.dll	6.2.10240.16384	Software Protection Platform Client Extension Dll
sppinst.dll	6.2.10240.16384	SPP CMI Installer Plug-in DLL
sppwmi.dll	6.2.10240.16384	Software Protection Platform WMI provider
spwinsat.dll	6.2.10240.16384	WinSAT Sysprep Plugin
spwizeng.dll	6.2.10240.16384	Setup Wizard Framework
spwizimg.dll	6.2.10240.16384	Setup Wizard Framework Resources
spwizres.dll	6.2.10240.16384	Setup Wizard Framework Resources
spwmp.dll	6.2.10240.16384	Windows Media Player System Preparation DLL
sqlcecompact40.dll	4.0.8275.1	Database Repair Tool (32-bit)
sqlceoledb40.dll	4.0.10240.1	OLEDB Provider (32-bit)
sqlceqp40.dll	4.0.10240.1	Query Processor (32-bit)
sqlcese40.dll	4.0.10240.1	Storage Engine (32-bit)
sqloledb.dll	6.2.10240.16384	OLE DB Provider for SQL Server
sqlsrv32.dll	6.2.10240.16384	SQL Server ODBC Driver
sqlunirl.dll	2000.80.2039.0	String Function .DLL for SQL Enterprise Components
sqlwid.dll	2000.80.2039.0	Unicode Function .DLL for SQL Enterprise Components
sqlwoa.dll	2000.80.2040.0	Unicode/ANSI Function .DLL for SQL Enterprise Components
sqlxmlx.dll	6.2.10240.16384	XML extensions for SQL Server
sqmapi.dll	6.2.10240.16384	SQM Client
srchadmin.dll	7.0.10240.16384	Indexing Options
srclient.dll	6.2.10240.16384	Microsoft� Windows System Restore Client Library
srh.dll	6.2.10240.16384	Screen Reader Helper DLL
srhinproc.dll	6.2.10240.16384	Screen Reader Helper DLL
srpapi.dll	6.2.10240.16384	SRP APIs Dll
srumapi.dll	6.2.10240.16384	System Resource Usage Monitor API
srumsvc.dll	6.2.10240.16391	System Resource Usage Monitor Service
srvcli.dll	6.2.10240.16384	Server Service Client DLL
sscore.dll	6.2.10240.16384	Server Service Core DLL
ssdpapi.dll	6.2.10240.16384	SSDP Client API DLL
sspicli.dll	6.2.10240.16384	Security Support Provider Interface
ssshim.dll	6.2.10240.16384	Windows Componentization Platform Servicing API
startupscan.dll	6.2.10240.16384	Startup scan task DLL
staterepository.core.dll	6.2.10240.16384	StateRepository Core
stclient.dll	2001.12.10941.16384	COM+ Configuration Catalog Client
sti.dll	6.2.10240.16384	Still Image Devices client DLL
stobject.dll	6.2.10240.16405	Systray shell service object
storage.dll	3.10.0.103	Windows Win16 Application Launcher
storagecontexthandler.dll	6.2.10240.16384	Device Center Storage Context Menu Handler
storagewmi.dll	6.2.10240.16384	WMI Provider for Storage Management
storagewmi_passthru.dll	6.2.10240.16384	WMI PassThru Provider for Storage Management
storprop.dll	6.2.10240.16384	Property Pages for Storage Devices
structuredquery.dll	7.0.10240.16384	Structured Query
sud.dll	6.2.10240.16384	SUD Control Panel
suplcsps.dll	6.2.10240.16384	Windows Supl CSP implementation
sxproxy.dll	6.2.10240.16384	Microsoft� Windows System Protection Proxy Library
sxs.dll	6.2.10240.16384	Fusion 2.5
sxshared.dll	6.2.10240.16384	Microsoft� Windows SX Shared Library
sxsstore.dll	6.2.10240.16384	Sxs Store DLL
synccenter.dll	6.2.10240.16384	Microsoft Sync Center
synceng.dll	6.2.10240.16384	Windows Briefcase Engine
synchostps.dll	6.2.10240.16384	Proxystub for sync host
syncinfrastructure.dll	6.2.10240.16384	Microsoft Windows Sync Infrastructure.
syncinfrastructureps.dll	6.2.10240.16384	Microsoft Windows sync infrastructure proxy stub.
syncreg.dll	2007.94.10240.16384	Microsoft Synchronization Framework Registration
syncsettings.dll	6.2.10240.16384	Sync Settings
syncui.dll	6.2.10240.16384	Windows Briefcase
syssetup.dll	6.2.10240.16384	Windows NT System Setup
systemcpl.dll	6.2.10240.16389	My System CPL
systemeventsbrokerclient.dll	6.2.10240.16384	system Events Broker Client Library
t2embed.dll	6.2.10240.16384	Microsoft T2Embed Font Embedding
tapi3.dll	6.2.10240.16384	Microsoft TAPI3
tapi32.dll	6.2.10240.16384	Microsoft� Windows(TM) Telephony API Client DLL
tapimigplugin.dll	6.2.10240.16384	Microsoft� Windows(TM) TAPI Migration Plugin Dll
tapiperf.dll	6.2.10240.16384	Microsoft� Windows(TM) Telephony Performance Monitor
tapisrv.dll	6.2.10240.16384	Microsoft� Windows(TM) Telephony Server
tapisysprep.dll	6.2.10240.16384	Microsoft� Windows(TM) Telephony Sysprep Work
tapiui.dll	6.2.10240.16384	Microsoft� Windows(TM) Telephony API UI DLL
taskcomp.dll	6.2.10240.16384	Task Scheduler Backward Compatibility Plug-in
taskschd.dll	6.2.10240.16384	Task Scheduler COM API
taskschdps.dll	6.2.10240.16384	Task Scheduler Interfaces Proxy
tbauth.dll	6.2.10240.16384	TBAuth protocol handler
tbs.dll	6.2.10240.16384	TBS
tcpipcfg.dll	6.2.10240.16384	Network Configuration Objects
tcpmib.dll	6.2.10240.16384	Standard TCP/IP Port Monitor Helper DLL
tcpmonui.dll	6.2.10240.16384	Standard TCP/IP Port Monitor UI DLL
tdh.dll	6.2.10240.16384	Event Trace Helper Library
termmgr.dll	6.2.10240.16384	Microsoft TAPI3 Terminal Manager
tetheringclient.dll	6.2.10240.16431	Tethering Client
textinputframework.dll
themecpl.dll	6.2.10240.16384	Personalization CPL
themeui.dll	6.2.10240.16384	Windows Theme API
threadpoolwinrt.dll	6.2.10240.16384	Windows WinRT Threadpool
thumbcache.dll	6.2.10240.16384	Microsoft Thumbnail Cache
timebrokerclient.dll	6.2.10240.16384	Time Broker Client Library
timedatemuicallback.dll	6.2.10240.16384	Time Date Control UI Language Change plugin
tlscsp.dll	6.2.10240.16384	Microsoft� Remote Desktop Services Cryptographic Utility
tokenbinding.dll	6.2.10240.16384	Token Binding Protocol
tokenbroker.dll	6.2.10240.16384	Token Broker
tokenbrokerui.dll	6.2.10240.16384	Token Broker UI
tpmcertresources.dll	6.2.10240.16384	TpmCertResources
tpmcompc.dll	6.2.10240.16384	Computer Chooser Dialog
tpmcoreprovisioning.dll	6.2.10240.16384	TPM Core Provisioning Library
tquery.dll	7.0.10240.16431	Microsoft Tripoli Query
traffic.dll	6.2.10240.16384	Microsoft Traffic Control 1.0 DLL
tsbyuv.dll	6.2.10240.16384	Toshiba Video Codec
tschannel.dll	6.2.10240.16384	Task Scheduler Proxy
tsgqec.dll	6.2.10240.16384	RD Gateway QEC
tsmf.dll	6.2.10240.16384	RDP MF Plugin
tspkg.dll	6.2.10240.16384	Web Service Security Package
tsworkspace.dll	6.2.10240.16384	RemoteApp and Desktop Connection Component
ttlsauth.dll	6.2.10240.16384	EAP TTLS run-time dll
ttlscfg.dll	6.2.10240.16384	EAP TTLS configuration dll
ttlsext.dll	6.2.10240.16384	Windows Extension library for EAP TTLS
tvratings.dll	6.2.10240.16384	Module for managing TV ratings
twext.dll	6.2.10240.16384	Previous Versions property page
twinapi.appcore.dll	6.2.10240.16397	twinapi.appcore
twinapi.dll	6.2.10240.16384	twinapi
twinui.appcore.dll	6.2.10240.16412	TWINUI.APPCORE
twinui.dll	6.2.10240.16412	TWINUI
txflog.dll	2001.12.10941.16384	COM+
txfw32.dll	6.2.10240.16384	TxF Win32 DLL
typelib.dll	3.10.0.103	Windows Win16 Application Launcher
tzres.dll	6.2.10240.16384	Time Zones resource DLL
ucmhc.dll	6.2.10240.16384	UCM Helper Class
ucrtbase.dll	6.2.10240.16384	Microsoft� C Runtime Library
udhisapi.dll	6.2.10240.16384	UPnP Device Host ISAPI Extension
uexfat.dll	6.2.10240.16384	eXfat Utility DLL
ufat.dll	6.2.10240.16384	FAT Utility DLL
uianimation.dll	6.2.10240.16384	Windows Animation Manager
uiautomationcore.dll	7.2.10240.16431	Microsoft UI Automation Core
uiautomationcoreres.dll	7.2.10240.16384	Microsoft UI Automation Core Resource
uicom.dll	6.2.10240.16384	Add/Remove Modems
uireng.dll	6.2.10240.16384	UI Recording Engine Library
uiribbon.dll	6.2.10240.16393	Windows Ribbon Framework
uiribbonres.dll	6.2.10240.16393	Windows Ribbon Framework Resources
ulib.dll	6.2.10240.16384	File Utilities Support DLL
umdmxfrm.dll	6.2.10240.16384	Unimodem Tranform Module
unimdmat.dll	6.2.10240.16384	Unimodem Service Provider AT Mini Driver
uniplat.dll	6.2.10240.16384	Unimodem AT Mini Driver Platform Driver for Windows NT
unistore.dll	6.2.10240.16401	Unified Store
untfs.dll	6.2.10240.16384	NTFS Utility DLL
updatepolicy.dll	6.2.10240.16384	Update Policy Reader
upnp.dll	6.2.10240.16384	UPnP Control Point API
upnphost.dll	6.2.10240.16384	UPnP Device Host
urefs.dll	6.2.10240.16384	NTFS Utility DLL
urefsv1.dll	6.2.10240.16384	NTFS Utility DLL
ureg.dll	6.2.10240.16384	Registry Utility DLL
url.dll	11.0.10240.16384	Internet Shortcut Shell Extension DLL
urlmon.dll	11.0.10240.16391	OLE32 Extensions for Win32
usbceip.dll	6.2.10240.16384	USBCEIP Task
usbperf.dll	6.2.10240.16384	USB Performance Objects DLL
usbui.dll	6.2.10240.16384	USB UI Dll
user32.dll	6.2.10240.16384	Multi-User Windows USER API Client DLL
useraccountcontrolsettings.dll	6.2.10240.16384	UserAccountControlSettings
usercpl.dll	6.2.10240.16384	User control panel
userdataaccessres.dll	6.2.10240.16384	Resource DLL for the UserDataAccess stack
userdataaccountapis.dll	6.2.10240.16384	DLL for UserDataAccountsRT
userdatalanguageutil.dll	6.2.10240.16384	Language-related helper functions for user data
userdataplatformhelperutil.dll	6.2.10240.16384	Platform Utilities for data access
userdatatimeutil.dll	6.2.10240.16384	Time-related helper functions for user data
userdatatypehelperutil.dll	6.2.10240.16384	Type Utilities for data access
userdeviceregistration.dll	6.2.10240.16384	AAD User Device Registration WinRT
userdeviceregistration.ngc.dll	6.2.10240.16384	AD/AAD User Device Registration WinRT
userenv.dll	6.2.10240.16384	Userenv
userinitext.dll	6.2.10240.16384	UserInit Utility Extension DLL
userlanguageprofilecallback.dll	6.2.10240.16384	MUI Callback for User Language profile changed
userlanguagescpl.dll	6.2.10240.16384	My Languages Configuration Control Panel
usermgrcli.dll	6.2.10240.16384	UserMgr API DLL
usermgrproxy.dll	6.2.10240.16431	UserMgrProxy
usp10.dll	6.2.10240.16384	Uniscribe Unicode script processor
ustprov.dll	6.2.10240.16384	User State WMI Provider
utildll.dll	6.2.10240.16384	WinStation utility support DLL
uudf.dll	6.2.10240.16384	UDF Utility DLL
uxinit.dll	6.2.10240.16384	Windows User Experience Session Initialization Dll
uxlib.dll	6.2.10240.16384	Setup Wizard Framework
uxlibres.dll	6.2.10240.16384	UXLib Resources
uxtheme.dll	6.2.10240.16397	Microsoft UxTheme Library
van.dll	6.2.10240.16384	View Available Networks
vault.dll	6.2.10240.16384	Windows vault Control Panel
vaultcli.dll	6.2.10240.16384	Credential Vault Client Library
vbajet32.dll	6.0.1.9431	Visual Basic for Applications Development Environment - Expression Service Loader
vbscript.dll	5.812.10240.16384	Microsoft � VBScript
vcardparser.dll	6.2.10240.16384	Supports the parsing of VCard and ICal formatted data
vccorlib110.dll	11.0.50727.1	Microsoft � VC WinRT core library
vccorlib120.dll	12.0.21005.1	Microsoft � VC WinRT core library
vdmdbg.dll	6.2.10240.16384	VDMDBG.DLL
vds_ps.dll	6.2.10240.16384	Microsoft� Virtual Disk Service proxy/stub
vedatalayerhelpers.dll	6.2.10240.16425	Visual Element DataLayer Helpers
veeventdispatcher.dll	6.2.10240.16425	Visual Element Event dispatcher
verifier.dll	6.2.10240.16384	Standard application verifier provider dll
version.dll	6.2.10240.16384	Version Checking and File Installation Libraries
vfwwdm32.dll	6.2.10240.16384	VfW MM Driver for WDM Video Capture Devices
vidreszr.dll	6.2.10240.16384	Windows Media Resizer
virtdisk.dll	6.2.10240.16384	Virtual Disk API DLL
voiceactivationmanager.dll	6.2.10240.16412	Windows Voice Activation Manager
vpnikeapi.dll	6.2.10240.16384	VPN IKE API's
vscmgrps.dll	6.2.10240.16384	Microsoft Virtual Smart Card Manager Proxy/Stub
vss_ps.dll	6.2.10240.16384	Microsoft� Volume Shadow Copy Service proxy/stub
vssapi.dll	6.2.10240.16384	Microsoft� Volume Shadow Copy Requestor/Writer Services API DLL
vsstrace.dll	6.2.10240.16384	Microsoft� Volume Shadow Copy Service Tracing Library
w32topl.dll	6.2.10240.16384	Windows NT Topology Maintenance Tool
wab32.dll	6.2.10240.16384	Microsoft (R) Contacts DLL
wab32res.dll	6.2.10240.16384	Microsoft (R) Contacts DLL
wabsyncprovider.dll	6.2.10240.16384	Microsoft Windows Contacts Sync Provider
walletbackgroundserviceproxy.dll	6.2.10240.16384	Wallet Background Proxy
walletproxy.dll	6.2.10240.16384	Wallet proxy
wavemsp.dll	6.2.10240.16384	Microsoft Wave MSP
wbemcomn.dll	6.2.10240.16384	WMI
wcmapi.dll	6.2.10240.16384	Windows Connection Manager Client API
wcnapi.dll	6.2.10240.16384	Windows Connect Now - API Helper DLL
wcnwiz.dll	6.2.10240.16384	Windows Connect Now Wizards
wcspluginservice.dll	6.2.10240.16384	WcsPlugInService DLL
wdc.dll	6.2.10240.16384	Performance Monitor
wdi.dll	6.2.10240.16384	Windows Diagnostic Infrastructure
wdigest.dll	6.2.10240.16384	Microsoft Digest Access
wdscore.dll	6.2.10240.16384	Panther Engine Module
webcamui.dll	6.2.10240.16384	Microsoft� Windows� Operating System
webcheck.dll	11.0.10240.16384	Web Site Monitor
webclnt.dll	6.2.10240.16384	Web DAV Service DLL
webio.dll	6.2.10240.16384	Web Transfer Protocols API
webservices.dll	6.2.10240.16384	Windows Web Services Runtime
websocket.dll	6.2.10240.16384	Web Socket API
wecapi.dll	6.2.10240.16384	Event Collector Configuration API
wer.dll	6.2.10240.16384	Windows Error Reporting DLL
werdiagcontroller.dll	6.2.10240.16384	WER Diagnostic Controller
weretw.dll
werui.dll	6.2.10240.16384	Windows Error Reporting UI DLL
wevtapi.dll	6.2.10240.16384	Eventing Consumption and Configuration API
wevtfwd.dll	6.2.10240.16384	WS-Management Event Forwarding Plug-in
wfapigp.dll	6.2.10240.16384	Windows Firewall GPO Helper dll
wfdprov.dll	6.2.10240.16384	Private WPS provisioning API DLL for Wi-Fi Direct
wfhc.dll	6.2.10240.16384	Windows Firewall Helper Class
whhelper.dll	6.2.10240.16384	Net shell helper DLL for winHttp
wiaaut.dll	6.2.10240.16384	WIA Automation Layer
wiadefui.dll	6.2.10240.16384	WIA Scanner Default UI
wiadss.dll	6.2.10240.16384	WIA TWAIN compatibility layer
wiascanprofiles.dll	6.2.10240.16384	Microsoft Windows ScanProfiles
wiashext.dll	6.2.10240.16384	Imaging Devices Shell Folder UI
wiatrace.dll	6.2.10240.16384	WIA Tracing
wifidisplay.dll	6.2.10240.16384	Wi-Fi Display DLL
wimgapi.dll	6.2.10240.16401	Windows Imaging Library
winbio.dll	6.2.10240.16384	Windows Biometrics Client API
winbioext.dll	6.2.10240.16384	Windows Biometrics Client Extension API
winbrand.dll	6.2.10240.16384	Windows Branding Resources
wincorlib.dll	6.2.10240.16384	Microsoft Windows � WinRT core library
wincredprovider.dll	6.2.10240.16384	wincredprovider DLL
windows.accountscontrol.dll	6.2.10240.16384	Windows Accounts Control
windows.applicationmodel.background.systemeventsbroker.dll	6.2.10240.16384	Windows Background System Events Broker API Server
windows.applicationmodel.background.timebroker.dll	6.2.10240.16384	Windows Background Time Broker API Server
windows.applicationmodel.core.dll	6.2.10240.16384	Windows Application Model Core API
windows.applicationmodel.dll	6.2.10240.16384	Windows ApplicationModel API Server
windows.applicationmodel.lockscreen.dll	6.2.10240.16425	Windows Lock Application Framework DLL
windows.applicationmodel.store.dll	6.2.10240.16431	Windows Store Runtime DLL
windows.applicationmodel.store.testingframework.dll	6.2.10240.16431	Windows Store Testing Framework Runtime DLL
windows.applicationmodel.wallet.dll	6.2.10240.16384	Windows ApplicationModel Wallet Runtime DLL
windows.data.pdf.dll	6.2.10240.16384	PDF WinRT APIs
windows.devices.alljoyn.dll	6.2.10240.16384	Windows.Devices.AllJoyn DLL
windows.devices.background.dll	6.2.10240.16384	Windows.Devices.Background
windows.devices.background.ps.dll	6.2.10240.16384	Windows.Devices.Background Interface Proxy
windows.devices.bluetooth.dll	6.2.10240.16397	Windows.Devices.Bluetooth DLL
windows.devices.custom.dll	6.2.10240.16384	Windows.Devices.Custom
windows.devices.custom.ps.dll	6.2.10240.16384	Windows.Devices.Custom Interface Proxy
windows.devices.enumeration.dll	6.2.10240.16384	Windows.Devices.Enumeration
windows.devices.humaninterfacedevice.dll	6.2.10240.16384	Windows.Devices.HumanInterfaceDevice DLL
windows.devices.lights.dll	6.2.10240.16384	Windows Runtime Lights DLL
windows.devices.midi.dll	6.2.10240.16384	Windows Runtime MIDI Device server DLL
windows.devices.perception.dll	6.2.10240.16384	Windows Devices Perception API
windows.devices.picker.dll	6.2.10240.16384	Device Picker
windows.devices.pointofservice.dll	6.2.10240.16384	Windows Runtime PointOfService DLL
windows.devices.portable.dll	6.2.10240.16384	Windows Runtime Portable Devices DLL
windows.devices.printers.dll	6.2.10240.16384	Windows Runtime Devices Printers DLL
windows.devices.printers.extensions.dll	6.2.10240.16384	Windows.Devices.Printers.Extensions
windows.devices.radios.dll	6.2.10240.16384	Windows.Devices.Radios DLL
windows.devices.scanners.dll	6.2.10240.16384	Windows Runtime Devices Scanners DLL
windows.devices.sensors.dll	6.2.10240.16392	Windows Runtime Sensors DLL
windows.devices.serialcommunication.dll	6.2.10240.16384	Windows.Devices.SerialCommunication DLL
windows.devices.smartcards.dll	6.2.10240.16384	Windows Runtime Smart Card API DLL
windows.devices.usb.dll	6.2.10240.16384	Windows Runtime Usb DLL
windows.devices.wifi.dll	6.2.10240.16384	Windows.Devices.WiFi DLL
windows.devices.wifidirect.dll	6.2.10240.16384	Windows.Devices.WiFiDirect DLL
windows.energy.dll	6.2.10240.16384	Windows Energy Runtime DLL
windows.gaming.input.dll	6.2.10240.16384	Windows Gaming Input API
windows.gaming.preview.dll	6.2.10240.16384	Windows Gaming API Preview
windows.gaming.xboxlive.storage.dll	6.2.10240.16384	Xbox Connected Storage WinRT implementation
windows.globalization.dll	6.2.10240.16384	Windows Globalization
windows.globalization.fontgroups.dll	6.2.10240.16384	Fonts Mapping API
windows.graphics.dll	6.2.10240.16384	WinRT Windows Graphics DLL
windows.graphics.printing.3d.dll	6.2.10240.16384	Microsoft Windows Printing Support
windows.graphics.printing.dll	6.2.10240.16384	Microsoft Windows Printing Support
windows.internal.bluetooth.dll	6.2.10240.16397	Windows.Internal.Bluetooth DLL
windows.internal.management.dll	6.2.10240.16384	Windows Managent Service DLL
windows.management.lockdown.dll	6.2.10240.16384	Windows Runtime Lockdown Management DLL
windows.management.workplace.workplacesettings.dll	6.2.10240.16384	Windows Runtime WorkplaceSettings DLL
windows.media.audio.dll	6.2.10240.16384	Windows Runtime Window Media Audio server DLL
windows.media.backgroundmediaplayback.dll	6.2.10240.16384	Windows Media BackgroundMediaPlayback DLL
windows.media.devices.dll	6.2.10240.16384	Windows Runtime media device server DLL
windows.media.dll	6.2.10240.16401	Windows Media Runtime DLL
windows.media.editing.dll	6.2.10240.16393	Windows Media Editing DLL
windows.media.faceanalysis.dll	6.2.10240.16384	Microsoft (R) Face Detection DLL
windows.media.import.dll	6.2.10240.16393	Windows Photo Import API (WinRT/COM)
windows.media.mediacontrol.dll	6.2.10240.16384	Windows Runtime MediaControl server DLL
windows.media.ocr.dll	6.2.10240.16384	Windows OCR Runtime DLL
windows.media.playback.backgroundmediaplayer.dll	6.2.10240.16384	Windows Media Playback BackgroundMediaPlayer DLL
windows.media.playback.mediaplayer.dll	6.2.10240.16384	Windows Media Playback MediaPlayer DLL
windows.media.playback.proxystub.dll	6.2.10240.16384	BackgroundMediaPlayer Proxy Stub DLL
windows.media.protection.playready.dll	3.0.2777.0	Microsoft PlayReady Client Framework Dll
windows.media.speech.dll	6.2.10240.16425	Windows Speech Runtime DLL
windows.media.speech.uxres.dll	6.2.10240.16384	Windows Media Speech UX Resources DLL
windows.media.streaming.dll	12.0.10240.16384	DLNA DLL
windows.media.streaming.ps.dll	12.0.10240.16384	DLNA Proxy-Stub DLL
windows.networking.backgroundtransfer.backgroundmanagerpolicy.dll	6.2.10240.16384	Background Transfer Background Manager Policy DLL
windows.networking.backgroundtransfer.dll	6.2.10240.16384	Windows.Networking.BackgroundTransfer DLL
windows.networking.connectivity.dll	6.2.10240.16401	Windows Networking Connectivity Runtime DLL
windows.networking.dll	6.2.10240.16384	Windows.Networking DLL
windows.networking.hostname.dll	6.2.10240.16384	Windows.Networking.HostName DLL
windows.networking.networkoperators.hotspotauthentication.dll	6.2.10240.16384	Microsoft Windows Hotspot Authentication API
windows.networking.proximity.dll	6.2.10240.16384	Windows Runtime Proximity API DLL
windows.networking.servicediscovery.dnssd.dll	6.2.10240.16384	Windows.Networking.ServiceDiscovery.Dnssd DLL
windows.networking.sockets.pushenabledapplication.dll	6.2.10240.16384	Windows.Networking.Sockets.PushEnabledApplication DLL
windows.networking.xboxlive.proxystub.dll	6.2.10240.16384	Windows.Networking.XboxLive Proxy Stub Dll
windows.security.authentication.onlineid.dll	6.2.10240.16384	Windows Runtime OnlineId Authentication DLL
windows.security.authentication.web.core.dll	6.2.10240.16384	Token Broker WinRT API
windows.security.credentials.ui.credentialpicker.dll	6.2.10240.16384	WinRT Credential Picker Server
windows.security.credentials.ui.userconsentverifier.dll	6.2.10240.16384	Windows User Consent Verifier API
windows.shell.search.urihandler.dll	6.2.10240.16384	Windows Search URI Handler
windows.shell.servicehostbuilder.dll	6.2.10240.16384	Windows.Shell.ServiceHostBuilder
windows.speech.pal.dll	6.2.10240.16384	Speech Platform Adaptation Layer DLL
windows.staterepository.dll	6.2.10240.16384	Windows StateRepository API Server
windows.staterepositorybroker.dll	6.2.10240.16384	Windows StateRepository API Broker
windows.staterepositoryclient.dll	6.2.10240.16384	Windows StateRepository API Broker
windows.storage.applicationdata.dll	6.2.10240.16384	Windows Application Data API Server
windows.storage.compression.dll	6.2.10240.16384	WinRT Compression
windows.storage.dll	6.2.10240.16405	Microsoft WinRT Storage API
windows.storage.search.dll	6.2.10240.16384	Windows.Storage.Search
windows.system.diagnostics.dll	6.2.10240.16384	Windows System Diagnostics DLL
windows.system.launcher.dll	6.2.10240.16384	Windows.System.Launcher
windows.system.profile.hardwareid.dll	6.2.10240.16384	Windows System Profile HardwareId DLL
windows.system.profile.retailinfo.dll	6.2.10240.16384	Windows.System.Profile.RetailInfo Runtime DLL
windows.system.profile.systemmanufacturers.dll	6.2.10240.16384	Windows.System.Profile.SystemManufacturers
windows.system.remotedesktop.dll	6.2.10240.16384	Windows System RemoteDesktop Runtime DLL
windows.system.systemmanagement.dll	6.2.10240.16384	Windows Runtime SystemManagement DLL
windows.ui.biofeedback.dll	6.2.10240.16386	Bio Feedback User Experience
windows.ui.blockedshutdown.dll	6.2.10240.16386	Blocked Shutdown User Experience
windows.ui.core.textinput.dll	6.2.10240.16431	Windows.UI.Core.TextInput dll
windows.ui.cred.dll	6.2.10240.16391	Credential Prompt User Experience
windows.ui.dll	6.2.10240.16384	Windows Runtime UI Foundation DLL
windows.ui.immersive.dll	6.2.10240.16397	WINDOWS.UI.IMMERSIVE
windows.ui.input.inking.dll	6.2.10240.16384	WinRT Windows Inking DLL
windows.ui.logon.dll	6.2.10240.16431	Logon User Experience
windows.ui.search.dll	6.2.10240.16386	Windows.UI.Search
windows.ui.xaml.dll	6.2.10240.16431	Windows.UI.Xaml dll
windows.ui.xaml.maps.dll	6.2.10240.16384	Windows UI XAML Maps API
windows.ui.xaml.phone.dll	6.2.10240.16384	Windows UI XAML Phone API
windows.ui.xaml.resources.dll	6.2.10240.16384	Windows.UI.Xaml.Resources dll
windows.web.diagnostics.dll	6.2.10240.16384	Windows.Web.Diagnostics
windows.web.dll	6.2.10240.16384	Web Client DLL
windows.web.http.dll	6.2.10240.16384	Windows.Web.Http DLL
windowscodecs.dll	6.2.10240.16384	Microsoft Windows Codecs Library
windowscodecsext.dll	6.2.10240.16384	Microsoft Windows Codecs Extended Library
windowscodecsraw.dll	6.2.10240.16384	Microsoft Camera Codec Pack
windowslivelogin.dll	6.2.10240.16384	Microsoft� Account Login Helper
winfax.dll	6.2.10240.16384	Microsoft Fax API Support DLL
winhttp.dll	6.2.10240.16391	Windows HTTP Services
wininet.dll	11.0.10240.16391	Internet Extensions for Win32
wininitext.dll	6.2.10240.16384	WinInit Utility Extension DLL
winipcfile.dll	6.2.10240.16384	Microsoft Active Directory Rights Management Services File API
winipcsecproc.dll	6.2.10240.16384	Microsoft Active Directory Rights Management Services Desktop Security Processor
winipcsecproc_ssp.dll	6.2.10240.16384	Microsoft Active Directory Rights Management Services Server Security Processor
winipsec.dll	6.2.10240.16384	Windows IPsec SPD Client DLL
winlangdb.dll	6.2.10240.16384	Windows Bcp47 Language Database
winmde.dll	12.0.10240.16412	WinMDE DLL
winmm.dll	6.2.10240.16384	MCI API DLL
winmmbase.dll	6.2.10240.16384	Base Multimedia Extension API DLL
winmsipc.dll	6.2.10240.16384	Microsoft Active Directory Rights Management Services Client
winmsoirmprotector.dll	6.2.10240.16384	Windows Office file format IRM Protector
winnlsres.dll	6.2.10240.16384	NLSBuild resource DLL
winnsi.dll	6.2.10240.16384	Network Store Information RPC interface
winopcirmprotector.dll	6.2.10240.16384	Windows Office file format IRM Protector
winrnr.dll	6.2.10240.16384	LDAP RnR Provider DLL
winrscmd.dll	6.2.10240.16384	remtsvc
winrsmgr.dll	6.2.10240.16384	WSMan Shell API
winrssrv.dll	6.2.10240.16384	winrssrv
winrttracing.dll	6.2.10240.16384	Windows Diagnostics Tracing
winsatapi.dll	6.2.10240.16384	Windows System Assessment Tool API
winscard.dll	6.2.10240.16384	Microsoft Smart Card API
winshfhc.dll	6.2.10240.16384	File Risk Estimation
winsku.dll	6.2.10240.16384	Windows SKU Library
winsockhc.dll	6.2.10240.16384	Winsock Network Diagnostic Helper Class
winsqlite3.dll	3.8.8.3	SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine.
winsrpc.dll	6.2.10240.16384	WINS RPC LIBRARY
winsta.dll	6.2.10240.16384	Winstation Library
winsync.dll	2007.94.10240.16384	Synchronization Framework
winsyncmetastore.dll	2007.94.10240.16384	Windows Synchronization Metadata Store
winsyncproviders.dll	2007.94.10240.16384	Windows Synchronization Provider Framework
wintrust.dll	6.2.10240.16385	Microsoft Trust Verification APIs
wintypes.dll	6.2.10240.16384	Windows Base Types DLL
winusb.dll	6.2.10240.16384	Windows USB Driver User Library
wisp.dll	6.2.10240.16384	Microsoft Pen and Touch Input Component
wkscli.dll	6.2.10240.16384	Workstation Service Client DLL
wkspbrokerax.dll	6.2.10240.16384	Microsoft Workspace Broker ActiveX Control
wksprtps.dll	6.2.10240.16384	WorkspaceRuntime ProxyStub DLL
wlanapi.dll	6.2.10240.16384	Windows WLAN AutoConfig Client Side API DLL
wlancfg.dll	6.2.10240.16384	Wlan Netsh Helper DLL
wlanconn.dll	6.2.10240.16384	Dot11 Connection Flows
wlandlg.dll	6.2.10240.16384	Wireless Lan Dialog Wizards
wlangpui.dll	6.2.10240.16384	Wireless Network Policy Management Snap-in
wlanhlp.dll	6.2.10240.16384	Windows Wireless LAN 802.11 Client Side Helper API
wlanmm.dll	6.2.10240.16384	Dot11 Media and AdHoc Managers
wlanmsm.dll	6.2.10240.16384	Windows Wireless LAN 802.11 MSM DLL
wlanpref.dll	6.2.10240.16384	Wireless Preferred Networks
wlansec.dll	6.2.10240.16384	Windows Wireless LAN 802.11 MSM Security Module DLL
wlanui.dll	6.2.10240.16384	Wireless Profile UI
wlanutil.dll	6.2.10240.16384	Windows Wireless LAN 802.11 Utility DLL
wldap32.dll	6.2.10240.16384	Win32 LDAP API DLL
wldp.dll	6.2.10240.16384	Windows Lockdown Policy
wlgpclnt.dll	6.2.10240.16384	802.11 Group Policy Client
wlidcli.dll	6.2.10240.16384	Microsoft� Account Dynamic Link Library
wlidcredprov.dll	6.2.10240.16384	Microsoft� Account Credential Provider
wlidfdp.dll	6.2.10240.16384	Microsoft� Account Function Discovery Provider
wlidnsp.dll	6.2.10240.16384	Microsoft� Account Namespace Provider
wlidprov.dll	6.2.10240.16384	Microsoft� Account Provider
wlidres.dll	6.2.10240.16384	Microsoft� Windows Live ID Resource
wls0wndh.dll	6.2.10240.16384	Session0 Viewer Window Hook DLL
wmadmod.dll	6.2.10240.16384	Windows Media Audio Decoder
wmadmoe.dll	6.2.10240.16384	Windows Media Audio 10 Encoder/Transcoder
wmasf.dll	12.0.10240.16384	Windows Media ASF DLL
wmcodecdspps.dll	6.2.10240.16384	Windows Media CodecDSP Proxy Stub Dll
wmdmlog.dll	12.0.10240.16384	Windows Media Device Manager Logger
wmdmps.dll	12.0.10240.16384	Windows Media Device Manager Proxy Stub
wmdrmdev.dll	12.0.10240.16384	Windows Media DRM for Network Devices Registration DLL
wmdrmnet.dll	12.0.10240.16384	Windows Media DRM for Network Devices DLL
wmdrmsdk.dll	11.0.10240.16384	Windows Media DRM SDK DLL
wmerror.dll	12.0.10240.16384	Windows Media Error Definitions (English)
wmi.dll	6.2.10240.16384	WMI DC and DP functionality
wmiclnt.dll	6.2.10240.16384	WMI Client API
wmidcom.dll	6.2.10240.16384	WMI
wmidx.dll	12.0.10240.16384	Windows Media Indexer DLL
wmiprop.dll	6.2.10240.16384	WDM Provider Dynamic Property Page CoInstaller
wmitomi.dll	6.2.10240.16384	CIM Provider Adapter
wmnetmgr.dll	12.0.10240.16384	Windows Media Network Plugin Manager DLL
wmp.dll	12.0.10240.16397	Windows Media Player
wmpdui.dll	12.0.10240.16384	Windows Media Player UI Engine
wmpdxm.dll	12.0.10240.16384	Windows Media Player Extension
wmpeffects.dll	12.0.10240.16384	Windows Media Player Effects
wmphoto.dll	6.2.10240.16384	Windows Media Photo Codec
wmploc.dll	12.0.10240.16384	Windows Media Player Resources
wmpps.dll	12.0.10240.16384	Windows Media Player Proxy Stub Dll
wmpshell.dll	12.0.10240.16384	Windows Media Player Launcher
wmsgapi.dll	6.2.10240.16384	WinLogon IPC Client
wmspdmod.dll	6.2.10240.16384	Windows Media Audio Voice Decoder
wmspdmoe.dll	6.2.10240.16384	Windows Media Audio Voice Encoder
wmvcore.dll	12.0.10240.16384	Windows Media Playback/Authoring DLL
wmvdecod.dll	6.2.10240.16384	Windows Media Video Decoder
wmvdspa.dll	6.2.10240.16384	Windows Media Video DSP Components - Advanced
wmvencod.dll	6.2.10240.16384	Windows Media Video 9 Encoder
wmvsdecd.dll	6.2.10240.16384	Windows Media Screen Decoder
wmvsencd.dll	6.2.10240.16384	Windows Media Screen Encoder
wmvxencd.dll	6.2.10240.16384	Windows Media Video Encoder
wofutil.dll	6.2.10240.16384	Windows Overlay File System Filter user mode API
wordbreakers.dll
workfoldersres.dll	6.2.9200.16384	Work Folders Resources
wow32.dll	6.2.10240.16384	Wow32
wpbcreds.dll	6.2.10240.16384	WP 8.1 upgrade support utility
wpc.dll	6.2.10240.16384	WPC Settings Library
wpdshext.dll	6.2.10240.16384	Portable Devices Shell Extension
wpdshserviceobj.dll	6.2.10240.16384	Windows Portable Device Shell Service Object
wpdsp.dll	6.2.10240.16384	WMDM Service Provider for Windows Portable Devices
wpkbdlayout.dll
wpnapps.dll	6.2.10240.16412	Windows Push Notification Apps
wpportinglibrary.dll	6.2.10240.16384	<d> DLL
ws2_32.dll	6.2.10240.16384	Windows Socket 2.0 32-Bit DLL
ws2help.dll	6.2.10240.16384	Windows Socket 2.0 Helper for Windows NT
wscapi.dll	6.2.10240.16384	Windows Security Center API
wscinterop.dll	6.2.10240.16384	Windows Health Center WSC Interop
wscisvif.dll	6.2.10240.16384	Windows Security Center ISV API
wsclient.dll	6.2.10240.16384	Windows Store Licensing Client
wscproxystub.dll	6.2.10240.16384	Windows Security Center ISV Proxy Stub
wsdapi.dll	6.2.10240.16384	Web Services for Devices API DLL
wsdchngr.dll	6.2.10240.16384	WSD Challenge Component
wsecedit.dll	6.2.10240.16384	Security Configuration UI Module
wshbth.dll	6.2.10240.16384	Windows Sockets Helper DLL
wshcon.dll	5.812.10240.16384	Microsoft � Windows Script Controller
wshelper.dll	6.2.10240.16384	Winsock Net shell helper DLL for winsock
wshext.dll	5.812.10240.16384	Microsoft � Shell Extension for Windows Script Host
wship6.dll	6.2.10240.16384	Winsock2 Helper DLL (TL/IPv6)
wshirda.dll	6.2.10240.16384	Windows Sockets Helper DLL
wshqos.dll	6.2.10240.16384	QoS Winsock2 Helper DLL
wshrm.dll	6.2.10240.16384	Windows Sockets Helper DLL for PGM
wshtcpip.dll	6.2.10240.16384	Winsock2 Helper DLL (TL/IPv4)
wsmagent.dll	6.2.10240.16384	WinRM Agent
wsmanmigrationplugin.dll	6.2.10240.16384	WinRM Migration Plugin
wsmauto.dll	6.2.10240.16384	WSMAN Automation
wsmplpxy.dll	6.2.10240.16384	wsmplpxy
wsmres.dll	6.2.10240.16384	WSMan Resource DLL
wsmsvc.dll	6.2.10240.16384	WSMan Service
wsmwmipl.dll	6.2.10240.16384	WSMAN WMI Provider
wsnmp32.dll	6.2.10240.16384	Microsoft WinSNMP v2.0 Manager API
wsock32.dll	6.2.10240.16384	Windows Socket 32-Bit DLL
wsp_fs.dll	6.2.10240.16384	Windows Storage Provider for FileShare management
wsp_health.dll	6.2.10240.16384	Windows Storage Provider for Health Agent API
wsp_sr.dll	6.2.10240.16384	Windows Storage Provider for Storage Replication management
wsshared.dll	6.2.10240.16384	WSShared DLL
wssync.dll	6.2.10240.16384	Windows Store Licensing Sync Client
wtsapi32.dll	6.2.10240.16384	Windows Remote Desktop Session Host Server SDK APIs
wuapi.dll	6.2.10240.16397	Windows Update Client API
wudriver.dll	6.2.10240.16384	Windows Update WUDriver Stub
wups.dll	6.2.10240.16384	Windows Update client proxy stub
wvc.dll	6.2.10240.16384	Windows Visual Components
wwaapi.dll	6.2.10240.16384	Microsoft Web Application Host API library
wwaext.dll	6.2.10240.16384	Microsoft Web Application Host Extension library
wwanapi.dll	6.2.10240.16384	Mbnapi
wwapi.dll	8.1.10240.16384	WWAN API
xamldiagnostics.dll	6.2.10240.16384	Xaml Diagnostics
xaudio2_8.dll	6.2.10240.16384	XAudio2 Game Audio API
xaudio2_9.dll	6.2.10240.16384	XAudio2 Game Audio API
xblauthmanagerproxy.dll	6.2.10240.16384	XblAuthManagerProxy
xblauthtokenbrokerext.dll	6.2.10240.16384	Xbox Live Token Broker Extension
xblgamesaveproxy.dll	6.2.10240.16384	Xbox Connected Storage Service Proxies and Stubs
xinput1_4.dll	6.2.10240.16384	Microsoft Common Controller API
xinput9_1_0.dll	6.2.10240.16384	XNA Common Controller
xinputuap.dll	6.2.10240.16384	Microsoft Common Controller API
xmlfilter.dll	2008.0.10240.16384	XML Filter
xmllite.dll	6.2.10240.16384	Microsoft XmlLite Library
xmlprovi.dll	6.2.10240.16384	Network Provisioning Service Client API
xolehlp.dll	2001.12.10941.16384	Microsoft Distributed Transaction Coordinator Helper APIs DLL
xpsdocumenttargetprint.dll	6.2.10240.16384	XPS DocumentTargetPrint DLL
xpsfilt.dll	6.2.10240.16384	XML Paper Specification Document IFilter
xpsgdiconverter.dll	6.2.10240.16384	XPS to GDI Converter
xpsprint.dll	6.2.10240.16384	XPS Printing DLL
xpsrasterservice.dll	6.2.10240.16384	XPS Rasterization Service Component
xpsservices.dll	6.2.10240.16384	Xps Object Model in memory creation and deserialization
xpsshhdr.dll	6.2.10240.16384	OPC Shell Metadata Handler
xwizards.dll	6.2.10240.16384	Extensible Wizards Manager Module
xwreg.dll	6.2.10240.16384	Extensible Wizard Registration Manager Module
xwtpdui.dll	6.2.10240.16384	Extensible Wizard Type Plugin for DUI
xwtpw32.dll	6.2.10240.16384	Extensible Wizard Type Plugin for Win32
zipfldr.dll	6.2.10240.16384	Compressed (zipped) Folders
ztrace_ca.dll	6.2.10240.16384	Ztrace_ca DLL
ztrace_maps.dll	6.2.10240.16384	ZTrace Event Resources

Certificates


[ Certificate Authorities / Microsoft IT SSL SHA2 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	A9 9A 27 07
		Validity	19/12/2013 - 19/12/2017
		MD5 Hash	8C1214A3C3A222F6F5E9A67E37756254
		SHA1 Hash	948E1652586240D453287AB69CAEB8F2F4F02117

	Issuer Properties:
		Common Name	Baltimore CyberTrust Root
		Organization	Baltimore
		Organizational Unit	CyberTrust
		Country	Ireland

	Subject Properties:
		Common Name	Microsoft IT SSL SHA2
		Organization	Microsoft Corporation
		Organizational Unit	Microsoft IT
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Certificate Authorities / Microsoft Windows Hardware Compatibility ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	A0 69 FE 8F 9A 3F D1 11 8B 19
		Validity	01/10/1997 - 31/12/2002
		MD5 Hash	09C254BDE4EA50F26D1497F29C51AF6D
		SHA1 Hash	109F1CAED645BB78B3EA2B94C0697C740733031C

	Issuer Properties:
		Common Name	Microsoft Root Authority
		Organizational Unit	Copyright (c) 1997 Microsoft Corp.
		Organizational Unit	Microsoft Corporation

	Subject Properties:
		Common Name	Microsoft Windows Hardware Compatibility
		Organizational Unit	Copyright (c) 1997 Microsoft Corp.
		Organizational Unit	Microsoft Windows Hardware Compatibility Intermediate CA
		Organizational Unit	Microsoft Corporation

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Certificate Authorities / Root Agency ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	F4 35 5C AA D4 B8 CF 11 8A 64 00 AA 00 6C 37 06
		Validity	29/05/1996 - 01/01/2040
		MD5 Hash	C0A723F0DA35026B21EDB17597F1D470
		SHA1 Hash	FEE449EE0E3965A5246F000E87FDE2A065FD89D4

	Issuer Properties:
		Common Name	Root Agency

	Subject Properties:
		Common Name	Root Agency

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Certificate Authorities / www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	8F 07 93 3F 23 98 60 92 0F 2F D0 B4 BA EB FC 46
		Validity	17/04/1997 - 25/10/2016
		MD5 Hash	ACD80EA27BB72CE700DC22724A5F1E92
		SHA1 Hash	D559A586669B08F46A30A133F8A9ED3D038E2EA8

	Issuer Properties:
		Organization	VeriSign, Inc.
		Organizational Unit	Class 3 Public Primary Certification Authority
		Country	United States

	Subject Properties:
		Organization	VeriSign Trust Network
		Organizational Unit	VeriSign, Inc.
		Organizational Unit	VeriSign International Server CA - Class 3

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Baltimore CyberTrust Root ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	B9 00 00 02
		Validity	12/05/2000 - 13/05/2025
		MD5 Hash	ACB694A59C17E0D791529BB19706A6E4
		SHA1 Hash	D4DE20D05E66FC53FE1A50882C78DB2852CAE474

	Issuer Properties:
		Common Name	Baltimore CyberTrust Root
		Organization	Baltimore
		Organizational Unit	CyberTrust
		Country	Ireland

	Subject Properties:
		Common Name	Baltimore CyberTrust Root
		Organization	Baltimore
		Organizational Unit	CyberTrust
		Country	Ireland

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / DigiCert ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	39 30 F0 1B FC 60 E5 8F FE 46 D8 17 E5 E0 E7 0C
		Validity	10/11/2006 - 10/11/2031
		MD5 Hash	87CE0B7B2A0E4900E158719B37A89372
		SHA1 Hash	0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

	Issuer Properties:
		Common Name	DigiCert Assured ID Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Subject Properties:
		Common Name	DigiCert Assured ID Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / DigiCert ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	4A C7 91 59 C9 6A 75 A1 B1 46 42 90 56 E0 3B 08
		Validity	10/11/2006 - 10/11/2031
		MD5 Hash	79E4A9840D7D3A96D7C04FE2434C892E
		SHA1 Hash	A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436

	Issuer Properties:
		Common Name	DigiCert Global Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Subject Properties:
		Common Name	DigiCert Global Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / DigiCert ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	77 25 46 AE F2 79 0B 8F 9B 40 0B 6A 26 5C AC 02
		Validity	10/11/2006 - 10/11/2031
		MD5 Hash	D474DE575C39B2D39C8583C5C065498A
		SHA1 Hash	5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25

	Issuer Properties:
		Common Name	DigiCert High Assurance EV Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Subject Properties:
		Common Name	DigiCert High Assurance EV Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Entrust (2048) ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	F8 DE 63 38
		Validity	24/12/1999 - 24/07/2029
		MD5 Hash	EE2931BC327E9AE6E8B5F751B4347190
		SHA1 Hash	503006091D97D4F5AE39F7CBE7927D7D652D3431

	Issuer Properties:
		Common Name	Entrust.net Certification Authority (2048)
		Organization	Entrust.net
		Organizational Unit	www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)
		Organizational Unit	(c) 1999 Entrust.net Limited

	Subject Properties:
		Common Name	Entrust.net Certification Authority (2048)
		Organization	Entrust.net
		Organizational Unit	www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)
		Organizational Unit	(c) 1999 Entrust.net Limited

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GeoTrust Global CA ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	56 34 02
		Validity	21/05/2002 - 21/05/2022
		MD5 Hash	F775AB29FB514EB7775EFF053C998EF5
		SHA1 Hash	DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212

	Issuer Properties:
		Common Name	GeoTrust Global CA
		Organization	GeoTrust Inc.
		Country	United States

	Subject Properties:
		Common Name	GeoTrust Global CA
		Organization	GeoTrust Inc.
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GeoTrust Primary Certification Authority - G3 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	1F 0F 18 C3 A9 27 F6 41 4B 79 B2 19 94 6E AC 15
		Validity	02/04/2008 - 02/12/2037
		MD5 Hash	B5E83436C910445848706D2E83D4B805
		SHA1 Hash	039EEDB80BE7A03C6953893B20D2D9323A4C2AFD

	Issuer Properties:
		Common Name	GeoTrust Primary Certification Authority - G3
		Organization	GeoTrust Inc.
		Organizational Unit	(c) 2008 GeoTrust Inc. - For authorized use only
		Country	United States

	Subject Properties:
		Common Name	GeoTrust Primary Certification Authority - G3
		Organization	GeoTrust Inc.
		Organizational Unit	(c) 2008 GeoTrust Inc. - For authorized use only
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GeoTrust ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	CF F4 DE 35
		Validity	22/08/1998 - 22/08/2018
		MD5 Hash	67CB9DC013248A829BB2171ED11BECD4
		SHA1 Hash	D23209AD23D314232174E40D7F9D62139786633A

	Issuer Properties:
		Organization	Equifax
		Organizational Unit	Equifax Secure Certificate Authority
		Country	United States

	Subject Properties:
		Organization	Equifax
		Organizational Unit	Equifax Secure Certificate Authority
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GlobalSign ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	94 C3 5A 4B 15 01 00 00 00 00 04
		Validity	01/09/1998 - 28/01/2028
		MD5 Hash	3E455215095192E1B75D379FB187298A
		SHA1 Hash	B1BC968BD4F49D622AA89A81F2150152A41D829C

	Issuer Properties:
		Common Name	GlobalSign Root CA
		Organization	GlobalSign nv-sa
		Organizational Unit	Root CA
		Country	Belgium

	Subject Properties:
		Common Name	GlobalSign Root CA
		Organization	GlobalSign nv-sa
		Organizational Unit	Root CA
		Country	Belgium

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Go Daddy Class 2 Certification Authority ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	00
		Validity	29/06/2004 - 29/06/2034
		MD5 Hash	91DE0625ABDAFD32170CBB25172A8467
		SHA1 Hash	2796BAE63F1801E277261BA0D77770028F20EEE4

	Issuer Properties:
		Organization	The Go Daddy Group, Inc.
		Organizational Unit	Go Daddy Class 2 Certification Authority
		Country	United States

	Subject Properties:
		Organization	The Go Daddy Group, Inc.
		Organizational Unit	Go Daddy Class 2 Certification Authority
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GTE CyberTrust Global Root ]

	Certificate Properties:
		Version	V1
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	A5 01
		Validity	13/08/1998 - 14/08/2018
		MD5 Hash	CA3DD368F1035CD032FAB82B59E85ADB
		SHA1 Hash	97817950D81C9670CC34D809CF794431367EF474

	Issuer Properties:
		Common Name	GTE CyberTrust Global Root
		Organization	GTE Corporation
		Organizational Unit	GTE CyberTrust Solutions, Inc.
		Country	United States

	Subject Properties:
		Common Name	GTE CyberTrust Global Root
		Organization	GTE Corporation
		Organizational Unit	GTE CyberTrust Solutions, Inc.
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Authenticode(tm) Root ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	01
		Validity	01/01/1995 - 01/01/2000
		MD5 Hash	DC6D6FAF897CDD17332FB5BA9035E9CE
		SHA1 Hash	7F88CD7223F3C813818C994614A89C99FA3B5247

	Issuer Properties:
		Common Name	Microsoft Authenticode(tm) Root Authority
		Organization	MSFT
		Country	United States

	Subject Properties:
		Common Name	Microsoft Authenticode(tm) Root Authority
		Organization	MSFT
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Root Authority ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	40 DF EC 63 F6 3E D1 11 88 3C 3C 8B 00 C1 00
		Validity	10/01/1997 - 31/12/2020
		MD5 Hash	2A954ECA79B2874573D92D90BAF99FB6
		SHA1 Hash	A43489159A520F0D93D032CCAF37E7FE20A8B419

	Issuer Properties:
		Common Name	Microsoft Root Authority
		Organizational Unit	Copyright (c) 1997 Microsoft Corp.
		Organizational Unit	Microsoft Corporation

	Subject Properties:
		Common Name	Microsoft Root Authority
		Organizational Unit	Copyright (c) 1997 Microsoft Corp.
		Organizational Unit	Microsoft Corporation

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Root Certificate Authority 2010 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	AA 39 43 6B 58 9B 9A 44 AC 44 BA BF 25 3A CC 28
		Validity	24/06/2010 - 24/06/2035
		MD5 Hash	A266BB7DCC38A562631361BBF61DD11B
		SHA1 Hash	3B1EFD3A66EA28B16697394703A72CA340A05BD5

	Issuer Properties:
		Common Name	Microsoft Root Certificate Authority 2010
		Organization	Microsoft Corporation
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Subject Properties:
		Common Name	Microsoft Root Certificate Authority 2010
		Organization	Microsoft Corporation
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Root Certificate Authority 2011 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	44 E1 42 6C D6 69 B5 43 96 B2 9F FC B5 C8 8B 3F
		Validity	23/03/2011 - 23/03/2036
		MD5 Hash	CE0490D5E56C34A5AE0BE98BE581185D
		SHA1 Hash	8F43288AD272F3103B6FB1428485EA3014C0BCFE

	Issuer Properties:
		Common Name	Microsoft Root Certificate Authority 2011
		Organization	Microsoft Corporation
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Subject Properties:
		Common Name	Microsoft Root Certificate Authority 2011
		Organization	Microsoft Corporation
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Root Certificate Authority ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	65 2E 13 07 F4 58 73 4C AD A5 A0 4A A1 16 AD 79
		Validity	10/05/2001 - 10/05/2021
		MD5 Hash	E1C07EA0AABBD4B77B84C228117808A7
		SHA1 Hash	CDD4EEAE6000AC7F40C3802C171E30148030C072

	Issuer Properties:
		Common Name	Microsoft Root Certificate Authority

	Subject Properties:
		Common Name	Microsoft Root Certificate Authority

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Timestamp Root ]

	Certificate Properties:
		Version	V1
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	01
		Validity	13/05/1997 - 31/12/1999
		MD5 Hash	556EBEF54C1D7C0360C43418BC9649C1
		SHA1 Hash	245C97DF7514E7CF2DF8BE72AE957B9E04741E85

	Issuer Properties:
		Organization	Microsoft Trust Network
		Organizational Unit	Microsoft Corporation
		Organizational Unit	Microsoft Time Stamping Service Root

	Subject Properties:
		Organization	Microsoft Trust Network
		Organizational Unit	Microsoft Corporation
		Organizational Unit	Microsoft Time Stamping Service Root

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / QuoVadis Root Certification Authority ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	8B 50 B6 3A
		Validity	19/03/2001 - 17/03/2021
		MD5 Hash	27DE36FE72B70003009DF4F01E6C0424
		SHA1 Hash	DE3F40BD5093D39B6C60F6DABC076201008976C9

	Issuer Properties:
		Common Name	QuoVadis Root Certification Authority
		Organization	QuoVadis Limited
		Organizational Unit	Root Certification Authority
		Country	Bermuda

	Subject Properties:
		Common Name	QuoVadis Root Certification Authority
		Organization	QuoVadis Limited
		Organizational Unit	Root Certification Authority
		Country	Bermuda

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / StartCom Certification Authority G2 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	3B
		Validity	01/01/2010 - 01/01/2040
		MD5 Hash	784BFB9E64820AD3B84C62F364F29064
		SHA1 Hash	31F1FD68226320EEC63B3F9DEA4A3E537C7C3917

	Issuer Properties:
		Common Name	StartCom Certification Authority G2
		Organization	StartCom Ltd.
		Country	Israel

	Subject Properties:
		Common Name	StartCom Certification Authority G2
		Organization	StartCom Ltd.
		Country	Israel

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Symantec Enterprise Mobile Root for Microsoft ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	CE D8 F4 BD A9 29 66 0F 7B 90 BF 9E 2F 55 6B 0F
		Validity	15/03/2012 - 15/03/2032
		MD5 Hash	71D0A5FF2D59741694BEE37D1E5C860B
		SHA1 Hash	92B46C76E13054E104F230517E6E504D43AB10B5

	Issuer Properties:
		Common Name	Symantec Enterprise Mobile Root for Microsoft
		Organization	Symantec Corporation
		Country	United States

	Subject Properties:
		Common Name	Symantec Enterprise Mobile Root for Microsoft
		Organization	Symantec Corporation
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Thawte Timestamping CA ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	00
		Validity	01/01/1997 - 01/01/2021
		MD5 Hash	7F667A71D3EB6978209A51149D83DA20
		SHA1 Hash	BE36A4562FB2EE05DBB3D32323ADF445084ED656

	Issuer Properties:
		Common Name	Thawte Timestamping CA
		Organization	Thawte
		Organizational Unit	Thawte Certification
		Country	South Africa
		Locality Name	Durbanville
		State/Province	Western Cape

	Subject Properties:
		Common Name	Thawte Timestamping CA
		Organization	Thawte
		Organizational Unit	Thawte Certification
		Country	South Africa
		Locality Name	Durbanville
		State/Province	Western Cape

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / thawte ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	6D 2B DB 37 CE 2F F4 49 EC ED D5 20 57 D5 4E 34
		Validity	17/11/2006 - 17/07/2036
		MD5 Hash	8CCADC0B22CEF5BE72AC411A11A8D812
		SHA1 Hash	91C6D6EE3E8AC86384E548C299295C756C817B81

	Issuer Properties:
		Common Name	thawte Primary Root CA
		Organization	thawte, Inc.
		Organizational Unit	Certification Services Division
		Organizational Unit	(c) 2006 thawte, Inc. - For authorized use only
		Country	United States

	Subject Properties:
		Common Name	thawte Primary Root CA
		Organization	thawte, Inc.
		Organizational Unit	Certification Services Division
		Organizational Unit	(c) 2006 thawte, Inc. - For authorized use only
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / USERTrust ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	69 AD A9 06 68 2A D3 11 B4 21 00 50 8B 0C BE 44
		Validity	24/06/1999 - 24/06/2019
		MD5 Hash	B3A53E77216DAC4AC0C9FBD5413DCA06
		SHA1 Hash	58119F0E128287EA50FDD987456F4F78DCFAD6D4

	Issuer Properties:
		Common Name	UTN - DATACorp SGC
		Organization	The USERTRUST Network
		Organizational Unit	http://www.usertrust.com
		Country	United States
		Locality Name	Salt Lake City
		State/Province	UT

	Subject Properties:
		Common Name	UTN - DATACorp SGC
		Organization	The USERTRUST Network
		Organizational Unit	http://www.usertrust.com
		Country	United States
		Locality Name	Salt Lake City
		State/Province	UT

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / USERTrust ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	01
		Validity	30/05/2000 - 30/05/2020
		MD5 Hash	1D3554048578B03F42424DBF20730A3F
		SHA1 Hash	02FAF3E291435468607857694DF5E45B68851868

	Issuer Properties:
		Common Name	AddTrust External CA Root
		Organization	AddTrust AB
		Organizational Unit	AddTrust External TTP Network
		Country	Sweden

	Subject Properties:
		Common Name	AddTrust External CA Root
		Organization	AddTrust AB
		Organizational Unit	AddTrust External TTP Network
		Country	Sweden

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / VeriSign Class 3 Public Primary CA ]

	Certificate Properties:
		Version	V1
		Signature Algorithm	MD2 RSA (1.2.840.113549.1.1.2)
		Serial Number	BF BA CC 03 7B CA 38 B6 34 29 D9 10 1D E4 BA 70
		Validity	29/01/1996 - 02/08/2028
		MD5 Hash	10FC635DF6263E0DF325BE5F79CD6767
		SHA1 Hash	742C3192E607E424EB4549542BE1BBC53E6174E2

	Issuer Properties:
		Organization	VeriSign, Inc.
		Organizational Unit	Class 3 Public Primary Certification Authority
		Country	United States

	Subject Properties:
		Organization	VeriSign, Inc.
		Organizational Unit	Class 3 Public Primary Certification Authority
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / VeriSign Time Stamping CA ]

	Certificate Properties:
		Version	V1
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	A3 DC 5D 15 5F 73 5D A5 1C 59 82 8C 38 D2 19 4A
		Validity	12/05/1997 - 08/01/2004
		MD5 Hash	EBB04F1D3A2E372F1DDA6E27D6B680FA
		SHA1 Hash	18F7C1FCC3090203FD5BAA2F861A754976C8DD25

	Issuer Properties:
		Organization	VeriSign Trust Network
		Organizational Unit	VeriSign, Inc.
		Organizational Unit	VeriSign Time Stamping Service Root
		Organizational Unit	NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.

	Subject Properties:
		Organization	VeriSign Trust Network
		Organizational Unit	VeriSign, Inc.
		Organizational Unit	VeriSign Time Stamping Service Root
		Organizational Unit	NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / VeriSign ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	4A 3B 6B CC CD 58 21 4A BB E8 7D 26 9E D1 DA 18
		Validity	08/11/2006 - 17/07/2036
		MD5 Hash	CB17E431673EE209FE455793F30AFA1C
		SHA1 Hash	4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5

	Issuer Properties:
		Common Name	VeriSign Class 3 Public Primary Certification Authority - G5
		Organization	VeriSign, Inc.
		Organizational Unit	VeriSign Trust Network
		Organizational Unit	(c) 2006 VeriSign, Inc. - For authorized use only
		Country	United States

	Subject Properties:
		Common Name	VeriSign Class 3 Public Primary Certification Authority - G5
		Organization	VeriSign, Inc.
		Organizational Unit	VeriSign Trust Network
		Organizational Unit	(c) 2006 VeriSign, Inc. - For authorized use only
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

UpTime


Current Session:
	Last Shutdown Time	26/08/2015 12:03:20
	Last Boot Time	27/08/2015 16:42:34
	Current Time	27/08/2015 17:52:30
	UpTime	4234 sec (0 days, 1 hours, 10 min, 34 sec)

UpTime Statistics:
	First Boot Time	20/08/2015 15:27:20
	First Shutdown Time	20/08/2015 15:26:34
	Total UpTime	478088 sec (5 days, 12 hours, 48 min, 8 sec)
	Total DownTime	135498 sec (1 days, 13 hours, 38 min, 18 sec)
	Longest UpTime	470068 sec (5 days, 10 hours, 34 min, 28 sec)
	Longest DownTime	103154 sec (1 days, 4 hours, 39 min, 14 sec)
	Total Reboots	5
	System Availability	77.92%

Bluescreen Statistics:
	First Bluescreen Time	20/08/2015 15:40:48
	Last Bluescreen Time	27/08/2015 16:42:39
	Total Bluescreens	3

Information:
	Information	The above statistics are based on System Event Log entries


Share Name	Type	Remark	Local Path
ADMIN$	Folder	Remote Admin	C:\Windows
C$	Folder	Default share	C:\
IPC$	IPC	Remote IPC

Account Security


Account Security Properties:
	Computer Role	Primary
	Domain Name	LAPTOP-5DNN8R19
	Primary Domain Controller	Not Specified
	Forced Logoff Time	Disabled
	Min / Max Password Age	0 / 42 days
	Minimum Password Length	0 chars
	Password History Length	Disabled
	Lockout Threshold	Disabled
	Lockout Duration	30 min
	Lockout Observation Window	30 min

Logon


User	Full Name	Logon Server	Logon Domain
galffycsaba@gmail.com			MicrosoftAccount
galffycsaba@gmail.com			MicrosoftAccount

Users


[ Administrator ]

	User Properties:
		User Name	Administrator
		Full Name	Administrator
		Comment	Built-in account for administering the computer/domain
		Member Of Groups	Administrators
		Logon Count	0
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	Yes
		Locked Out User	No
		Home Folder Required	No
		Password Required	Yes
		Read-Only Password	No
		Password Never Expires	Yes

[ DefaultAccount ]

	User Properties:
		User Name	DefaultAccount
		Full Name	DefaultAccount
		Comment	A user account managed by the system.
		Member Of Groups	System Managed Accounts Group
		Logon Count	0
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	Yes
		Locked Out User	No
		Home Folder Required	No
		Password Required	No
		Read-Only Password	No
		Password Never Expires	Yes

[ galff ]

	User Properties:
		User Name	galff
		Full Name	G�lffy Csaba
		Member Of Groups	Administrators; Users
		Logon Count	0
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	No
		Locked Out User	No
		Home Folder Required	No
		Password Required	Yes
		Read-Only Password	No
		Password Never Expires	Yes

[ Guest ]

	User Properties:
		User Name	Guest
		Full Name	Guest
		Comment	Built-in account for guest access to the computer/domain
		Member Of Groups	Guests
		Logon Count	0
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	Yes
		Locked Out User	No
		Home Folder Required	No
		Password Required	No
		Read-Only Password	Yes
		Password Never Expires	Yes

Local Groups


[ Administrators ]

	Local Group Properties:
		Comment	Administrators have complete and unrestricted access to the computer/domain

	Group Members:
		Administrator
		galff	G�lffy Csaba

[ Distributed COM Users ]

	Local Group Properties:
		Comment	Members are allowed to launch, activate and use Distributed COM objects on this machine.

[ Event Log Readers ]

	Local Group Properties:
		Comment	Members of this group can read event logs from local machine

[ Guests ]

	Local Group Properties:
		Comment	Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted

	Group Members:
		Guest

[ IIS_IUSRS ]

	Local Group Properties:
		Comment	Built-in group used by Internet Information Services.

	Group Members:
		IUSR

[ Performance Log Users ]

	Local Group Properties:
		Comment	Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer

[ Performance Monitor Users ]

	Local Group Properties:
		Comment	Members of this group can access performance counter data locally and remotely

[ Remote Management Users ]

	Local Group Properties:
		Comment	Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user.

[ System Managed Accounts Group ]

	Local Group Properties:
		Comment	Members of this group are managed by the system.

	Group Members:
		DefaultAccount

[ Users ]

	Local Group Properties:
		Comment	Users are prevented from making accidental or intentional system-wide changes and can run most applications

	Group Members:
		Authenticated Users
		galff	G�lffy Csaba
		INTERACTIVE

Global Groups


[ None ]

	Global Group Properties:
		Comment	Ordinary users

	Group Members:
		Administrator
		DefaultAccount
		galff	G�lffy Csaba
		Guest

Windows Video


[ Intel(R) HD Graphics ]

	Video Adapter Properties:
		Device Description	Intel(R) HD Graphics
		Adapter String	Intel(R) HD Graphics
		BIOS String	Intel Video BIOS
		Chip Type	Intel(R) HD Graphics
		DAC Type	Internal
		Driver Date	17/07/2015
		Driver Version	10.18.15.4256
		Driver Provider	Intel Corporation
		Memory Size	1 GB

	Installed Drivers:
		igdumdim64	10.18.15.4256
		igd10iumd64	10.18.15.4256
		igd10iumd64	10.18.15.4256
		igd12umd64	10.18.15.4256
		igdumdim32	10.18.15.4256
		igd10iumd32	10.18.15.4256
		igd10iumd32	10.18.15.4256
		igd12umd32	10.18.15.4256

	Video Adapter Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

[ Intel(R) HD Graphics ]

	Video Adapter Properties:
		Device Description	Intel(R) HD Graphics
		Adapter String	Intel(R) HD Graphics
		BIOS String	Intel Video BIOS
		Chip Type	Intel(R) HD Graphics
		DAC Type	Internal
		Driver Date	17/07/2015
		Driver Version	10.18.15.4256
		Driver Provider	Intel Corporation
		Memory Size	1 GB

	Installed Drivers:
		igdumdim64	10.18.15.4256
		igd10iumd64	10.18.15.4256
		igd10iumd64	10.18.15.4256
		igd12umd64	10.18.15.4256
		igdumdim32	10.18.15.4256
		igd10iumd32	10.18.15.4256
		igd10iumd32	10.18.15.4256
		igd12umd32	10.18.15.4256

	Video Adapter Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

[ Intel(R) HD Graphics ]

	Video Adapter Properties:
		Device Description	Intel(R) HD Graphics
		Adapter String	Intel(R) HD Graphics
		BIOS String	Intel Video BIOS
		Chip Type	Intel(R) HD Graphics
		DAC Type	Internal
		Driver Date	17/07/2015
		Driver Version	10.18.15.4256
		Driver Provider	Intel Corporation
		Memory Size	1 GB

	Installed Drivers:
		igdumdim64	10.18.15.4256
		igd10iumd64	10.18.15.4256
		igd10iumd64	10.18.15.4256
		igd12umd64	10.18.15.4256
		igdumdim32	10.18.15.4256
		igd10iumd32	10.18.15.4256
		igd10iumd32	10.18.15.4256
		igd12umd32	10.18.15.4256

	Video Adapter Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

GPU


[ Integrated: Intel Cherry Trail / Braswell SoC - Integrated Graphics Controller (16 EU) ]

	Graphics Processor Properties:
		Video Adapter	Intel Cherry Trail / Braswell SoC - Integrated Graphics Controller (16 EU)
		GPU Code Name	Cherry Trail
		PCI Device	8086-22B0 / 1043-1BDD (Rev 20)
		Process Technology	14 nm
		Bus Type	Integrated
		GPU Clock	600 MHz
		RAMDAC Clock	350 MHz
		Pixel Pipelines	4
		TMU Per Pipeline	1
		Unified Shaders	64 (v5.0)
		DirectX Hardware Support	DirectX v11.1
		WDDM Version	WDDM 2.0

	Architecture:
		Architecture	Intel Gen8LP
		Execution Units (EU)	16
		Local Data Share	64 KB

	Theoretical Peak Performance:
		Pixel Fillrate	2400 MPixel/s @ 600 MHz
		Texel Fillrate	2400 MTexel/s @ 600 MHz
		Single-Precision FLOPS	153.6 GFLOPS @ 600 MHz

	Utilization:
		Dedicated Memory	0 MB
		Dynamic Memory	54 MB

	Graphics Processor Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

Monitor


[ Generic PnP Monitor [NoDB] ]

	Monitor Properties:
		Monitor Name	Generic PnP Monitor [NoDB]
		Monitor ID	AUO20D4
		Manufacture Date	2002
		Serial Number	12003
		Max. Visible Display Size	14 cm x 22 cm (10.3")
		Picture Aspect Ratio	5:4
		Horizontal Frequency	45 kHz
		Vertical Frequency	60 Hz
		Maximum Pixel Clock	80 MHz
		Gamma	2.20
		DPMS Mode Support	Active-Off

	Supported Video Modes:
		800 x 1280	Pixel Clock: 75.00 MHz

[ Intel AVStream Camera ]

	Monitor Properties:
		Monitor Name	Intel AVStream Camera
		Monitor ID	INT22B8
		Serial Number	None
		Max. Visible Display Size	4095 mm x 4095 mm (228.0")
		Picture Aspect Ratio	5:4
		Gamma	3.55
		DPMS Mode Support	Standby, Suspend, Active-Off

	Supported Video Modes:
		640 x 480	60 Hz
		640 x 480	67 Hz
		640 x 480	72 Hz
		640 x 480	75 Hz
		720 x 400	70 Hz
		720 x 400	88 Hz
		800 x 600	56 Hz
		800 x 600	60 Hz
		800 x 600	72 Hz
		800 x 600	75 Hz
		832 x 624	75 Hz
		1024 x 768	60 Hz
		1024 x 768	72 Hz
		1024 x 768	75 Hz
		1024 x 768	87 Hz
		1152 x 870	75 Hz
		1280 x 1024	75 Hz
		2288 x 1287	123 Hz
		4095 x 4095	Pixel Clock: 655.35 MHz

Desktop


Desktop Properties:
	Device Technology	Raster Display
	Resolution	1280 x 800
	Color Depth	32-bit
	Color Planes	1
	Font Resolution	96 dpi
	Pixel Width / Height	36 / 36
	Pixel Diagonal	51
	Vertical Refresh Rate	60 Hz
	Desktop Wallpaper	C:\Users\galff\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\photo-1428591501234-1ffcb0d6871f.jpg

Desktop Effects:
	Combo-Box Animation	Enabled
	Drop Shadow Effect	Enabled
	Flat Menu Effect	Enabled
	Font Smoothing	Enabled
	ClearType	Enabled
	Full Window Dragging	Enabled
	Gradient Window Title Bars	Enabled
	Hide Menu Access Keys	Enabled
	Hot Tracking Effect	Enabled
	Icon Title Wrapping	Enabled
	List-Box Smooth Scrolling	Enabled
	Menu Animation	Enabled
	Menu Fade Effect	Enabled
	Minimize/Restore Animation	Enabled
	Mouse Cursor Shadow	Disabled
	Selection Fade Effect	Enabled
	ShowSounds Accessibility Feature	Disabled
	ToolTip Animation	Enabled
	ToolTip Fade Effect	Enabled
	Windows Aero	Enabled
	Windows Plus! Extension	Disabled

Multi-Monitor


Device ID	Primary	Upper Left Corner	Bottom Right Corner
\\.\DISPLAY1	Yes	(0,0)	(1280,800)

Video Modes


Resolution	Color Depth	Refresh Rate
320 x 200	8-bit	60 Hz
320 x 200	16-bit	60 Hz
320 x 200	32-bit	60 Hz
320 x 240	8-bit	60 Hz
320 x 240	8-bit	60 Hz
320 x 240	16-bit	60 Hz
320 x 240	16-bit	60 Hz
320 x 240	32-bit	60 Hz
320 x 240	32-bit	60 Hz
400 x 300	8-bit	60 Hz
400 x 300	8-bit	60 Hz
400 x 300	16-bit	60 Hz
400 x 300	16-bit	60 Hz
400 x 300	32-bit	60 Hz
400 x 300	32-bit	60 Hz
512 x 384	8-bit	60 Hz
512 x 384	8-bit	60 Hz
512 x 384	16-bit	60 Hz
512 x 384	16-bit	60 Hz
512 x 384	32-bit	60 Hz
512 x 384	32-bit	60 Hz
640 x 400	8-bit	60 Hz
640 x 400	16-bit	60 Hz
640 x 400	32-bit	60 Hz
640 x 480	8-bit	60 Hz
640 x 480	8-bit	60 Hz
640 x 480	16-bit	60 Hz
640 x 480	16-bit	60 Hz
640 x 480	32-bit	60 Hz
640 x 480	32-bit	60 Hz
800 x 600	8-bit	60 Hz
800 x 600	8-bit	60 Hz
800 x 600	16-bit	60 Hz
800 x 600	16-bit	60 Hz
800 x 600	32-bit	60 Hz
800 x 600	32-bit	60 Hz
1024 x 768	8-bit	60 Hz
1024 x 768	8-bit	60 Hz
1024 x 768	16-bit	60 Hz
1024 x 768	16-bit	60 Hz
1024 x 768	32-bit	60 Hz
1024 x 768	32-bit	60 Hz
1280 x 600	8-bit	60 Hz
1280 x 600	8-bit	60 Hz
1280 x 600	16-bit	60 Hz
1280 x 600	16-bit	60 Hz
1280 x 600	32-bit	60 Hz
1280 x 600	32-bit	60 Hz
1280 x 720	8-bit	60 Hz
1280 x 720	8-bit	60 Hz
1280 x 720	16-bit	60 Hz
1280 x 720	16-bit	60 Hz
1280 x 720	32-bit	60 Hz
1280 x 720	32-bit	60 Hz
1280 x 768	8-bit	60 Hz
1280 x 768	8-bit	60 Hz
1280 x 768	16-bit	60 Hz
1280 x 768	16-bit	60 Hz
1280 x 768	32-bit	60 Hz
1280 x 768	32-bit	60 Hz
1280 x 800	8-bit	60 Hz
1280 x 800	16-bit	60 Hz
1280 x 800	32-bit	60 Hz

OpenGL


OpenGL Properties:
	Vendor	Intel
	Renderer	Intel(R) HD Graphics
	Version	4.3.0 - Build 10.18.15.4256
	Shading Language Version	4.30 - Build 10.18.15.4256
	OpenGL DLL	10.0.10240.16384(th1.150709-1700)
	Multitexture Texture Units	8
	Occlusion Query Counter Bits	64
	Sub-Pixel Precision	8-bit
	Max Viewport Size	16384 x 16384
	Max Cube Map Texture Size	16384 x 16384
	Max Rectangle Texture Size	16384 x 16384
	Max 3D Texture Size	2048 x 2048 x 2048
	Max Anisotropy	16
	Max Clipping Planes	8
	Max Display-List Nesting Level	64
	Max Draw Buffers	8
	Max Evaluator Order	32
	Max Light Sources	8
	Max Pixel Map Table Size	65536
	Min / Max Program Texel Offset	-8 / 7
	Max Texture Array Layers	2048
	Max Texture LOD Bias	15

OpenGL Compliancy:
	OpenGL 1.1	Yes (100%)
	OpenGL 1.2	Yes (100%)
	OpenGL 1.3	Yes (100%)
	OpenGL 1.4	Yes (100%)
	OpenGL 1.5	Yes (100%)
	OpenGL 2.0	Yes (100%)
	OpenGL 2.1	Yes (100%)
	OpenGL 3.0	Yes (100%)
	OpenGL 3.1	Yes (100%)
	OpenGL 3.2	Yes (100%)
	OpenGL 3.3	Yes (100%)
	OpenGL 4.0	Yes (100%)
	OpenGL 4.1	Yes (100%)
	OpenGL 4.2	Yes (100%)
	OpenGL 4.3	Yes (100%)
	OpenGL 4.4	No (88%)
	OpenGL 4.5	No (0%)

Max Stack Depth:
	Attribute Stack	16
	Client Attribute Stack	16
	Modelview Matrix Stack	32
	Name Stack	128
	Projection Matrix Stack	4
	Texture Matrix Stack	10

Draw Range Elements:
	Max Index Count	1048576
	Max Vertex Count	1048576

Transform Feedback:
	Max Interleaved Components	128
	Max Separate Attributes	4
	Max Separate Components	4

Framebuffer Object:
	Max Color Attachments	8
	Max Render Buffer Size	16384 x 16384

Vertex Shader:
	Max Uniform Vertex Components	4096
	Max Varying Floats	64
	Max Vertex Texture Image Units	32
	Max Combined Texture Image Units	192

Geometry Shader:
	Max Geometry Texture Units	32
	Max Varying Components	64
	Max Geometry Varying Components	64
	Max Vertex Varying Components	32
	Max Geometry Uniform Components	4096
	Max Geometry Output Vertices	256
	Max Geometry Total Output Components	1024

Fragment Shader:
	Max Uniform Fragment Components	4096

Vertex Program:
	Max Local Parameters	256
	Max Environment Parameters	300
	Max Program Matrices	8
	Max Program Matrix Stack Depth	2
	Max Vertex Attributes	16
	Max Instructions	1024
	Max Native Instructions	1024
	Max Temporaries	31
	Max Native Temporaries	31
	Max Parameters	512
	Max Native Parameters	400
	Max Attributes	16
	Max Native Attributes	16
	Max Address Registers	1
	Max Native Address Registers	1

Fragment Program:
	Max Local Parameters	256
	Max Environment Parameters	256
	Max Texture Coordinates	8
	Max Texture Image Units	32
	Max Instructions	1447
	Max Native Instructions	1447
	Max Temporaries	256
	Max Native Temporaries	256
	Max Parameters	512
	Max Native Parameters	32
	Max Attributes	13
	Max Native Attributes	13
	Max Address Registers	0
	Max Native Address Registers	0
	Max ALU Instructions	1447
	Max Native ALU Instructions	1447
	Max Texture Instructions	1447
	Max Native Texture Instructions	1447
	Max Texture Indirections	128
	Max Native Texture Indirections	128

OpenGL Extensions:
	Total / Supported Extensions	1007 / 216
	GL_3DFX_multisample	Not Supported
	GL_3DFX_tbuffer	Not Supported
	GL_3DFX_texture_compression_FXT1	Supported
	GL_3DL_direct_texture_access2	Not Supported
	GL_3Dlabs_multisample_transparency_id	Not Supported
	GL_3Dlabs_multisample_transparency_range	Not Supported
	GL_AMD_blend_minmax_factor	Not Supported
	GL_AMD_compressed_3DC_texture	Not Supported
	GL_AMD_compressed_ATC_texture	Not Supported
	GL_AMD_conservative_depth	Not Supported
	GL_AMD_debug_output	Not Supported
	GL_AMD_depth_clamp_separate	Not Supported
	GL_AMD_draw_buffers_blend	Not Supported
	GL_AMD_framebuffer_sample_positions	Not Supported
	GL_AMD_gcn_shader	Not Supported
	GL_AMD_gpu_shader_half_float	Not Supported
	GL_AMD_gpu_shader_half_float2	Not Supported
	GL_AMD_gpu_shader_int64	Not Supported
	GL_AMD_interleaved_elements	Not Supported
	GL_AMD_multi_draw_indirect	Not Supported
	GL_AMD_name_gen_delete	Not Supported
	GL_AMD_occlusion_query_event	Not Supported
	GL_AMD_performance_monitor	Not Supported
	GL_AMD_pinned_memory	Not Supported
	GL_AMD_program_binary_Z400	Not Supported
	GL_AMD_query_buffer_object	Not Supported
	GL_AMD_sample_positions	Not Supported
	GL_AMD_seamless_cubemap_per_texture	Not Supported
	GL_AMD_shader_atomic_counter_ops	Not Supported
	GL_AMD_shader_stencil_export	Not Supported
	GL_AMD_shader_stencil_value_export	Not Supported
	GL_AMD_shader_trace	Not Supported
	GL_AMD_shader_trinary_minmax	Not Supported
	GL_AMD_sparse_texture	Not Supported
	GL_AMD_sparse_texture_pool	Not Supported
	GL_AMD_stencil_operation_extended	Not Supported
	GL_AMD_texture_compression_dxt6	Not Supported
	GL_AMD_texture_compression_dxt7	Not Supported
	GL_AMD_texture_cube_map_array	Not Supported
	GL_AMD_texture_texture4	Not Supported
	GL_AMD_texture_tile_pool	Not Supported
	GL_AMD_transform_feedback3_lines_triangles	Not Supported
	GL_AMD_transform_feedback4	Not Supported
	GL_AMD_vertex_shader_layer	Supported
	GL_AMD_vertex_shader_tessellator	Not Supported
	GL_AMD_vertex_shader_viewport_index	Supported
	GL_AMDX_debug_output	Not Supported
	GL_AMDX_name_gen_delete	Not Supported
	GL_AMDX_random_access_target	Not Supported
	GL_AMDX_vertex_shader_tessellator	Not Supported
	GL_ANDROID_extension_pack_es31a	Not Supported
	GL_ANGLE_depth_texture	Not Supported
	GL_ANGLE_framebuffer_blit	Not Supported
	GL_ANGLE_framebuffer_multisample	Not Supported
	GL_ANGLE_instanced_arrays	Not Supported
	GL_ANGLE_pack_reverse_row_order	Not Supported
	GL_ANGLE_program_binary	Not Supported
	GL_ANGLE_texture_compression_dxt1	Not Supported
	GL_ANGLE_texture_compression_dxt3	Not Supported
	GL_ANGLE_texture_compression_dxt5	Not Supported
	GL_ANGLE_texture_usage	Not Supported
	GL_ANGLE_translated_shader_source	Not Supported
	GL_APPLE_aux_depth_stencil	Not Supported
	GL_APPLE_client_storage	Not Supported
	GL_APPLE_copy_texture_levels	Not Supported
	GL_APPLE_element_array	Not Supported
	GL_APPLE_fence	Not Supported
	GL_APPLE_float_pixels	Not Supported
	GL_APPLE_flush_buffer_range	Not Supported
	GL_APPLE_flush_render	Not Supported
	GL_APPLE_framebuffer_multisample	Not Supported
	GL_APPLE_object_purgeable	Not Supported
	GL_APPLE_packed_pixel	Not Supported
	GL_APPLE_packed_pixels	Not Supported
	GL_APPLE_pixel_buffer	Not Supported
	GL_APPLE_rgb_422	Not Supported
	GL_APPLE_row_bytes	Not Supported
	GL_APPLE_specular_vector	Not Supported
	GL_APPLE_sync	Not Supported
	GL_APPLE_texture_2D_limited_npot	Not Supported
	GL_APPLE_texture_format_BGRA8888	Not Supported
	GL_APPLE_texture_max_level	Not Supported
	GL_APPLE_texture_range	Not Supported
	GL_APPLE_transform_hint	Not Supported
	GL_APPLE_vertex_array_object	Not Supported
	GL_APPLE_vertex_array_range	Not Supported
	GL_APPLE_vertex_point_size	Not Supported
	GL_APPLE_vertex_program_evaluators	Not Supported
	GL_APPLE_ycbcr_422	Not Supported
	GL_ARB_arrays_of_arrays	Supported
	GL_ARB_base_instance	Supported
	GL_ARB_bindless_texture	Not Supported
	GL_ARB_blend_func_extended	Supported
	GL_ARB_buffer_storage	Supported
	GL_ARB_cl_event	Supported
	GL_ARB_clear_buffer_object	Supported
	GL_ARB_clear_texture	Supported
	GL_ARB_clip_control	Not Supported
	GL_ARB_color_buffer_float	Supported
	GL_ARB_compatibility	Supported
	GL_ARB_compressed_texture_pixel_storage	Supported
	GL_ARB_compute_shader	Supported
	GL_ARB_compute_variable_group_size	Not Supported
	GL_ARB_conditional_render_inverted	Not Supported
	GL_ARB_conservative_depth	Supported
	GL_ARB_context_flush_control	Not Supported
	GL_ARB_copy_buffer	Supported
	GL_ARB_copy_image	Supported
	GL_ARB_cull_distance	Not Supported
	GL_ARB_debug_group	Not Supported
	GL_ARB_debug_label	Not Supported
	GL_ARB_debug_output	Supported
	GL_ARB_debug_output2	Not Supported
	GL_ARB_depth_buffer_float	Supported
	GL_ARB_depth_clamp	Supported
	GL_ARB_depth_texture	Supported
	GL_ARB_derivative_control	Not Supported
	GL_ARB_direct_state_access	Not Supported
	GL_ARB_draw_buffers	Supported
	GL_ARB_draw_buffers_blend	Supported
	GL_ARB_draw_elements_base_vertex	Supported
	GL_ARB_draw_indirect	Supported
	GL_ARB_draw_instanced	Supported
	GL_ARB_enhanced_layouts	Supported
	GL_ARB_ES2_compatibility	Supported
	GL_ARB_ES3_1_compatibility	Not Supported
	GL_ARB_ES3_compatibility	Supported
	GL_ARB_explicit_attrib_location	Supported
	GL_ARB_explicit_uniform_location	Supported
	GL_ARB_fragment_coord_conventions	Supported
	GL_ARB_fragment_layer_viewport	Supported
	GL_ARB_fragment_program	Supported
	GL_ARB_fragment_program_shadow	Supported
	GL_ARB_fragment_shader	Supported
	GL_ARB_framebuffer_no_attachments	Supported
	GL_ARB_framebuffer_object	Supported
	GL_ARB_framebuffer_sRGB	Supported
	GL_ARB_geometry_shader4	Supported
	GL_ARB_get_program_binary	Supported
	GL_ARB_get_texture_sub_image	Not Supported
	GL_ARB_gpu_shader_fp64	Supported
	GL_ARB_gpu_shader5	Supported
	GL_ARB_half_float_pixel	Supported
	GL_ARB_half_float_vertex	Supported
	GL_ARB_imaging	Not Supported
	GL_ARB_indirect_parameters	Supported
	GL_ARB_instanced_arrays	Supported
	GL_ARB_internalformat_query	Supported
	GL_ARB_internalformat_query2	Supported
	GL_ARB_invalidate_subdata	Supported
	GL_ARB_make_current_read	Not Supported
	GL_ARB_map_buffer_alignment	Supported
	GL_ARB_map_buffer_range	Supported
	GL_ARB_matrix_palette	Not Supported
	GL_ARB_multi_bind	Supported
	GL_ARB_multi_draw_indirect	Supported
	GL_ARB_multisample	Supported
	GL_ARB_multitexture	Supported
	GL_ARB_occlusion_query	Supported
	GL_ARB_occlusion_query2	Supported
	GL_ARB_pipeline_statistics_query	Not Supported
	GL_ARB_pixel_buffer_object	Supported
	GL_ARB_point_parameters	Supported
	GL_ARB_point_sprite	Supported
	GL_ARB_program_interface_query	Supported
	GL_ARB_provoking_vertex	Supported
	GL_ARB_query_buffer_object	Supported
	GL_ARB_robust_buffer_access_behavior	Supported
	GL_ARB_robustness	Supported
	GL_ARB_robustness_isolation	Not Supported
	GL_ARB_sample_shading	Supported
	GL_ARB_sampler_objects	Supported
	GL_ARB_seamless_cube_map	Supported
	GL_ARB_seamless_cubemap_per_texture	Supported
	GL_ARB_separate_shader_objects	Supported
	GL_ARB_shader_atomic_counters	Supported
	GL_ARB_shader_bit_encoding	Supported
	GL_ARB_shader_draw_parameters	Not Supported
	GL_ARB_shader_group_vote	Not Supported
	GL_ARB_shader_image_load_store	Supported
	GL_ARB_shader_image_size	Supported
	GL_ARB_shader_objects	Supported
	GL_ARB_shader_precision	Supported
	GL_ARB_shader_stencil_export	Not Supported
	GL_ARB_shader_storage_buffer_object	Supported
	GL_ARB_shader_subroutine	Supported
	GL_ARB_shader_texture_image_samples	Not Supported
	GL_ARB_shader_texture_lod	Not Supported
	GL_ARB_shading_language_100	Supported
	GL_ARB_shading_language_120	Not Supported
	GL_ARB_shading_language_420pack	Supported
	GL_ARB_shading_language_include	Not Supported
	GL_ARB_shading_language_packing	Supported
	GL_ARB_shadow	Supported
	GL_ARB_shadow_ambient	Not Supported
	GL_ARB_sparse_buffer	Not Supported
	GL_ARB_sparse_texture	Not Supported
	GL_ARB_stencil_texturing	Supported
	GL_ARB_swap_buffers	Not Supported
	GL_ARB_sync	Supported
	GL_ARB_tessellation_shader	Supported
	GL_ARB_texture_barrier	Not Supported
	GL_ARB_texture_border_clamp	Supported
	GL_ARB_texture_buffer_object	Not Supported
	GL_ARB_texture_buffer_object_rgb32	Supported
	GL_ARB_texture_buffer_range	Supported
	GL_ARB_texture_compression	Supported
	GL_ARB_texture_compression_bptc	Supported
	GL_ARB_texture_compression_rgtc	Supported
	GL_ARB_texture_compression_rtgc	Not Supported
	GL_ARB_texture_cube_map	Supported
	GL_ARB_texture_cube_map_array	Supported
	GL_ARB_texture_env_add	Supported
	GL_ARB_texture_env_combine	Supported
	GL_ARB_texture_env_crossbar	Supported
	GL_ARB_texture_env_dot3	Supported
	GL_ARB_texture_float	Supported
	GL_ARB_texture_gather	Supported
	GL_ARB_texture_mirror_clamp_to_edge	Supported
	GL_ARB_texture_mirrored_repeat	Supported
	GL_ARB_texture_multisample	Supported
	GL_ARB_texture_non_power_of_two	Supported
	GL_ARB_texture_query_levels	Supported
	GL_ARB_texture_query_lod	Supported
	GL_ARB_texture_rectangle	Supported
	GL_ARB_texture_rg	Supported
	GL_ARB_texture_rgb10_a2ui	Supported
	GL_ARB_texture_snorm	Not Supported
	GL_ARB_texture_stencil8	Supported
	GL_ARB_texture_storage	Supported
	GL_ARB_texture_storage_multisample	Supported
	GL_ARB_texture_swizzle	Supported
	GL_ARB_texture_view	Supported
	GL_ARB_timer_query	Supported
	GL_ARB_transform_feedback_instanced	Supported
	GL_ARB_transform_feedback_overflow_query	Not Supported
	GL_ARB_transform_feedback2	Supported
	GL_ARB_transform_feedback3	Supported
	GL_ARB_transpose_matrix	Supported
	GL_ARB_uber_buffers	Not Supported
	GL_ARB_uber_mem_image	Not Supported
	GL_ARB_uber_vertex_array	Not Supported
	GL_ARB_uniform_buffer_object	Supported
	GL_ARB_vertex_array_bgra	Supported
	GL_ARB_vertex_array_object	Supported
	GL_ARB_vertex_attrib_64bit	Supported
	GL_ARB_vertex_attrib_binding	Supported
	GL_ARB_vertex_blend	Not Supported
	GL_ARB_vertex_buffer_object	Supported
	GL_ARB_vertex_program	Supported
	GL_ARB_vertex_shader	Supported
	GL_ARB_vertex_type_10f_11f_11f_rev	Supported
	GL_ARB_vertex_type_2_10_10_10_rev	Supported
	GL_ARB_viewport_array	Supported
	GL_ARB_window_pos	Supported
	GL_ARM_mali_program_binary	Not Supported
	GL_ARM_mali_shader_binary	Not Supported
	GL_ARM_rgba8	Not Supported
	GL_ARM_shader_framebuffer_fetch	Not Supported
	GL_ARM_shader_framebuffer_fetch_depth_stencil	Not Supported
	GL_ATI_array_rev_comps_in_4_bytes	Not Supported
	GL_ATI_blend_equation_separate	Not Supported
	GL_ATI_blend_weighted_minmax	Not Supported
	GL_ATI_draw_buffers	Not Supported
	GL_ATI_element_array	Not Supported
	GL_ATI_envmap_bumpmap	Not Supported
	GL_ATI_fragment_shader	Not Supported
	GL_ATI_lock_texture	Not Supported
	GL_ATI_map_object_buffer	Not Supported
	GL_ATI_meminfo	Not Supported
	GL_ATI_pixel_format_float	Not Supported
	GL_ATI_pn_triangles	Not Supported
	GL_ATI_point_cull_mode	Not Supported
	GL_ATI_separate_stencil	Supported
	GL_ATI_shader_texture_lod	Not Supported
	GL_ATI_text_fragment_shader	Not Supported
	GL_ATI_texture_compression_3dc	Not Supported
	GL_ATI_texture_env_combine3	Not Supported
	GL_ATI_texture_float	Not Supported
	GL_ATI_texture_mirror_once	Not Supported
	GL_ATI_vertex_array_object	Not Supported
	GL_ATI_vertex_attrib_array_object	Not Supported
	GL_ATI_vertex_blend	Not Supported
	GL_ATI_vertex_shader	Not Supported
	GL_ATI_vertex_streams	Not Supported
	GL_ATIX_pn_triangles	Not Supported
	GL_ATIX_texture_env_combine3	Not Supported
	GL_ATIX_texture_env_route	Not Supported
	GL_ATIX_vertex_shader_output_point_size	Not Supported
	GL_Autodesk_facet_normal	Not Supported
	GL_Autodesk_valid_back_buffer_hint	Not Supported
	GL_CR_bounding_box	Not Supported
	GL_CR_cursor_position	Not Supported
	GL_CR_head_spu_name	Not Supported
	GL_CR_performance_info	Not Supported
	GL_CR_print_string	Not Supported
	GL_CR_readback_barrier_size	Not Supported
	GL_CR_saveframe	Not Supported
	GL_CR_server_id_sharing	Not Supported
	GL_CR_server_matrix	Not Supported
	GL_CR_state_parameter	Not Supported
	GL_CR_synchronization	Not Supported
	GL_CR_tile_info	Not Supported
	GL_CR_tilesort_info	Not Supported
	GL_CR_window_size	Not Supported
	GL_DIMD_YUV	Not Supported
	GL_DMP_shader_binary	Not Supported
	GL_EXT_422_pixels	Not Supported
	GL_EXT_abgr	Supported
	GL_EXT_bgra	Supported
	GL_EXT_bindable_uniform	Not Supported
	GL_EXT_blend_color	Supported
	GL_EXT_blend_equation_separate	Supported
	GL_EXT_blend_func_separate	Supported
	GL_EXT_blend_logic_op	Not Supported
	GL_EXT_blend_minmax	Supported
	GL_EXT_blend_subtract	Supported
	GL_EXT_Cg_shader	Not Supported
	GL_EXT_clip_control	Supported
	GL_EXT_clip_volume_hint	Supported
	GL_EXT_cmyka	Not Supported
	GL_EXT_color_buffer_float	Not Supported
	GL_EXT_color_buffer_half_float	Not Supported
	GL_EXT_color_matrix	Not Supported
	GL_EXT_color_subtable	Not Supported
	GL_EXT_color_table	Not Supported
	GL_EXT_compiled_vertex_array	Supported
	GL_EXT_convolution	Not Supported
	GL_EXT_convolution_border_modes	Not Supported
	GL_EXT_coordinate_frame	Not Supported
	GL_EXT_copy_buffer	Not Supported
	GL_EXT_copy_image	Not Supported
	GL_EXT_copy_texture	Not Supported
	GL_EXT_cull_vertex	Not Supported
	GL_EXT_debug_label	Not Supported
	GL_EXT_debug_marker	Not Supported
	GL_EXT_depth_bounds_test	Not Supported
	GL_EXT_depth_buffer_float	Not Supported
	GL_EXT_direct_state_access	Supported
	GL_EXT_discard_framebuffer	Not Supported
	GL_EXT_disjoint_timer_query	Not Supported
	GL_EXT_draw_buffers	Not Supported
	GL_EXT_draw_buffers_indexed	Not Supported
	GL_EXT_draw_buffers2	Supported
	GL_EXT_draw_indirect	Not Supported
	GL_EXT_draw_instanced	Not Supported
	GL_EXT_draw_range_elements	Supported
	GL_EXT_fog_coord	Supported
	GL_EXT_fog_function	Not Supported
	GL_EXT_fog_offset	Not Supported
	GL_EXT_frag_depth	Not Supported
	GL_EXT_fragment_lighting	Not Supported
	GL_EXT_framebuffer_blit	Supported
	GL_EXT_framebuffer_multisample	Supported
	GL_EXT_framebuffer_multisample_blit_scaled	Not Supported
	GL_EXT_framebuffer_object	Supported
	GL_EXT_framebuffer_sRGB	Not Supported
	GL_EXT_generate_mipmap	Not Supported
	GL_EXT_geometry_point_size	Not Supported
	GL_EXT_geometry_shader	Not Supported
	GL_EXT_geometry_shader4	Supported
	GL_EXT_glx_stereo_tree	Not Supported
	GL_EXT_gpu_program_parameters	Supported
	GL_EXT_gpu_shader_fp64	Not Supported
	GL_EXT_gpu_shader4	Supported
	GL_EXT_gpu_shader5	Not Supported
	GL_EXT_histogram	Not Supported
	GL_EXT_import_sync_object	Not Supported
	GL_EXT_index_array_formats	Not Supported
	GL_EXT_index_func	Not Supported
	GL_EXT_index_material	Not Supported
	GL_EXT_index_texture	Not Supported
	GL_EXT_instanced_arrays	Not Supported
	GL_EXT_interlace	Not Supported
	GL_EXT_light_texture	Not Supported
	GL_EXT_map_buffer_range	Not Supported
	GL_EXT_misc_attribute	Not Supported
	GL_EXT_multi_draw_arrays	Supported
	GL_EXT_multisample	Not Supported
	GL_EXT_multisampled_render_to_texture	Not Supported
	GL_EXT_multiview_draw_buffers	Not Supported
	GL_EXT_occlusion_query_boolean	Not Supported
	GL_EXT_packed_depth_stencil	Supported
	GL_EXT_packed_float	Supported
	GL_EXT_packed_pixels	Supported
	GL_EXT_packed_pixels_12	Not Supported
	GL_EXT_paletted_texture	Not Supported
	GL_EXT_pixel_buffer_object	Not Supported
	GL_EXT_pixel_format	Not Supported
	GL_EXT_pixel_texture	Not Supported
	GL_EXT_pixel_transform	Not Supported
	GL_EXT_pixel_transform_color_table	Not Supported
	GL_EXT_point_parameters	Not Supported
	GL_EXT_polygon_offset	Not Supported
	GL_EXT_polygon_offset_clamp	Supported
	GL_EXT_post_depth_coverage	Not Supported
	GL_EXT_primitive_bounding_box	Not Supported
	GL_EXT_provoking_vertex	Not Supported
	GL_EXT_pvrtc_sRGB	Not Supported
	GL_EXT_raster_multisample	Not Supported
	GL_EXT_read_format_bgra	Not Supported
	GL_EXT_rescale_normal	Supported
	GL_EXT_robustness	Not Supported
	GL_EXT_scene_marker	Not Supported
	GL_EXT_secondary_color	Supported
	GL_EXT_separate_shader_objects	Not Supported
	GL_EXT_separate_specular_color	Supported
	GL_EXT_shader_atomic_counters	Not Supported
	GL_EXT_shader_framebuffer_fetch	Not Supported
	GL_EXT_shader_image_load_formatted	Not Supported
	GL_EXT_shader_image_load_store	Not Supported
	GL_EXT_shader_implicit_conversions	Not Supported
	GL_EXT_shader_integer_mix	Supported
	GL_EXT_shader_io_blocks	Not Supported
	GL_EXT_shader_pixel_local_storage	Not Supported
	GL_EXT_shader_subroutine	Not Supported
	GL_EXT_shader_texture_lod	Not Supported
	GL_EXT_shadow_funcs	Supported
	GL_EXT_shadow_samplers	Not Supported
	GL_EXT_shared_texture_palette	Not Supported
	GL_EXT_sparse_texture2	Not Supported
	GL_EXT_sRGB	Not Supported
	GL_EXT_sRGB_write_control	Not Supported
	GL_EXT_static_vertex_array	Not Supported
	GL_EXT_stencil_clear_tag	Not Supported
	GL_EXT_stencil_two_side	Supported
	GL_EXT_stencil_wrap	Supported
	GL_EXT_subtexture	Not Supported
	GL_EXT_swap_control	Not Supported
	GL_EXT_tessellation_point_size	Not Supported
	GL_EXT_tessellation_shader	Not Supported
	GL_EXT_texgen_reflection	Not Supported
	GL_EXT_texture	Not Supported
	GL_EXT_texture_array	Supported
	GL_EXT_texture_border_clamp	Not Supported
	GL_EXT_texture_buffer	Not Supported
	GL_EXT_texture_buffer_object	Not Supported
	GL_EXT_texture_buffer_object_rgb32	Not Supported
	GL_EXT_texture_color_table	Not Supported
	GL_EXT_texture_compression_bptc	Not Supported
	GL_EXT_texture_compression_dxt1	Not Supported
	GL_EXT_texture_compression_latc	Not Supported
	GL_EXT_texture_compression_rgtc	Not Supported
	GL_EXT_texture_compression_s3tc	Supported
	GL_EXT_texture_cube_map	Not Supported
	GL_EXT_texture_cube_map_array	Not Supported
	GL_EXT_texture_edge_clamp	Supported
	GL_EXT_texture_env	Not Supported
	GL_EXT_texture_env_add	Supported
	GL_EXT_texture_env_combine	Supported
	GL_EXT_texture_env_dot3	Not Supported
	GL_EXT_texture_filter_anisotropic	Supported
	GL_EXT_texture_filter_minmax	Not Supported
	GL_EXT_texture_format_BGRA8888	Not Supported
	GL_EXT_texture_integer	Supported
	GL_EXT_texture_lod	Not Supported
	GL_EXT_texture_lod_bias	Supported
	GL_EXT_texture_mirror_clamp	Not Supported
	GL_EXT_texture_object	Not Supported
	GL_EXT_texture_perturb_normal	Not Supported
	GL_EXT_texture_rectangle	Supported
	GL_EXT_texture_rg	Not Supported
	GL_EXT_texture_shared_exponent	Supported
	GL_EXT_texture_snorm	Supported
	GL_EXT_texture_sRGB	Supported
	GL_EXT_texture_sRGB_decode	Supported
	GL_EXT_texture_storage	Supported
	GL_EXT_texture_swizzle	Supported
	GL_EXT_texture_type_2_10_10_10_REV	Not Supported
	GL_EXT_texture_view	Not Supported
	GL_EXT_texture3D	Supported
	GL_EXT_texture4D	Not Supported
	GL_EXT_timer_query	Not Supported
	GL_EXT_transform_feedback	Supported
	GL_EXT_transform_feedback2	Not Supported
	GL_EXT_transform_feedback3	Not Supported
	GL_EXT_unpack_subimage	Not Supported
	GL_EXT_vertex_array	Not Supported
	GL_EXT_vertex_array_bgra	Not Supported
	GL_EXT_vertex_array_set	Not Supported
	GL_EXT_vertex_array_setXXX	Not Supported
	GL_EXT_vertex_attrib_64bit	Not Supported
	GL_EXT_vertex_shader	Not Supported
	GL_EXT_vertex_weighting	Not Supported
	GL_EXT_x11_sync_object	Not Supported
	GL_EXTX_framebuffer_mixed_formats	Not Supported
	GL_EXTX_packed_depth_stencil	Not Supported
	GL_FGL_lock_texture	Not Supported
	GL_FJ_shader_binary_GCCSO	Not Supported
	GL_GL2_geometry_shader	Not Supported
	GL_GREMEDY_frame_terminator	Not Supported
	GL_GREMEDY_string_marker	Not Supported
	GL_HP_convolution_border_modes	Not Supported
	GL_HP_image_transform	Not Supported
	GL_HP_occlusion_test	Not Supported
	GL_HP_texture_lighting	Not Supported
	GL_I3D_argb	Not Supported
	GL_I3D_color_clamp	Not Supported
	GL_I3D_interlace_read	Not Supported
	GL_IBM_clip_check	Not Supported
	GL_IBM_cull_vertex	Not Supported
	GL_IBM_load_named_matrix	Not Supported
	GL_IBM_multi_draw_arrays	Not Supported
	GL_IBM_multimode_draw_arrays	Not Supported
	GL_IBM_occlusion_cull	Not Supported
	GL_IBM_pixel_filter_hint	Not Supported
	GL_IBM_rasterpos_clip	Not Supported
	GL_IBM_rescale_normal	Not Supported
	GL_IBM_static_data	Not Supported
	GL_IBM_texture_clamp_nodraw	Not Supported
	GL_IBM_texture_mirrored_repeat	Supported
	GL_IBM_vertex_array_lists	Not Supported
	GL_IBM_YCbCr	Not Supported
	GL_IMG_multisampled_render_to_texture	Not Supported
	GL_IMG_program_binary	Not Supported
	GL_IMG_read_format	Not Supported
	GL_IMG_sgx_binary	Not Supported
	GL_IMG_shader_binary	Not Supported
	GL_IMG_texture_compression_pvrtc	Not Supported
	GL_IMG_texture_compression_pvrtc2	Not Supported
	GL_IMG_texture_env_enhanced_fixed_function	Not Supported
	GL_IMG_texture_format_BGRA8888	Not Supported
	GL_IMG_user_clip_plane	Not Supported
	GL_IMG_vertex_program	Not Supported
	GL_INGR_blend_func_separate	Not Supported
	GL_INGR_color_clamp	Not Supported
	GL_INGR_interlace_read	Not Supported
	GL_INGR_multiple_palette	Not Supported
	GL_INTEL_compute_shader_lane_shift	Not Supported
	GL_INTEL_conservative_rasterization	Not Supported
	GL_INTEL_fragment_shader_ordering	Supported
	GL_INTEL_fragment_shader_span_sharing	Not Supported
	GL_INTEL_image_serialize	Not Supported
	GL_INTEL_map_texture	Supported
	GL_INTEL_multi_rate_fragment_shader	Not Supported
	GL_INTEL_parallel_arrays	Not Supported
	GL_INTEL_performance_queries	Not Supported
	GL_INTEL_performance_query	Supported
	GL_INTEL_texture_scissor	Not Supported
	GL_KHR_blend_equation_advanced	Supported
	GL_KHR_blend_equation_advanced_coherent	Not Supported
	GL_KHR_context_flush_control	Not Supported
	GL_KHR_debug	Supported
	GL_KHR_robust_buffer_access_behavior	Not Supported
	GL_KHR_robustness	Not Supported
	GL_KHR_texture_compression_astc_hdr	Not Supported
	GL_KHR_texture_compression_astc_ldr	Supported
	GL_KTX_buffer_region	Not Supported
	GL_MESA_pack_invert	Not Supported
	GL_MESA_program_debug	Not Supported
	GL_MESA_resize_buffers	Not Supported
	GL_MESA_texture_array	Not Supported
	GL_MESA_texture_signed_rgba	Not Supported
	GL_MESA_window_pos	Not Supported
	GL_MESA_ycbcr_texture	Not Supported
	GL_MESAX_texture_float	Not Supported
	GL_MESAX_texture_stack	Not Supported
	GL_MTX_fragment_shader	Not Supported
	GL_MTX_precision_dpi	Not Supported
	GL_NV_3dvision_settings	Not Supported
	GL_NV_alpha_test	Not Supported
	GL_NV_bgr	Not Supported
	GL_NV_bindless_multi_draw_indirect	Not Supported
	GL_NV_bindless_multi_draw_indirect_count	Not Supported
	GL_NV_bindless_texture	Not Supported
	GL_NV_blend_equation_advanced	Not Supported
	GL_NV_blend_equation_advanced_coherent	Not Supported
	GL_NV_blend_minmax	Not Supported
	GL_NV_blend_square	Supported
	GL_NV_centroid_sample	Not Supported
	GL_NV_command_list	Not Supported
	GL_NV_complex_primitives	Not Supported
	GL_NV_compute_program5	Not Supported
	GL_NV_conditional_render	Supported
	GL_NV_conservative_raster	Not Supported
	GL_NV_copy_buffer	Not Supported
	GL_NV_copy_depth_to_color	Not Supported
	GL_NV_copy_image	Not Supported
	GL_NV_coverage_sample	Not Supported
	GL_NV_deep_texture3D	Not Supported
	GL_NV_depth_buffer_float	Not Supported
	GL_NV_depth_clamp	Not Supported
	GL_NV_depth_nonlinear	Not Supported
	GL_NV_depth_range_unclamped	Not Supported
	GL_NV_draw_buffers	Not Supported
	GL_NV_draw_instanced	Not Supported
	GL_NV_draw_texture	Not Supported
	GL_NV_EGL_stream_consumer_external	Not Supported
	GL_NV_ES1_1_compatibility	Not Supported
	GL_NV_ES3_1_compatibility	Not Supported
	GL_NV_evaluators	Not Supported
	GL_NV_explicit_attrib_location	Not Supported
	GL_NV_explicit_multisample	Not Supported
	GL_NV_fbo_color_attachments	Not Supported
	GL_NV_fence	Not Supported
	GL_NV_fill_rectangle	Not Supported
	GL_NV_float_buffer	Not Supported
	GL_NV_fog_distance	Not Supported
	GL_NV_fragdepth	Not Supported
	GL_NV_fragment_coverage_to_color	Not Supported
	GL_NV_fragment_program	Not Supported
	GL_NV_fragment_program_option	Not Supported
	GL_NV_fragment_program2	Not Supported
	GL_NV_fragment_program4	Not Supported
	GL_NV_fragment_shader_interlock	Not Supported
	GL_NV_framebuffer_blit	Not Supported
	GL_NV_framebuffer_mixed_samples	Not Supported
	GL_NV_framebuffer_multisample	Not Supported
	GL_NV_framebuffer_multisample_coverage	Not Supported
	GL_NV_framebuffer_multisample_ex	Not Supported
	GL_NV_generate_mipmap_sRGB	Not Supported
	GL_NV_geometry_program4	Not Supported
	GL_NV_geometry_shader_passthrough	Not Supported
	GL_NV_geometry_shader4	Not Supported
	GL_NV_gpu_program_fp64	Not Supported
	GL_NV_gpu_program4	Not Supported
	GL_NV_gpu_program4_1	Not Supported
	GL_NV_gpu_program5	Not Supported
	GL_NV_gpu_program5_mem_extended	Not Supported
	GL_NV_gpu_shader5	Not Supported
	GL_NV_half_float	Not Supported
	GL_NV_instanced_arrays	Not Supported
	GL_NV_internalformat_sample_query	Not Supported
	GL_NV_light_max_exponent	Not Supported
	GL_NV_multisample_coverage	Not Supported
	GL_NV_multisample_filter_hint	Not Supported
	GL_NV_non_square_matrices	Not Supported
	GL_NV_occlusion_query	Not Supported
	GL_NV_pack_subimage	Not Supported
	GL_NV_packed_depth_stencil	Not Supported
	GL_NV_packed_float	Not Supported
	GL_NV_packed_float_linear	Not Supported
	GL_NV_parameter_buffer_object	Not Supported
	GL_NV_parameter_buffer_object2	Not Supported
	GL_NV_path_rendering	Not Supported
	GL_NV_path_rendering_shared_edge	Not Supported
	GL_NV_pixel_buffer_object	Not Supported
	GL_NV_pixel_data_range	Not Supported
	GL_NV_platform_binary	Not Supported
	GL_NV_point_sprite	Not Supported
	GL_NV_present_video	Not Supported
	GL_NV_primitive_restart	Supported
	GL_NV_read_buffer	Not Supported
	GL_NV_read_buffer_front	Not Supported
	GL_NV_read_depth	Not Supported
	GL_NV_read_depth_stencil	Not Supported
	GL_NV_read_stencil	Not Supported
	GL_NV_register_combiners	Not Supported
	GL_NV_register_combiners2	Not Supported
	GL_NV_sample_locations	Not Supported
	GL_NV_sample_mask_override_coverage	Not Supported
	GL_NV_shader_atomic_counters	Not Supported
	GL_NV_shader_atomic_float	Not Supported
	GL_NV_shader_atomic_fp16_vector	Not Supported
	GL_NV_shader_atomic_int64	Not Supported
	GL_NV_shader_buffer_load	Not Supported
	GL_NV_shader_buffer_store	Not Supported
	GL_NV_shader_storage_buffer_object	Not Supported
	GL_NV_shader_thread_group	Not Supported
	GL_NV_shader_thread_shuffle	Not Supported
	GL_NV_shadow_samplers_array	Not Supported
	GL_NV_shadow_samplers_cube	Not Supported
	GL_NV_sRGB_formats	Not Supported
	GL_NV_tessellation_program5	Not Supported
	GL_NV_texgen_emboss	Not Supported
	GL_NV_texgen_reflection	Supported
	GL_NV_texture_array	Not Supported
	GL_NV_texture_barrier	Not Supported
	GL_NV_texture_border_clamp	Not Supported
	GL_NV_texture_compression_latc	Not Supported
	GL_NV_texture_compression_s3tc	Not Supported
	GL_NV_texture_compression_s3tc_update	Not Supported
	GL_NV_texture_compression_vtc	Not Supported
	GL_NV_texture_env_combine4	Not Supported
	GL_NV_texture_expand_normal	Not Supported
	GL_NV_texture_lod_clamp	Not Supported
	GL_NV_texture_multisample	Not Supported
	GL_NV_texture_npot_2D_mipmap	Not Supported
	GL_NV_texture_rectangle	Not Supported
	GL_NV_texture_shader	Not Supported
	GL_NV_texture_shader2	Not Supported
	GL_NV_texture_shader3	Not Supported
	GL_NV_timer_query	Not Supported
	GL_NV_transform_feedback	Not Supported
	GL_NV_transform_feedback2	Not Supported
	GL_NV_uniform_buffer_unified_memory	Not Supported
	GL_NV_vdpau_interop	Not Supported
	GL_NV_vertex_array_range	Not Supported
	GL_NV_vertex_array_range2	Not Supported
	GL_NV_vertex_attrib_64bit	Not Supported
	GL_NV_vertex_attrib_integer_64bit	Not Supported
	GL_NV_vertex_buffer_unified_memory	Not Supported
	GL_NV_vertex_program	Not Supported
	GL_NV_vertex_program1_1	Not Supported
	GL_NV_vertex_program2	Not Supported
	GL_NV_vertex_program2_option	Not Supported
	GL_NV_vertex_program3	Not Supported
	GL_NV_vertex_program4	Not Supported
	GL_NV_video_capture	Not Supported
	GL_NV_viewport_array2	Not Supported
	GL_NVX_conditional_render	Not Supported
	GL_NVX_flush_hold	Not Supported
	GL_NVX_gpu_memory_info	Not Supported
	GL_NVX_instanced_arrays	Not Supported
	GL_NVX_nvenc_interop	Not Supported
	GL_NVX_shader_thread_group	Not Supported
	GL_NVX_shader_thread_shuffle	Not Supported
	GL_NVX_shared_sync_object	Not Supported
	GL_NVX_sysmem_buffer	Not Supported
	GL_NVX_ycrcb	Not Supported
	GL_OES_blend_equation_separate	Not Supported
	GL_OES_blend_func_separate	Not Supported
	GL_OES_blend_subtract	Not Supported
	GL_OES_byte_coordinates	Not Supported
	GL_OES_compressed_EAC_R11_signed_texture	Not Supported
	GL_OES_compressed_EAC_R11_unsigned_texture	Not Supported
	GL_OES_compressed_EAC_RG11_signed_texture	Not Supported
	GL_OES_compressed_EAC_RG11_unsigned_texture	Not Supported
	GL_OES_compressed_ETC1_RGB8_texture	Not Supported
	GL_OES_compressed_ETC2_punchthroughA_RGBA8_texture	Not Supported
	GL_OES_compressed_ETC2_punchthroughA_sRGB8_alpha_texture	Not Supported
	GL_OES_compressed_ETC2_RGB8_texture	Not Supported
	GL_OES_compressed_ETC2_RGBA8_texture	Not Supported
	GL_OES_compressed_ETC2_sRGB8_alpha8_texture	Not Supported
	GL_OES_compressed_ETC2_sRGB8_texture	Not Supported
	GL_OES_compressed_paletted_texture	Not Supported
	GL_OES_conditional_query	Not Supported
	GL_OES_depth_texture	Not Supported
	GL_OES_depth_texture_cube_map	Not Supported
	GL_OES_depth24	Not Supported
	GL_OES_depth32	Not Supported
	GL_OES_draw_texture	Not Supported
	GL_OES_EGL_image	Not Supported
	GL_OES_EGL_image_external	Not Supported
	GL_OES_EGL_sync	Not Supported
	GL_OES_element_index_uint	Not Supported
	GL_OES_extended_matrix_palette	Not Supported
	GL_OES_fbo_render_mipmap	Not Supported
	GL_OES_fixed_point	Not Supported
	GL_OES_fragment_precision_high	Not Supported
	GL_OES_framebuffer_object	Not Supported
	GL_OES_get_program_binary	Not Supported
	GL_OES_mapbuffer	Not Supported
	GL_OES_matrix_get	Not Supported
	GL_OES_matrix_palette	Not Supported
	GL_OES_packed_depth_stencil	Not Supported
	GL_OES_point_size_array	Not Supported
	GL_OES_point_sprite	Not Supported
	GL_OES_query_matrix	Not Supported
	GL_OES_read_format	Not Supported
	GL_OES_required_internalformat	Not Supported
	GL_OES_rgb8_rgba8	Not Supported
	GL_OES_sample_shading	Not Supported
	GL_OES_sample_variables	Not Supported
	GL_OES_shader_image_atomic	Not Supported
	GL_OES_shader_multisample_interpolation	Not Supported
	GL_OES_single_precision	Not Supported
	GL_OES_standard_derivatives	Not Supported
	GL_OES_stencil_wrap	Not Supported
	GL_OES_stencil1	Not Supported
	GL_OES_stencil4	Not Supported
	GL_OES_stencil8	Not Supported
	GL_OES_surfaceless_context	Not Supported
	GL_OES_texture_3D	Not Supported
	GL_OES_texture_compression_astc	Not Supported
	GL_OES_texture_cube_map	Not Supported
	GL_OES_texture_env_crossbar	Not Supported
	GL_OES_texture_float	Not Supported
	GL_OES_texture_float_linear	Not Supported
	GL_OES_texture_half_float	Not Supported
	GL_OES_texture_half_float_linear	Not Supported
	GL_OES_texture_mirrored_repeat	Not Supported
	GL_OES_texture_npot	Not Supported
	GL_OES_texture_stencil8	Not Supported
	GL_OES_texture_storage_multisample_2d_array	Not Supported
	GL_OES_vertex_array_object	Not Supported
	GL_OES_vertex_half_float	Not Supported
	GL_OES_vertex_type_10_10_10_2	Not Supported
	GL_OML_interlace	Not Supported
	GL_OML_resample	Not Supported
	GL_OML_subsample	Not Supported
	GL_PGI_misc_hints	Not Supported
	GL_PGI_vertex_hints	Not Supported
	GL_QCOM_alpha_test	Not Supported
	GL_QCOM_binning_control	Not Supported
	GL_QCOM_driver_control	Not Supported
	GL_QCOM_extended_get	Not Supported
	GL_QCOM_extended_get2	Not Supported
	GL_QCOM_perfmon_global_mode	Not Supported
	GL_QCOM_tiled_rendering	Not Supported
	GL_QCOM_writeonly_rendering	Not Supported
	GL_REND_screen_coordinates	Not Supported
	GL_S3_performance_analyzer	Not Supported
	GL_S3_s3tc	Not Supported
	GL_SGI_color_matrix	Not Supported
	GL_SGI_color_table	Not Supported
	GL_SGI_compiled_vertex_array	Not Supported
	GL_SGI_cull_vertex	Not Supported
	GL_SGI_index_array_formats	Not Supported
	GL_SGI_index_func	Not Supported
	GL_SGI_index_material	Not Supported
	GL_SGI_index_texture	Not Supported
	GL_SGI_make_current_read	Not Supported
	GL_SGI_texture_add_env	Not Supported
	GL_SGI_texture_color_table	Not Supported
	GL_SGI_texture_edge_clamp	Not Supported
	GL_SGI_texture_lod	Not Supported
	GL_SGIS_color_range	Not Supported
	GL_SGIS_detail_texture	Not Supported
	GL_SGIS_fog_function	Not Supported
	GL_SGIS_generate_mipmap	Supported
	GL_SGIS_multisample	Not Supported
	GL_SGIS_multitexture	Not Supported
	GL_SGIS_pixel_texture	Not Supported
	GL_SGIS_point_line_texgen	Not Supported
	GL_SGIS_sharpen_texture	Not Supported
	GL_SGIS_texture_border_clamp	Not Supported
	GL_SGIS_texture_color_mask	Not Supported
	GL_SGIS_texture_edge_clamp	Supported
	GL_SGIS_texture_filter4	Not Supported
	GL_SGIS_texture_lod	Supported
	GL_SGIS_texture_select	Not Supported
	GL_SGIS_texture4D	Not Supported
	GL_SGIX_async	Not Supported
	GL_SGIX_async_histogram	Not Supported
	GL_SGIX_async_pixel	Not Supported
	GL_SGIX_blend_alpha_minmax	Not Supported
	GL_SGIX_clipmap	Not Supported
	GL_SGIX_convolution_accuracy	Not Supported
	GL_SGIX_depth_pass_instrument	Not Supported
	GL_SGIX_depth_texture	Not Supported
	GL_SGIX_flush_raster	Not Supported
	GL_SGIX_fog_offset	Not Supported
	GL_SGIX_fog_texture	Not Supported
	GL_SGIX_fragment_specular_lighting	Not Supported
	GL_SGIX_framezoom	Not Supported
	GL_SGIX_instruments	Not Supported
	GL_SGIX_interlace	Not Supported
	GL_SGIX_ir_instrument1	Not Supported
	GL_SGIX_list_priority	Not Supported
	GL_SGIX_pbuffer	Not Supported
	GL_SGIX_pixel_texture	Not Supported
	GL_SGIX_pixel_texture_bits	Not Supported
	GL_SGIX_reference_plane	Not Supported
	GL_SGIX_resample	Not Supported
	GL_SGIX_shadow	Not Supported
	GL_SGIX_shadow_ambient	Not Supported
	GL_SGIX_sprite	Not Supported
	GL_SGIX_subsample	Not Supported
	GL_SGIX_tag_sample_buffer	Not Supported
	GL_SGIX_texture_add_env	Not Supported
	GL_SGIX_texture_coordinate_clamp	Not Supported
	GL_SGIX_texture_lod_bias	Not Supported
	GL_SGIX_texture_multi_buffer	Not Supported
	GL_SGIX_texture_range	Not Supported
	GL_SGIX_texture_scale_bias	Not Supported
	GL_SGIX_vertex_preclip	Not Supported
	GL_SGIX_vertex_preclip_hint	Not Supported
	GL_SGIX_ycrcb	Not Supported
	GL_SGIX_ycrcb_subsample	Not Supported
	GL_SUN_convolution_border_modes	Not Supported
	GL_SUN_global_alpha	Not Supported
	GL_SUN_mesh_array	Not Supported
	GL_SUN_multi_draw_arrays	Supported
	GL_SUN_read_video_pixels	Not Supported
	GL_SUN_slice_accum	Not Supported
	GL_SUN_triangle_list	Not Supported
	GL_SUN_vertex	Not Supported
	GL_SUNX_constant_data	Not Supported
	GL_VIV_shader_binary	Not Supported
	GL_WGL_ARB_extensions_string	Not Supported
	GL_WGL_EXT_extensions_string	Not Supported
	GL_WGL_EXT_swap_control	Not Supported
	GL_WIN_phong_shading	Not Supported
	GL_WIN_specular_fog	Not Supported
	GL_WIN_swap_hint	Supported
	GLU_EXT_nurbs_tessellator	Not Supported
	GLU_EXT_object_space_tess	Not Supported
	GLU_SGI_filter4_parameters	Not Supported
	GLX_AMD_gpu_association	Not Supported
	GLX_ARB_create_context	Not Supported
	GLX_ARB_create_context_profile	Not Supported
	GLX_ARB_create_context_robustness	Not Supported
	GLX_ARB_fbconfig_float	Not Supported
	GLX_ARB_framebuffer_sRGB	Not Supported
	GLX_ARB_get_proc_address	Not Supported
	GLX_ARB_multisample	Not Supported
	GLX_ARB_robustness_application_isolation	Not Supported
	GLX_ARB_robustness_share_group_isolation	Not Supported
	GLX_ARB_vertex_buffer_object	Not Supported
	GLX_EXT_buffer_age	Not Supported
	GLX_EXT_create_context_es_profile	Not Supported
	GLX_EXT_create_context_es2_profile	Not Supported
	GLX_EXT_fbconfig_packed_float	Not Supported
	GLX_EXT_framebuffer_sRGB	Not Supported
	GLX_EXT_import_context	Not Supported
	GLX_EXT_scene_marker	Not Supported
	GLX_EXT_swap_control	Not Supported
	GLX_EXT_swap_control_tear	Not Supported
	GLX_EXT_texture_from_pixmap	Not Supported
	GLX_EXT_visual_info	Not Supported
	GLX_EXT_visual_rating	Not Supported
	GLX_INTEL_swap_event	Not Supported
	GLX_MESA_agp_offset	Not Supported
	GLX_MESA_copy_sub_buffer	Not Supported
	GLX_MESA_multithread_makecurrent	Not Supported
	GLX_MESA_pixmap_colormap	Not Supported
	GLX_MESA_query_renderer	Not Supported
	GLX_MESA_release_buffers	Not Supported
	GLX_MESA_set_3dfx_mode	Not Supported
	GLX_MESA_swap_control	Not Supported
	GLX_NV_copy_image	Not Supported
	GLX_NV_delay_before_swap	Not Supported
	GLX_NV_float_buffer	Not Supported
	GLX_NV_multisample_coverage	Not Supported
	GLX_NV_present_video	Not Supported
	GLX_NV_swap_group	Not Supported
	GLX_NV_video_capture	Not Supported
	GLX_NV_video_out	Not Supported
	GLX_NV_video_output	Not Supported
	GLX_OML_interlace	Not Supported
	GLX_OML_swap_method	Not Supported
	GLX_OML_sync_control	Not Supported
	GLX_SGI_cushion	Not Supported
	GLX_SGI_make_current_read	Not Supported
	GLX_SGI_swap_control	Not Supported
	GLX_SGI_video_sync	Not Supported
	GLX_SGIS_blended_overlay	Not Supported
	GLX_SGIS_color_range	Not Supported
	GLX_SGIS_multisample	Not Supported
	GLX_SGIX_dm_buffer	Not Supported
	GLX_SGIX_fbconfig	Not Supported
	GLX_SGIX_hyperpipe	Not Supported
	GLX_SGIX_pbuffer	Not Supported
	GLX_SGIX_swap_barrier	Not Supported
	GLX_SGIX_swap_group	Not Supported
	GLX_SGIX_video_resize	Not Supported
	GLX_SGIX_video_source	Not Supported
	GLX_SGIX_visual_select_group	Not Supported
	GLX_SUN_get_transparent_index	Not Supported
	GLX_SUN_video_resize	Not Supported
	WGL_3DFX_gamma_control	Not Supported
	WGL_3DFX_multisample	Not Supported
	WGL_3DL_stereo_control	Not Supported
	WGL_AMD_gpu_association	Not Supported
	WGL_AMDX_gpu_association	Not Supported
	WGL_ARB_buffer_region	Supported
	WGL_ARB_context_flush_control	Not Supported
	WGL_ARB_create_context	Supported
	WGL_ARB_create_context_profile	Supported
	WGL_ARB_create_context_robustness	Supported
	WGL_ARB_extensions_string	Supported
	WGL_ARB_framebuffer_sRGB	Supported
	WGL_ARB_make_current_read	Supported
	WGL_ARB_multisample	Supported
	WGL_ARB_pbuffer	Supported
	WGL_ARB_pixel_format	Supported
	WGL_ARB_pixel_format_float	Supported
	WGL_ARB_render_texture	Not Supported
	WGL_ARB_robustness_application_isolation	Not Supported
	WGL_ARB_robustness_share_group_isolation	Not Supported
	WGL_ATI_pbuffer_memory_hint	Not Supported
	WGL_ATI_pixel_format_float	Not Supported
	WGL_ATI_render_texture_rectangle	Not Supported
	WGL_EXT_buffer_region	Not Supported
	WGL_EXT_create_context_es_profile	Supported
	WGL_EXT_create_context_es2_profile	Supported
	WGL_EXT_depth_float	Supported
	WGL_EXT_display_color_table	Not Supported
	WGL_EXT_extensions_string	Supported
	WGL_EXT_framebuffer_sRGB	Not Supported
	WGL_EXT_framebuffer_sRGBWGL_ARB_create_context	Not Supported
	WGL_EXT_gamma_control	Not Supported
	WGL_EXT_make_current_read	Not Supported
	WGL_EXT_multisample	Not Supported
	WGL_EXT_pbuffer	Not Supported
	WGL_EXT_pixel_format	Not Supported
	WGL_EXT_pixel_format_packed_float	Supported
	WGL_EXT_render_texture	Not Supported
	WGL_EXT_swap_control	Supported
	WGL_EXT_swap_control_tear	Supported
	WGL_EXT_swap_interval	Not Supported
	WGL_I3D_digital_video_control	Not Supported
	WGL_I3D_gamma	Not Supported
	WGL_I3D_genlock	Not Supported
	WGL_I3D_image_buffer	Not Supported
	WGL_I3D_swap_frame_lock	Not Supported
	WGL_I3D_swap_frame_usage	Not Supported
	WGL_MTX_video_preview	Not Supported
	WGL_NV_copy_image	Not Supported
	WGL_NV_delay_before_swap	Not Supported
	WGL_NV_DX_interop	Supported
	WGL_NV_DX_interop2	Not Supported
	WGL_NV_float_buffer	Not Supported
	WGL_NV_gpu_affinity	Not Supported
	WGL_NV_multisample_coverage	Not Supported
	WGL_NV_present_video	Not Supported
	WGL_NV_render_depth_texture	Not Supported
	WGL_NV_render_texture_rectangle	Not Supported
	WGL_NV_swap_group	Not Supported
	WGL_NV_texture_rectangle	Not Supported
	WGL_NV_vertex_array_range	Not Supported
	WGL_NV_video_capture	Not Supported
	WGL_NV_video_output	Not Supported
	WGL_NVX_DX_interop	Not Supported
	WGL_OML_sync_control	Not Supported
	WGL_S3_cl_sharingWGL_ARB_create_context_profile	Not Supported

Supported Compressed Texture Formats:
	RGB DXT1	Supported
	RGBA DXT1	Supported
	RGBA DXT3	Supported
	RGBA DXT5	Supported
	RGB FXT1	Supported
	RGBA FXT1	Supported
	3Dc	Not Supported

Video Adapter Manufacturer:
	Company Name	Intel Corporation
	Product Information	http://www.intel.com/products/chipsets
	Driver Download	http://support.intel.com/support/graphics
	Driver Update	http://www.aida64.com/driver-updates

GPGPU


[ Direct3D: Intel(R) HD Graphics ]

	Device Properties:
		Device Name	Intel(R) HD Graphics
		PCI Device	8086-22B0 / 1043-1BDD (Rev 20)
		Dedicated Memory	130 MB
		Driver Name	igdumdim32.dll
		Driver Version	10.18.15.4256
		Shader Model	SM 5.1
		Max Threads	1024
		Multiple UAV Access	64 UAVs
		Thread Dispatch	3D
		Thread Local Storage	32 KB

	Device Features:
		10-bit Precision Floating-Point	Not Supported
		16-bit Precision Floating-Point	Supported
		Append/Consume Buffers	Supported
		Atomic Operations	Supported
		Double-Precision Floating-Point	Supported
		Gather4	Supported
		Indirect Compute Dispatch	Supported
		Map On Default Buffers	Supported

	Device Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

[ OpenCL: Intel(R) HD Graphics ]

	OpenCL Properties:
		Platform Name	Intel(R) OpenCL
		Platform Vendor	Intel(R) Corporation
		Platform Version	OpenCL 1.2
		Platform Profile	Full

	Device Properties:
		Device Name	Intel(R) HD Graphics
		Device Type	GPU
		Device Vendor	Intel(R) Corporation
		Device Version	OpenCL 1.2
		Device Profile	Full
		Driver Version	10.18.15.4256
		OpenCL C Version	OpenCL C 1.2
		Supported Built-In Kernels	block_motion_estimate_intel; block_advanced_motion_estimate_check_intel
		Supported SPIR Versions	1.2
		Clock Rate	600 MHz
		Compute Units / Cores	12 / 48
		Address Space Size	32-bit
		Max 2D Image Size	16384 x 16384
		Max 3D Image Size	2048 x 2048 x 2048
		Max Image Array Size	2048
		Max Image Buffer Size	12738688
		Max Samplers	16
		Max Work-Item Size	256 x 256 x 256
		Max Work-Group Size	256
		Max Argument Size	1 KB
		Max Constant Buffer Size	64 KB
		Max Constant Arguments	8
		Max Printf Buffer Size	4 MB
		Native ISA Vector Widths	char1, short1, int1, half1, float1
		Preferred Native Vector Widths	char1, short1, int1, long1, half1, float1
		Profiling Timer Resolution	80 ns
		OpenCL DLL	opencl.dll (2.0.2.0)

	Memory Properties:
		Global Memory	777 MB
		Global Memory Cache	256 KB (Read/Write, 64-byte line)
		Local Memory	64 KB
		Max Memory Object Allocation Size	199042 KB
		Memory Base Address Alignment	1024-bit
		Min Data Type Alignment	128 bytes
		Image Row Pitch Alignment	4 pixels
		Image Base Address Alignment	4 pixels

	OpenCL Compliancy:
		OpenCL 1.1	Yes (100%)
		OpenCL 1.2	Yes (100%)
		OpenCL 2.0	Yes (100%)

	Device Features:
		Command-Queue Out Of Order Execution	Disabled
		Command-Queue Profiling	Enabled
		Compiler Available	Yes
		Error Correction	Not Supported
		Images	Supported
		Kernel Execution	Supported
		Linker Available	Yes
		Little-Endian Device	Yes
		Native Kernel Execution	Not Supported
		SVM Atomics	Not Supported
		SVM Coarse Grain Buffer	Not Supported
		SVM Fine Grain Buffer	Not Supported
		SVM Fine Grain System	Not Supported
		Thread Trace	Not Supported
		Unified Memory	Yes

	Half-Precision Floating-Point Capabilities:
		Correctly Rounded Divide and Sqrt	Not Supported
		Denorms	Not Supported
		IEEE754-2008 FMA	Not Supported
		INF and NaNs	Supported
		Rounding to Infinity	Supported
		Rounding to Nearest Even	Supported
		Rounding to Zero	Supported
		Software Basic Floating-Point Operations	No

	Single-Precision Floating-Point Capabilities:
		Correctly Rounded Divide and Sqrt	Supported
		Denorms	Supported
		IEEE754-2008 FMA	Not Supported
		INF and NaNs	Supported
		Rounding to Infinity	Supported
		Rounding to Nearest Even	Supported
		Rounding to Zero	Supported
		Software Basic Floating-Point Operations	No

	Double-Precision Floating-Point Capabilities:
		Correctly Rounded Divide and Sqrt	Not Supported
		Denorms	Not Supported
		IEEE754-2008 FMA	Not Supported
		INF and NaNs	Not Supported
		Rounding to Infinity	Not Supported
		Rounding to Nearest Even	Not Supported
		Rounding to Zero	Not Supported
		Software Basic Floating-Point Operations	No

	Device Extensions:
		Total / Supported Extensions	90 / 26
		cl_altera_compiler_mode	Not Supported
		cl_altera_device_temperature	Not Supported
		cl_altera_live_object_tracking	Not Supported
		cl_amd_bus_addressable_memory	Not Supported
		cl_amd_c1x_atomics	Not Supported
		cl_amd_compile_options	Not Supported
		cl_amd_core_id	Not Supported
		cl_amd_d3d10_interop	Not Supported
		cl_amd_d3d9_interop	Not Supported
		cl_amd_device_attribute_query	Not Supported
		cl_amd_device_board_name	Not Supported
		cl_amd_device_memory_flags	Not Supported
		cl_amd_device_persistent_memory	Not Supported
		cl_amd_device_profiling_timer_offset	Not Supported
		cl_amd_device_topology	Not Supported
		cl_amd_event_callback	Not Supported
		cl_amd_fp64	Not Supported
		cl_amd_hsa	Not Supported
		cl_amd_image2d_from_buffer_read_only	Not Supported
		cl_amd_media_ops	Not Supported
		cl_amd_media_ops2	Not Supported
		cl_amd_offline_devices	Not Supported
		cl_amd_popcnt	Not Supported
		cl_amd_predefined_macros	Not Supported
		cl_amd_printf	Not Supported
		cl_amd_svm	Not Supported
		cl_amd_vec3	Not Supported
		cl_apple_contextloggingfunctions	Not Supported
		cl_apple_gl_sharing	Not Supported
		cl_apple_setmemobjectdestructor	Not Supported
		cl_arm_core_id	Not Supported
		cl_arm_printf	Not Supported
		cl_ext_atomic_counters_32	Not Supported
		cl_ext_atomic_counters_64	Not Supported
		cl_ext_device_fission	Not Supported
		cl_ext_migrate_memobject	Not Supported
		cl_intel_accelerator	Supported
		cl_intel_advanced_motion_estimation	Supported
		cl_intel_ctz	Supported
		cl_intel_d3d11_nv12_media_sharing	Supported
		cl_intel_device_partition_by_names	Not Supported
		cl_intel_dx9_media_sharing	Supported
		cl_intel_exec_by_local_thread	Not Supported
		cl_intel_motion_estimation	Supported
		cl_intel_printf	Not Supported
		cl_intel_simultaneous_sharing	Supported
		cl_intel_subgroups	Supported
		cl_intel_thread_local_exec	Not Supported
		cl_intel_va_api_media_sharing	Not Supported
		cl_intel_visual_analytics	Not Supported
		cl_khr_3d_image_writes	Supported
		cl_khr_byte_addressable_store	Supported
		cl_khr_context_abort	Not Supported
		cl_khr_d3d10_sharing	Supported
		cl_khr_d3d11_sharing	Supported
		cl_khr_depth_images	Supported
		cl_khr_dx9_media_sharing	Supported
		cl_khr_egl_event	Not Supported
		cl_khr_egl_image	Not Supported
		cl_khr_fp16	Supported
		cl_khr_fp64	Not Supported
		cl_khr_gl_depth_images	Supported
		cl_khr_gl_event	Supported
		cl_khr_gl_msaa_sharing	Supported
		cl_khr_gl_sharing	Supported
		cl_khr_global_int32_base_atomics	Supported
		cl_khr_global_int32_extended_atomics	Supported
		cl_khr_icd	Supported
		cl_khr_image2d_from_buffer	Supported
		cl_khr_initialize_memory	Not Supported
		cl_khr_int64_base_atomics	Not Supported
		cl_khr_int64_extended_atomics	Not Supported
		cl_khr_local_int32_base_atomics	Supported
		cl_khr_local_int32_extended_atomics	Supported
		cl_khr_mipmap_image	Not Supported
		cl_khr_mipmap_image_writes	Not Supported
		cl_khr_select_fprounding_mode	Not Supported
		cl_khr_spir	Supported
		cl_khr_srgb_image_writes	Not Supported
		cl_khr_subgroups	Not Supported
		cl_khr_terminate_context	Not Supported
		cl_nv_compiler_options	Not Supported
		cl_nv_copy_opts	Not Supported
		cl_nv_d3d10_sharing	Not Supported
		cl_nv_d3d11_sharing	Not Supported
		cl_nv_d3d9_sharing	Not Supported
		cl_nv_device_attribute_query	Not Supported
		cl_nv_pragma_unroll	Not Supported
		cl_qcom_ext_host_ptr	Not Supported
		cl_qcom_ion_host_ptr	Not Supported

	Device Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

[ OpenCL: Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz ]

	OpenCL Properties:
		Platform Name	Intel(R) OpenCL
		Platform Vendor	Intel(R) Corporation
		Platform Version	OpenCL 1.2
		Platform Profile	Full

	Device Properties:
		Device Name	Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz
		Device Type	CPU
		Device Vendor	Intel(R) Corporation
		Device Version	OpenCL 1.2 (Build 10049)
		Device Profile	Full
		Driver Version	5.2.0.10049
		OpenCL C Version	OpenCL C 1.2
		Supported SPIR Versions	1.2
		Clock Rate	1440 MHz
		Compute Units	4
		Address Space Size	32-bit
		Max 2D Image Size	16384 x 16384
		Max 3D Image Size	2048 x 2048 x 2048
		Max Image Array Size	2048
		Max Image Buffer Size	32174400
		Max Samplers	480
		Max Work-Item Size	8192 x 8192 x 8192
		Max Work-Group Size	8192
		Max Global Variable Size	64 KB
		Preferred Global Variables Total Size	64 KB
		Max Argument Size	3840 bytes
		Max Constant Buffer Size	128 KB
		Max Constant Arguments	480
		Max Pipe Arguments	16
		Max Printf Buffer Size	1 MB
		Native ISA Vector Widths	char16, short8, int2, float4
		Preferred Native Vector Widths	char1, short1, int1, long1, float1
		Profiling Timer Resolution	711 ns
		OpenCL DLL	opencl.dll (2.0.2.0)

	Memory Properties:
		Global Memory	1963 MB
		Global Memory Cache	1024 KB (Read/Write, 64-byte line)
		Local Memory	32 KB
		Max Memory Object Allocation Size	502725 KB
		Memory Base Address Alignment	1024-bit
		Min Data Type Alignment	128 bytes
		Image Row Pitch Alignment	64 pixels
		Image Base Address Alignment	64 pixels
		Preferred Platform Atomic Alignment	64 bytes
		Preferred Global Atomic Alignment	64 bytes

	OpenCL Compliancy:
		OpenCL 1.1	Yes (100%)
		OpenCL 1.2	Yes (100%)
		OpenCL 2.0	No (87%)

	Device Features:
		Command-Queue Out Of Order Execution	Enabled
		Command-Queue Profiling	Enabled
		Compiler Available	Yes
		Error Correction	Not Supported
		Images	Supported
		Kernel Execution	Supported
		Linker Available	Yes
		Little-Endian Device	Yes
		Native Kernel Execution	Supported
		SVM Atomics	Supported
		SVM Coarse Grain Buffer	Supported
		SVM Fine Grain Buffer	Supported
		SVM Fine Grain System	Supported
		Thread Trace	Not Supported
		Unified Memory	Yes

	Half-Precision Floating-Point Capabilities:
		Correctly Rounded Divide and Sqrt	Not Supported
		Denorms	Not Supported
		IEEE754-2008 FMA	Not Supported
		INF and NaNs	Not Supported
		Rounding to Infinity	Not Supported
		Rounding to Nearest Even	Not Supported
		Rounding to Zero	Not Supported
		Software Basic Floating-Point Operations	No

	Single-Precision Floating-Point Capabilities:
		Correctly Rounded Divide and Sqrt	Not Supported
		Denorms	Supported
		IEEE754-2008 FMA	Not Supported
		INF and NaNs	Supported
		Rounding to Infinity	Not Supported
		Rounding to Nearest Even	Supported
		Rounding to Zero	Not Supported
		Software Basic Floating-Point Operations	No

	Double-Precision Floating-Point Capabilities:
		Correctly Rounded Divide and Sqrt	Not Supported
		Denorms	Not Supported
		IEEE754-2008 FMA	Not Supported
		INF and NaNs	Not Supported
		Rounding to Infinity	Not Supported
		Rounding to Nearest Even	Not Supported
		Rounding to Zero	Not Supported
		Software Basic Floating-Point Operations	No

	Device Extensions:
		Total / Supported Extensions	90 / 14
		cl_altera_compiler_mode	Not Supported
		cl_altera_device_temperature	Not Supported
		cl_altera_live_object_tracking	Not Supported
		cl_amd_bus_addressable_memory	Not Supported
		cl_amd_c1x_atomics	Not Supported
		cl_amd_compile_options	Not Supported
		cl_amd_core_id	Not Supported
		cl_amd_d3d10_interop	Not Supported
		cl_amd_d3d9_interop	Not Supported
		cl_amd_device_attribute_query	Not Supported
		cl_amd_device_board_name	Not Supported
		cl_amd_device_memory_flags	Not Supported
		cl_amd_device_persistent_memory	Not Supported
		cl_amd_device_profiling_timer_offset	Not Supported
		cl_amd_device_topology	Not Supported
		cl_amd_event_callback	Not Supported
		cl_amd_fp64	Not Supported
		cl_amd_hsa	Not Supported
		cl_amd_image2d_from_buffer_read_only	Not Supported
		cl_amd_media_ops	Not Supported
		cl_amd_media_ops2	Not Supported
		cl_amd_offline_devices	Not Supported
		cl_amd_popcnt	Not Supported
		cl_amd_predefined_macros	Not Supported
		cl_amd_printf	Not Supported
		cl_amd_svm	Not Supported
		cl_amd_vec3	Not Supported
		cl_apple_contextloggingfunctions	Not Supported
		cl_apple_gl_sharing	Not Supported
		cl_apple_setmemobjectdestructor	Not Supported
		cl_arm_core_id	Not Supported
		cl_arm_printf	Not Supported
		cl_ext_atomic_counters_32	Not Supported
		cl_ext_atomic_counters_64	Not Supported
		cl_ext_device_fission	Not Supported
		cl_ext_migrate_memobject	Not Supported
		cl_intel_accelerator	Not Supported
		cl_intel_advanced_motion_estimation	Not Supported
		cl_intel_ctz	Not Supported
		cl_intel_d3d11_nv12_media_sharing	Not Supported
		cl_intel_device_partition_by_names	Not Supported
		cl_intel_dx9_media_sharing	Supported
		cl_intel_exec_by_local_thread	Supported
		cl_intel_motion_estimation	Not Supported
		cl_intel_printf	Not Supported
		cl_intel_simultaneous_sharing	Not Supported
		cl_intel_subgroups	Not Supported
		cl_intel_thread_local_exec	Not Supported
		cl_intel_va_api_media_sharing	Not Supported
		cl_intel_visual_analytics	Not Supported
		cl_khr_3d_image_writes	Supported
		cl_khr_byte_addressable_store	Supported
		cl_khr_context_abort	Not Supported
		cl_khr_d3d10_sharing	Not Supported
		cl_khr_d3d11_sharing	Supported
		cl_khr_depth_images	Supported
		cl_khr_dx9_media_sharing	Supported
		cl_khr_egl_event	Not Supported
		cl_khr_egl_image	Not Supported
		cl_khr_fp16	Not Supported
		cl_khr_fp64	Not Supported
		cl_khr_gl_depth_images	Not Supported
		cl_khr_gl_event	Not Supported
		cl_khr_gl_msaa_sharing	Not Supported
		cl_khr_gl_sharing	Supported
		cl_khr_global_int32_base_atomics	Supported
		cl_khr_global_int32_extended_atomics	Supported
		cl_khr_icd	Supported
		cl_khr_image2d_from_buffer	Not Supported
		cl_khr_initialize_memory	Not Supported
		cl_khr_int64_base_atomics	Not Supported
		cl_khr_int64_extended_atomics	Not Supported
		cl_khr_local_int32_base_atomics	Supported
		cl_khr_local_int32_extended_atomics	Supported
		cl_khr_mipmap_image	Not Supported
		cl_khr_mipmap_image_writes	Not Supported
		cl_khr_select_fprounding_mode	Not Supported
		cl_khr_spir	Supported
		cl_khr_srgb_image_writes	Not Supported
		cl_khr_subgroups	Not Supported
		cl_khr_terminate_context	Not Supported
		cl_nv_compiler_options	Not Supported
		cl_nv_copy_opts	Not Supported
		cl_nv_d3d10_sharing	Not Supported
		cl_nv_d3d11_sharing	Not Supported
		cl_nv_d3d9_sharing	Not Supported
		cl_nv_device_attribute_query	Not Supported
		cl_nv_pragma_unroll	Not Supported
		cl_qcom_ext_host_ptr	Not Supported
		cl_qcom_ion_host_ptr	Not Supported

	Device Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

Fonts


Font Family	Type	Style	Character Set	Char. Size	Char. Weight
@Malgun Gothic Semilight	Swiss	Regular	Baltic	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	CHINESE_BIG5	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	CHINESE_GB2312	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Cyrillic	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Greek	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Hangul(Johab)	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Hangul	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Hebrew	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Japanese	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Turkish	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Vietnamese	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Western	31 x 43	30 %
@Malgun Gothic	Swiss	Regular	Hangul	15 x 43	40 %
@Malgun Gothic	Swiss	Regular	Western	15 x 43	40 %
@Microsoft JhengHei Light	Swiss	Regular	CHINESE_BIG5	32 x 43	29 %
@Microsoft JhengHei Light	Swiss	Regular	Greek	32 x 43	29 %
@Microsoft JhengHei Light	Swiss	Regular	Western	32 x 43	29 %
@Microsoft JhengHei UI Light	Swiss	Regular	CHINESE_BIG5	32 x 41	29 %
@Microsoft JhengHei UI Light	Swiss	Regular	Greek	32 x 41	29 %
@Microsoft JhengHei UI Light	Swiss	Regular	Western	32 x 41	29 %
@Microsoft JhengHei UI	Swiss	Regular	CHINESE_BIG5	15 x 41	40 %
@Microsoft JhengHei UI	Swiss	Regular	Greek	15 x 41	40 %
@Microsoft JhengHei UI	Swiss	Regular	Western	15 x 41	40 %
@Microsoft JhengHei	Swiss	Regular	CHINESE_BIG5	15 x 43	40 %
@Microsoft JhengHei	Swiss	Regular	Greek	15 x 43	40 %
@Microsoft JhengHei	Swiss	Regular	Western	15 x 43	40 %
@Microsoft YaHei Light	Swiss	Regular	Central European	15 x 41	29 %
@Microsoft YaHei Light	Swiss	Regular	CHINESE_GB2312	15 x 41	29 %
@Microsoft YaHei Light	Swiss	Regular	Cyrillic	15 x 41	29 %
@Microsoft YaHei Light	Swiss	Regular	Greek	15 x 41	29 %
@Microsoft YaHei Light	Swiss	Regular	Western	15 x 41	29 %
@Microsoft YaHei UI Light	Swiss	Regular	Central European	15 x 42	29 %
@Microsoft YaHei UI Light	Swiss	Regular	CHINESE_GB2312	15 x 42	29 %
@Microsoft YaHei UI Light	Swiss	Regular	Cyrillic	15 x 42	29 %
@Microsoft YaHei UI Light	Swiss	Regular	Greek	15 x 42	29 %
@Microsoft YaHei UI Light	Swiss	Regular	Western	15 x 42	29 %
@Microsoft YaHei UI	Swiss	Regular	Central European	15 x 41	40 %
@Microsoft YaHei UI	Swiss	Regular	CHINESE_GB2312	15 x 41	40 %
@Microsoft YaHei UI	Swiss	Regular	Cyrillic	15 x 41	40 %
@Microsoft YaHei UI	Swiss	Regular	Greek	15 x 41	40 %
@Microsoft YaHei UI	Swiss	Regular	Turkish	15 x 41	40 %
@Microsoft YaHei UI	Swiss	Regular	Western	15 x 41	40 %
@Microsoft YaHei	Swiss	Regular	Central European	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	CHINESE_GB2312	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	Cyrillic	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	Greek	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	Turkish	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	Western	15 x 42	40 %
@MingLiU_HKSCS-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
@MingLiU_HKSCS-ExtB	Roman	Regular	Western	16 x 32	40 %
@MingLiU-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
@MingLiU-ExtB	Roman	Regular	Western	16 x 32	40 %
@NSimSun	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
@NSimSun	Modern	Regular	Western	16 x 32	40 %
@PMingLiU-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
@PMingLiU-ExtB	Roman	Regular	Western	16 x 32	40 %
@SimSun	Special	Regular	CHINESE_GB2312	16 x 32	40 %
@SimSun	Special	Regular	Western	16 x 32	40 %
@SimSun-ExtB	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
@SimSun-ExtB	Modern	Regular	Western	16 x 32	40 %
@Yu Gothic Light	Swiss	Regular	Baltic	31 x 41	30 %
@Yu Gothic Light	Swiss	Regular	Central European	31 x 41	30 %
@Yu Gothic Light	Swiss	Regular	Cyrillic	31 x 41	30 %
@Yu Gothic Light	Swiss	Regular	Greek	31 x 41	30 %
@Yu Gothic Light	Swiss	Regular	Japanese	31 x 41	30 %
@Yu Gothic Light	Swiss	Regular	Turkish	31 x 41	30 %
@Yu Gothic Light	Swiss	Regular	Western	31 x 41	30 %
@Yu Gothic Medium	Swiss	Regular	Baltic	31 x 41	50 %
@Yu Gothic Medium	Swiss	Regular	Central European	31 x 41	50 %
@Yu Gothic Medium	Swiss	Regular	Cyrillic	31 x 41	50 %
@Yu Gothic Medium	Swiss	Regular	Greek	31 x 41	50 %
@Yu Gothic Medium	Swiss	Regular	Japanese	31 x 41	50 %
@Yu Gothic Medium	Swiss	Regular	Turkish	31 x 41	50 %
@Yu Gothic Medium	Swiss	Regular	Western	31 x 41	50 %
@Yu Gothic UI Light	Swiss	Regular	Baltic	17 x 43	30 %
@Yu Gothic UI Light	Swiss	Regular	Central European	17 x 43	30 %
@Yu Gothic UI Light	Swiss	Regular	Cyrillic	17 x 43	30 %
@Yu Gothic UI Light	Swiss	Regular	Greek	17 x 43	30 %
@Yu Gothic UI Light	Swiss	Regular	Japanese	17 x 43	30 %
@Yu Gothic UI Light	Swiss	Regular	Turkish	17 x 43	30 %
@Yu Gothic UI Light	Swiss	Regular	Western	17 x 43	30 %
@Yu Gothic UI Semibold	Swiss	Regular	Baltic	19 x 43	60 %
@Yu Gothic UI Semibold	Swiss	Regular	Central European	19 x 43	60 %
@Yu Gothic UI Semibold	Swiss	Regular	Cyrillic	19 x 43	60 %
@Yu Gothic UI Semibold	Swiss	Regular	Greek	19 x 43	60 %
@Yu Gothic UI Semibold	Swiss	Regular	Japanese	19 x 43	60 %
@Yu Gothic UI Semibold	Swiss	Regular	Turkish	19 x 43	60 %
@Yu Gothic UI Semibold	Swiss	Regular	Western	19 x 43	60 %
@Yu Gothic UI Semilight	Swiss	Regular	Baltic	17 x 43	35 %
@Yu Gothic UI Semilight	Swiss	Regular	Central European	17 x 43	35 %
@Yu Gothic UI Semilight	Swiss	Regular	Cyrillic	17 x 43	35 %
@Yu Gothic UI Semilight	Swiss	Regular	Greek	17 x 43	35 %
@Yu Gothic UI Semilight	Swiss	Regular	Japanese	17 x 43	35 %
@Yu Gothic UI Semilight	Swiss	Regular	Turkish	17 x 43	35 %
@Yu Gothic UI Semilight	Swiss	Regular	Western	17 x 43	35 %
@Yu Gothic UI	Swiss	Regular	Baltic	17 x 43	40 %
@Yu Gothic UI	Swiss	Regular	Central European	17 x 43	40 %
@Yu Gothic UI	Swiss	Regular	Cyrillic	17 x 43	40 %
@Yu Gothic UI	Swiss	Regular	Greek	17 x 43	40 %
@Yu Gothic UI	Swiss	Regular	Japanese	17 x 43	40 %
@Yu Gothic UI	Swiss	Regular	Turkish	17 x 43	40 %
@Yu Gothic UI	Swiss	Regular	Western	17 x 43	40 %
@Yu Gothic	Swiss	Regular	Baltic	31 x 41	40 %
@Yu Gothic	Swiss	Regular	Central European	31 x 41	40 %
@Yu Gothic	Swiss	Regular	Cyrillic	31 x 41	40 %
@Yu Gothic	Swiss	Regular	Greek	31 x 41	40 %
@Yu Gothic	Swiss	Regular	Japanese	31 x 41	40 %
@Yu Gothic	Swiss	Regular	Turkish	31 x 41	40 %
@Yu Gothic	Swiss	Regular	Western	31 x 41	40 %
Arial Black	Swiss	Regular	Baltic	18 x 45	90 %
Arial Black	Swiss	Regular	Central European	18 x 45	90 %
Arial Black	Swiss	Regular	Cyrillic	18 x 45	90 %
Arial Black	Swiss	Regular	Greek	18 x 45	90 %
Arial Black	Swiss	Regular	Turkish	18 x 45	90 %
Arial Black	Swiss	Regular	Western	18 x 45	90 %
Arial	Swiss	Regular	Arabic	14 x 36	40 %
Arial	Swiss	Regular	Baltic	14 x 36	40 %
Arial	Swiss	Regular	Central European	14 x 36	40 %
Arial	Swiss	Regular	Cyrillic	14 x 36	40 %
Arial	Swiss	Regular	Greek	14 x 36	40 %
Arial	Swiss	Regular	Hebrew	14 x 36	40 %
Arial	Swiss	Regular	Turkish	14 x 36	40 %
Arial	Swiss	Regular	Vietnamese	14 x 36	40 %
Arial	Swiss	Regular	Western	14 x 36	40 %
Calibri Light	Swiss	Regular	Baltic	17 x 39	30 %
Calibri Light	Swiss	Regular	Central European	17 x 39	30 %
Calibri Light	Swiss	Regular	Cyrillic	17 x 39	30 %
Calibri Light	Swiss	Regular	Greek	17 x 39	30 %
Calibri Light	Swiss	Regular	Turkish	17 x 39	30 %
Calibri Light	Swiss	Regular	Vietnamese	17 x 39	30 %
Calibri Light	Swiss	Regular	Western	17 x 39	30 %
Calibri	Swiss	Regular	Baltic	17 x 39	40 %
Calibri	Swiss	Regular	Central European	17 x 39	40 %
Calibri	Swiss	Regular	Cyrillic	17 x 39	40 %
Calibri	Swiss	Regular	Greek	17 x 39	40 %
Calibri	Swiss	Regular	Turkish	17 x 39	40 %
Calibri	Swiss	Regular	Vietnamese	17 x 39	40 %
Calibri	Swiss	Regular	Western	17 x 39	40 %
Cambria Math	Roman	Regular	Baltic	20 x 179	40 %
Cambria Math	Roman	Regular	Central European	20 x 179	40 %
Cambria Math	Roman	Regular	Cyrillic	20 x 179	40 %
Cambria Math	Roman	Regular	Greek	20 x 179	40 %
Cambria Math	Roman	Regular	Turkish	20 x 179	40 %
Cambria Math	Roman	Regular	Vietnamese	20 x 179	40 %
Cambria Math	Roman	Regular	Western	20 x 179	40 %
Cambria	Roman	Regular	Baltic	20 x 38	40 %
Cambria	Roman	Regular	Central European	20 x 38	40 %
Cambria	Roman	Regular	Cyrillic	20 x 38	40 %
Cambria	Roman	Regular	Greek	20 x 38	40 %
Cambria	Roman	Regular	Turkish	20 x 38	40 %
Cambria	Roman	Regular	Vietnamese	20 x 38	40 %
Cambria	Roman	Regular	Western	20 x 38	40 %
Candara	Swiss	Regular	Baltic	17 x 39	40 %
Candara	Swiss	Regular	Central European	17 x 39	40 %
Candara	Swiss	Regular	Cyrillic	17 x 39	40 %
Candara	Swiss	Regular	Greek	17 x 39	40 %
Candara	Swiss	Regular	Turkish	17 x 39	40 %
Candara	Swiss	Regular	Vietnamese	17 x 39	40 %
Candara	Swiss	Regular	Western	17 x 39	40 %
Comic Sans MS	Script	Regular	Baltic	15 x 45	40 %
Comic Sans MS	Script	Regular	Central European	15 x 45	40 %
Comic Sans MS	Script	Regular	Cyrillic	15 x 45	40 %
Comic Sans MS	Script	Regular	Greek	15 x 45	40 %
Comic Sans MS	Script	Regular	Turkish	15 x 45	40 %
Comic Sans MS	Script	Regular	Western	15 x 45	40 %
Consolas	Modern	Regular	Baltic	18 x 37	40 %
Consolas	Modern	Regular	Central European	18 x 37	40 %
Consolas	Modern	Regular	Cyrillic	18 x 37	40 %
Consolas	Modern	Regular	Greek	18 x 37	40 %
Consolas	Modern	Regular	Turkish	18 x 37	40 %
Consolas	Modern	Regular	Vietnamese	18 x 37	40 %
Consolas	Modern	Regular	Western	18 x 37	40 %
Constantia	Roman	Regular	Baltic	17 x 39	40 %
Constantia	Roman	Regular	Central European	17 x 39	40 %
Constantia	Roman	Regular	Cyrillic	17 x 39	40 %
Constantia	Roman	Regular	Greek	17 x 39	40 %
Constantia	Roman	Regular	Turkish	17 x 39	40 %
Constantia	Roman	Regular	Vietnamese	17 x 39	40 %
Constantia	Roman	Regular	Western	17 x 39	40 %
Corbel	Swiss	Regular	Baltic	17 x 39	40 %
Corbel	Swiss	Regular	Central European	17 x 39	40 %
Corbel	Swiss	Regular	Cyrillic	17 x 39	40 %
Corbel	Swiss	Regular	Greek	17 x 39	40 %
Corbel	Swiss	Regular	Turkish	17 x 39	40 %
Corbel	Swiss	Regular	Vietnamese	17 x 39	40 %
Corbel	Swiss	Regular	Western	17 x 39	40 %
Courier New	Modern	Regular	Arabic	19 x 36	40 %
Courier New	Modern	Regular	Baltic	19 x 36	40 %
Courier New	Modern	Regular	Central European	19 x 36	40 %
Courier New	Modern	Regular	Cyrillic	19 x 36	40 %
Courier New	Modern	Regular	Greek	19 x 36	40 %
Courier New	Modern	Regular	Hebrew	19 x 36	40 %
Courier New	Modern	Regular	Turkish	19 x 36	40 %
Courier New	Modern	Regular	Vietnamese	19 x 36	40 %
Courier New	Modern	Regular	Western	19 x 36	40 %
Courier	Modern		Western	8 x 13	40 %
Ebrima	Special	Regular	Baltic	19 x 43	40 %
Ebrima	Special	Regular	Central European	19 x 43	40 %
Ebrima	Special	Regular	Turkish	19 x 43	40 %
Ebrima	Special	Regular	Western	19 x 43	40 %
Fixedsys	Modern		Western	8 x 15	40 %
Franklin Gothic Medium	Swiss	Regular	Baltic	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Central European	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Cyrillic	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Greek	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Turkish	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Western	14 x 36	40 %
Gabriola	Decorative	Regular	Baltic	16 x 59	40 %
Gabriola	Decorative	Regular	Central European	16 x 59	40 %
Gabriola	Decorative	Regular	Cyrillic	16 x 59	40 %
Gabriola	Decorative	Regular	Greek	16 x 59	40 %
Gabriola	Decorative	Regular	Turkish	16 x 59	40 %
Gabriola	Decorative	Regular	Western	16 x 59	40 %
Gadugi	Swiss	Regular	Western	18 x 43	40 %
Georgia	Roman	Regular	Baltic	14 x 36	40 %
Georgia	Roman	Regular	Central European	14 x 36	40 %
Georgia	Roman	Regular	Cyrillic	14 x 36	40 %
Georgia	Roman	Regular	Greek	14 x 36	40 %
Georgia	Roman	Regular	Turkish	14 x 36	40 %
Georgia	Roman	Regular	Western	14 x 36	40 %
Impact	Swiss	Regular	Baltic	19 x 39	40 %
Impact	Swiss	Regular	Central European	19 x 39	40 %
Impact	Swiss	Regular	Cyrillic	19 x 39	40 %
Impact	Swiss	Regular	Greek	19 x 39	40 %
Impact	Swiss	Regular	Turkish	19 x 39	40 %
Impact	Swiss	Regular	Western	19 x 39	40 %
Javanese Text	Special	Regular	Western	26 x 73	40 %
Leelawadee UI Semilight	Swiss	Regular	Thai	17 x 43	35 %
Leelawadee UI Semilight	Swiss	Regular	Vietnamese	17 x 43	35 %
Leelawadee UI Semilight	Swiss	Regular	Western	17 x 43	35 %
Leelawadee UI	Swiss	Regular	Thai	17 x 43	40 %
Leelawadee UI	Swiss	Regular	Vietnamese	17 x 43	40 %
Leelawadee UI	Swiss	Regular	Western	17 x 43	40 %
Lucida Console	Modern	Regular	Central European	19 x 32	40 %
Lucida Console	Modern	Regular	Cyrillic	19 x 32	40 %
Lucida Console	Modern	Regular	Greek	19 x 32	40 %
Lucida Console	Modern	Regular	Turkish	19 x 32	40 %
Lucida Console	Modern	Regular	Western	19 x 32	40 %
Lucida Sans Unicode	Swiss	Regular	Baltic	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Central European	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Cyrillic	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Greek	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Hebrew	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Turkish	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Western	16 x 49	40 %
Malgun Gothic Semilight	Swiss	Regular	Baltic	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	CHINESE_BIG5	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	CHINESE_GB2312	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Cyrillic	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Greek	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Hangul(Johab)	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Hangul	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Hebrew	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Japanese	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Turkish	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Vietnamese	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Western	31 x 43	30 %
Malgun Gothic	Swiss	Regular	Hangul	15 x 43	40 %
Malgun Gothic	Swiss	Regular	Western	15 x 43	40 %
Marlett	Special	Regular	Symbol	31 x 32	50 %
Microsoft Himalaya	Special	Regular	Western	13 x 32	40 %
Microsoft JhengHei Light	Swiss	Regular	CHINESE_BIG5	32 x 43	29 %
Microsoft JhengHei Light	Swiss	Regular	Greek	32 x 43	29 %
Microsoft JhengHei Light	Swiss	Regular	Western	32 x 43	29 %
Microsoft JhengHei UI Light	Swiss	Regular	CHINESE_BIG5	32 x 41	29 %
Microsoft JhengHei UI Light	Swiss	Regular	Greek	32 x 41	29 %
Microsoft JhengHei UI Light	Swiss	Regular	Western	32 x 41	29 %
Microsoft JhengHei UI	Swiss	Regular	CHINESE_BIG5	15 x 41	40 %
Microsoft JhengHei UI	Swiss	Regular	Greek	15 x 41	40 %
Microsoft JhengHei UI	Swiss	Regular	Western	15 x 41	40 %
Microsoft JhengHei	Swiss	Regular	CHINESE_BIG5	15 x 43	40 %
Microsoft JhengHei	Swiss	Regular	Greek	15 x 43	40 %
Microsoft JhengHei	Swiss	Regular	Western	15 x 43	40 %
Microsoft New Tai Lue	Swiss	Regular	Western	19 x 42	40 %
Microsoft PhagsPa	Swiss	Regular	Western	24 x 41	40 %
Microsoft Sans Serif	Swiss	Regular	Arabic	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Baltic	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Central European	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Cyrillic	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Greek	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Hebrew	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Thai	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Turkish	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Vietnamese	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Western	14 x 36	40 %
Microsoft Tai Le	Swiss	Regular	Western	19 x 41	40 %
Microsoft YaHei Light	Swiss	Regular	Central European	15 x 41	29 %
Microsoft YaHei Light	Swiss	Regular	CHINESE_GB2312	15 x 41	29 %
Microsoft YaHei Light	Swiss	Regular	Cyrillic	15 x 41	29 %
Microsoft YaHei Light	Swiss	Regular	Greek	15 x 41	29 %
Microsoft YaHei Light	Swiss	Regular	Western	15 x 41	29 %
Microsoft YaHei UI Light	Swiss	Regular	Central European	15 x 42	29 %
Microsoft YaHei UI Light	Swiss	Regular	CHINESE_GB2312	15 x 42	29 %
Microsoft YaHei UI Light	Swiss	Regular	Cyrillic	15 x 42	29 %
Microsoft YaHei UI Light	Swiss	Regular	Greek	15 x 42	29 %
Microsoft YaHei UI Light	Swiss	Regular	Western	15 x 42	29 %
Microsoft YaHei UI	Swiss	Regular	Central European	15 x 41	40 %
Microsoft YaHei UI	Swiss	Regular	CHINESE_GB2312	15 x 41	40 %
Microsoft YaHei UI	Swiss	Regular	Cyrillic	15 x 41	40 %
Microsoft YaHei UI	Swiss	Regular	Greek	15 x 41	40 %
Microsoft YaHei UI	Swiss	Regular	Turkish	15 x 41	40 %
Microsoft YaHei UI	Swiss	Regular	Western	15 x 41	40 %
Microsoft YaHei	Swiss	Regular	Central European	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	CHINESE_GB2312	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	Cyrillic	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	Greek	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	Turkish	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	Western	15 x 42	40 %
Microsoft Yi Baiti	Script	Regular	Western	21 x 32	40 %
MingLiU_HKSCS-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
MingLiU_HKSCS-ExtB	Roman	Regular	Western	16 x 32	40 %
MingLiU-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
MingLiU-ExtB	Roman	Regular	Western	16 x 32	40 %
Modern	Modern		OEM/DOS	19 x 37	40 %
Mongolian Baiti	Script	Regular	Western	14 x 34	40 %
MS Sans Serif	Swiss		Western	5 x 13	40 %
MS Serif	Roman		Western	5 x 13	40 %
MV Boli	Special	Regular	Western	18 x 52	40 %
Myanmar Text	Swiss	Regular	Western	18 x 60	40 %
Nirmala UI Semilight	Swiss	Regular	Western	17 x 43	35 %
Nirmala UI	Swiss	Regular	Western	31 x 43	40 %
NSimSun	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
NSimSun	Modern	Regular	Western	16 x 32	40 %
Palatino Linotype	Roman	Regular	Baltic	14 x 43	40 %
Palatino Linotype	Roman	Regular	Central European	14 x 43	40 %
Palatino Linotype	Roman	Regular	Cyrillic	14 x 43	40 %
Palatino Linotype	Roman	Regular	Greek	14 x 43	40 %
Palatino Linotype	Roman	Regular	Turkish	14 x 43	40 %
Palatino Linotype	Roman	Regular	Vietnamese	14 x 43	40 %
Palatino Linotype	Roman	Regular	Western	14 x 43	40 %
PMingLiU-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
PMingLiU-ExtB	Roman	Regular	Western	16 x 32	40 %
Roman	Roman		OEM/DOS	22 x 37	40 %
Script	Script		OEM/DOS	16 x 36	40 %
Segoe MDL2 Assets	Roman	Regular	Western	33 x 32	40 %
Segoe Print	Special	Regular	Baltic	21 x 56	40 %
Segoe Print	Special	Regular	Central European	21 x 56	40 %
Segoe Print	Special	Regular	Cyrillic	21 x 56	40 %
Segoe Print	Special	Regular	Greek	21 x 56	40 %
Segoe Print	Special	Regular	Turkish	21 x 56	40 %
Segoe Print	Special	Regular	Western	21 x 56	40 %
Segoe Script	Swiss	Regular	Baltic	22 x 51	40 %
Segoe Script	Swiss	Regular	Central European	22 x 51	40 %
Segoe Script	Swiss	Regular	Cyrillic	22 x 51	40 %
Segoe Script	Swiss	Regular	Greek	22 x 51	40 %
Segoe Script	Swiss	Regular	Turkish	22 x 51	40 %
Segoe Script	Swiss	Regular	Western	22 x 51	40 %
Segoe UI Black	Swiss	Regular	Baltic	20 x 43	90 %
Segoe UI Black	Swiss	Regular	Central European	20 x 43	90 %
Segoe UI Black	Swiss	Regular	Cyrillic	20 x 43	90 %
Segoe UI Black	Swiss	Regular	Greek	20 x 43	90 %
Segoe UI Black	Swiss	Regular	Turkish	20 x 43	90 %
Segoe UI Black	Swiss	Regular	Vietnamese	20 x 43	90 %
Segoe UI Black	Swiss	Regular	Western	20 x 43	90 %
Segoe UI Emoji	Swiss	Regular	Western	23 x 43	40 %
Segoe UI Historic	Swiss	Regular	Western	27 x 43	40 %
Segoe UI Light	Swiss	Regular	Arabic	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Baltic	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Central European	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Cyrillic	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Greek	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Hebrew	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Turkish	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Vietnamese	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Western	17 x 43	30 %
Segoe UI Semibold	Swiss	Regular	Arabic	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Baltic	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Central European	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Cyrillic	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Greek	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Hebrew	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Turkish	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Vietnamese	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Western	18 x 43	60 %
Segoe UI Semilight	Swiss	Regular	Arabic	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Baltic	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Central European	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Cyrillic	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Greek	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Hebrew	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Turkish	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Vietnamese	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Western	17 x 43	35 %
Segoe UI Symbol	Swiss	Regular	Western	23 x 43	40 %
Segoe UI	Swiss	Regular	Arabic	17 x 43	40 %
Segoe UI	Swiss	Regular	Baltic	17 x 43	40 %
Segoe UI	Swiss	Regular	Central European	17 x 43	40 %
Segoe UI	Swiss	Regular	Cyrillic	17 x 43	40 %
Segoe UI	Swiss	Regular	Greek	17 x 43	40 %
Segoe UI	Swiss	Regular	Hebrew	17 x 43	40 %
Segoe UI	Swiss	Regular	Turkish	17 x 43	40 %
Segoe UI	Swiss	Regular	Vietnamese	17 x 43	40 %
Segoe UI	Swiss	Regular	Western	17 x 43	40 %
SimSun	Special	Regular	CHINESE_GB2312	16 x 32	40 %
SimSun	Special	Regular	Western	16 x 32	40 %
SimSun-ExtB	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
SimSun-ExtB	Modern	Regular	Western	16 x 32	40 %
Sitka Banner	Special	Regular	Baltic	16 x 46	40 %
Sitka Banner	Special	Regular	Central European	16 x 46	40 %
Sitka Banner	Special	Regular	Cyrillic	16 x 46	40 %
Sitka Banner	Special	Regular	Greek	16 x 46	40 %
Sitka Banner	Special	Regular	Turkish	16 x 46	40 %
Sitka Banner	Special	Regular	Vietnamese	16 x 46	40 %
Sitka Banner	Special	Regular	Western	16 x 46	40 %
Sitka Display	Special	Regular	Baltic	17 x 46	40 %
Sitka Display	Special	Regular	Central European	17 x 46	40 %
Sitka Display	Special	Regular	Cyrillic	17 x 46	40 %
Sitka Display	Special	Regular	Greek	17 x 46	40 %
Sitka Display	Special	Regular	Turkish	17 x 46	40 %
Sitka Display	Special	Regular	Vietnamese	17 x 46	40 %
Sitka Display	Special	Regular	Western	17 x 46	40 %
Sitka Heading	Special	Regular	Baltic	17 x 46	40 %
Sitka Heading	Special	Regular	Central European	17 x 46	40 %
Sitka Heading	Special	Regular	Cyrillic	17 x 46	40 %
Sitka Heading	Special	Regular	Greek	17 x 46	40 %
Sitka Heading	Special	Regular	Turkish	17 x 46	40 %
Sitka Heading	Special	Regular	Vietnamese	17 x 46	40 %
Sitka Heading	Special	Regular	Western	17 x 46	40 %
Sitka Small	Special	Regular	Baltic	21 x 47	40 %
Sitka Small	Special	Regular	Central European	21 x 47	40 %
Sitka Small	Special	Regular	Cyrillic	21 x 47	40 %
Sitka Small	Special	Regular	Greek	21 x 47	40 %
Sitka Small	Special	Regular	Turkish	21 x 47	40 %
Sitka Small	Special	Regular	Vietnamese	21 x 47	40 %
Sitka Small	Special	Regular	Western	21 x 47	40 %
Sitka Subheading	Special	Regular	Baltic	18 x 46	40 %
Sitka Subheading	Special	Regular	Central European	18 x 46	40 %
Sitka Subheading	Special	Regular	Cyrillic	18 x 46	40 %
Sitka Subheading	Special	Regular	Greek	18 x 46	40 %
Sitka Subheading	Special	Regular	Turkish	18 x 46	40 %
Sitka Subheading	Special	Regular	Vietnamese	18 x 46	40 %
Sitka Subheading	Special	Regular	Western	18 x 46	40 %
Sitka Text	Special	Regular	Baltic	19 x 46	40 %
Sitka Text	Special	Regular	Central European	19 x 46	40 %
Sitka Text	Special	Regular	Cyrillic	19 x 46	40 %
Sitka Text	Special	Regular	Greek	19 x 46	40 %
Sitka Text	Special	Regular	Turkish	19 x 46	40 %
Sitka Text	Special	Regular	Vietnamese	19 x 46	40 %
Sitka Text	Special	Regular	Western	19 x 46	40 %
Small Fonts	Swiss		Western	1 x 3	40 %
Sylfaen	Roman	Regular	Baltic	13 x 42	40 %
Sylfaen	Roman	Regular	Central European	13 x 42	40 %
Sylfaen	Roman	Regular	Cyrillic	13 x 42	40 %
Sylfaen	Roman	Regular	Greek	13 x 42	40 %
Sylfaen	Roman	Regular	Turkish	13 x 42	40 %
Sylfaen	Roman	Regular	Western	13 x 42	40 %
Symbol	Roman	Regular	Symbol	19 x 39	40 %
System	Swiss		Western	7 x 16	70 %
Tahoma	Swiss	Regular	Arabic	14 x 39	40 %
Tahoma	Swiss	Regular	Baltic	14 x 39	40 %
Tahoma	Swiss	Regular	Central European	14 x 39	40 %
Tahoma	Swiss	Regular	Cyrillic	14 x 39	40 %
Tahoma	Swiss	Regular	Greek	14 x 39	40 %
Tahoma	Swiss	Regular	Hebrew	14 x 39	40 %
Tahoma	Swiss	Regular	Thai	14 x 39	40 %
Tahoma	Swiss	Regular	Turkish	14 x 39	40 %
Tahoma	Swiss	Regular	Vietnamese	14 x 39	40 %
Tahoma	Swiss	Regular	Western	14 x 39	40 %
Terminal	Modern		OEM/DOS	8 x 12	40 %
Times New Roman	Roman	Regular	Arabic	13 x 35	40 %
Times New Roman	Roman	Regular	Baltic	13 x 35	40 %
Times New Roman	Roman	Regular	Central European	13 x 35	40 %
Times New Roman	Roman	Regular	Cyrillic	13 x 35	40 %
Times New Roman	Roman	Regular	Greek	13 x 35	40 %
Times New Roman	Roman	Regular	Hebrew	13 x 35	40 %
Times New Roman	Roman	Regular	Turkish	13 x 35	40 %
Times New Roman	Roman	Regular	Vietnamese	13 x 35	40 %
Times New Roman	Roman	Regular	Western	13 x 35	40 %
Trebuchet MS	Swiss	Regular	Baltic	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Central European	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Cyrillic	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Greek	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Turkish	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Western	15 x 37	40 %
Verdana	Swiss	Regular	Baltic	16 x 39	40 %
Verdana	Swiss	Regular	Central European	16 x 39	40 %
Verdana	Swiss	Regular	Cyrillic	16 x 39	40 %
Verdana	Swiss	Regular	Greek	16 x 39	40 %
Verdana	Swiss	Regular	Turkish	16 x 39	40 %
Verdana	Swiss	Regular	Vietnamese	16 x 39	40 %
Verdana	Swiss	Regular	Western	16 x 39	40 %
Webdings	Roman	Regular	Symbol	31 x 32	40 %
Wingdings	Special	Regular	Symbol	28 x 36	40 %
Yu Gothic Light	Swiss	Regular	Baltic	31 x 41	30 %
Yu Gothic Light	Swiss	Regular	Central European	31 x 41	30 %
Yu Gothic Light	Swiss	Regular	Cyrillic	31 x 41	30 %
Yu Gothic Light	Swiss	Regular	Greek	31 x 41	30 %
Yu Gothic Light	Swiss	Regular	Japanese	31 x 41	30 %
Yu Gothic Light	Swiss	Regular	Turkish	31 x 41	30 %
Yu Gothic Light	Swiss	Regular	Western	31 x 41	30 %
Yu Gothic Medium	Swiss	Regular	Baltic	31 x 41	50 %
Yu Gothic Medium	Swiss	Regular	Central European	31 x 41	50 %
Yu Gothic Medium	Swiss	Regular	Cyrillic	31 x 41	50 %
Yu Gothic Medium	Swiss	Regular	Greek	31 x 41	50 %
Yu Gothic Medium	Swiss	Regular	Japanese	31 x 41	50 %
Yu Gothic Medium	Swiss	Regular	Turkish	31 x 41	50 %
Yu Gothic Medium	Swiss	Regular	Western	31 x 41	50 %
Yu Gothic UI Light	Swiss	Regular	Baltic	17 x 43	30 %
Yu Gothic UI Light	Swiss	Regular	Central European	17 x 43	30 %
Yu Gothic UI Light	Swiss	Regular	Cyrillic	17 x 43	30 %
Yu Gothic UI Light	Swiss	Regular	Greek	17 x 43	30 %
Yu Gothic UI Light	Swiss	Regular	Japanese	17 x 43	30 %
Yu Gothic UI Light	Swiss	Regular	Turkish	17 x 43	30 %
Yu Gothic UI Light	Swiss	Regular	Western	17 x 43	30 %
Yu Gothic UI Semibold	Swiss	Regular	Baltic	19 x 43	60 %
Yu Gothic UI Semibold	Swiss	Regular	Central European	19 x 43	60 %
Yu Gothic UI Semibold	Swiss	Regular	Cyrillic	19 x 43	60 %
Yu Gothic UI Semibold	Swiss	Regular	Greek	19 x 43	60 %
Yu Gothic UI Semibold	Swiss	Regular	Japanese	19 x 43	60 %
Yu Gothic UI Semibold	Swiss	Regular	Turkish	19 x 43	60 %
Yu Gothic UI Semibold	Swiss	Regular	Western	19 x 43	60 %
Yu Gothic UI Semilight	Swiss	Regular	Baltic	17 x 43	35 %
Yu Gothic UI Semilight	Swiss	Regular	Central European	17 x 43	35 %
Yu Gothic UI Semilight	Swiss	Regular	Cyrillic	17 x 43	35 %
Yu Gothic UI Semilight	Swiss	Regular	Greek	17 x 43	35 %
Yu Gothic UI Semilight	Swiss	Regular	Japanese	17 x 43	35 %
Yu Gothic UI Semilight	Swiss	Regular	Turkish	17 x 43	35 %
Yu Gothic UI Semilight	Swiss	Regular	Western	17 x 43	35 %
Yu Gothic UI	Swiss	Regular	Baltic	17 x 43	40 %
Yu Gothic UI	Swiss	Regular	Central European	17 x 43	40 %
Yu Gothic UI	Swiss	Regular	Cyrillic	17 x 43	40 %
Yu Gothic UI	Swiss	Regular	Greek	17 x 43	40 %
Yu Gothic UI	Swiss	Regular	Japanese	17 x 43	40 %
Yu Gothic UI	Swiss	Regular	Turkish	17 x 43	40 %
Yu Gothic UI	Swiss	Regular	Western	17 x 43	40 %
Yu Gothic	Swiss	Regular	Baltic	31 x 41	40 %
Yu Gothic	Swiss	Regular	Central European	31 x 41	40 %
Yu Gothic	Swiss	Regular	Cyrillic	31 x 41	40 %
Yu Gothic	Swiss	Regular	Greek	31 x 41	40 %
Yu Gothic	Swiss	Regular	Japanese	31 x 41	40 %
Yu Gothic	Swiss	Regular	Turkish	31 x 41	40 %
Yu Gothic	Swiss	Regular	Western	31 x 41	40 %

Windows Audio


Device	Identifier	Device Description
midi-out.0	0001 001B	Microsoft GS Wavetable Synth
mixer.0	0001 0068	Speakers (Intel SST Audio Devic
mixer.1	0001 0068	Microphone (Intel SST Audio Dev
wave-in.0	0001 0065	Microphone (Intel SST Audio Dev
wave-out.0	0001 0064	Speakers (Intel SST Audio Devic

Audio Codecs


[ Fraunhofer IIS MPEG Layer-3 Codec (decode only) ]

	ACM Driver Properties:
		Driver Description	Fraunhofer IIS MPEG Layer-3 Codec (decode only)
		Copyright Notice	Copyright � 1996-1999 Fraunhofer Institut Integrierte Schaltungen IIS
		Driver Features	decoder only version
		Driver Version	1.09

[ Microsoft ADPCM CODEC ]

	ACM Driver Properties:
		Driver Description	Microsoft ADPCM CODEC
		Copyright Notice	Copyright (C) 1992-1996 Microsoft Corporation
		Driver Features	Compresses and decompresses Microsoft ADPCM audio data.
		Driver Version	4.00

[ Microsoft CCITT G.711 A-Law and u-Law CODEC ]

	ACM Driver Properties:
		Driver Description	Microsoft CCITT G.711 A-Law and u-Law CODEC
		Copyright Notice	Copyright (c) 1993-1996 Microsoft Corporation
		Driver Features	Compresses and decompresses CCITT G.711 A-Law and u-Law audio data.
		Driver Version	4.00

[ Microsoft GSM 6.10 Audio CODEC ]

	ACM Driver Properties:
		Driver Description	Microsoft GSM 6.10 Audio CODEC
		Copyright Notice	Copyright (C) 1993-1996 Microsoft Corporation
		Driver Features	Compresses and decompresses audio data conforming to the ETSI-GSM (European Telecommunications Standards Institute-Groupe Special Mobile) recommendation 6.10.
		Driver Version	4.00

[ Microsoft IMA ADPCM CODEC ]

	ACM Driver Properties:
		Driver Description	Microsoft IMA ADPCM CODEC
		Copyright Notice	Copyright (C) 1992-1996 Microsoft Corporation
		Driver Features	Compresses and decompresses IMA ADPCM audio data.
		Driver Version	4.00

[ Microsoft PCM Converter ]

	ACM Driver Properties:
		Driver Description	Microsoft PCM Converter
		Copyright Notice	Copyright (C) 1992-1996 Microsoft Corporation
		Driver Features	Converts frequency and bits per sample of PCM audio data.
		Driver Version	5.00

Video Codecs


Driver	Version	Description
iccvid.dll	1.10.0.11	Cinepak� Codec
iyuv_32.dll	10.0.10240.16384 (th1.150709-1700)	Intel Indeo(R) Video YUV Codec
msrle32.dll	10.0.10240.16384 (th1.150709-1700)	Microsoft RLE Compressor
msvidc32.dll	10.0.10240.16384 (th1.150709-1700)	Microsoft Video 1 Compressor
msyuv.dll	10.0.10240.16384 (th1.150709-1700)	Microsoft UYVY Video Decompressor
tsbyuv.dll	10.0.10240.16384 (th1.150709-1700)	Toshiba Video Codec

MCI


[ AVIVideo ]

	MCI Device Properties:
		Device	AVIVideo
		Name	Video for Windows
		Description	Video For Windows MCI driver
		Type	Digital Video Device
		Driver	mciavi32.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	Yes
		File Based Device	Yes
		Can Eject	No
		Can Play	Yes
		Can Play In Reverse	Yes
		Can Record	No
		Can Save Data	No
		Can Freeze Data	No
		Can Lock Data	No
		Can Stretch Frame	Yes
		Can Stretch Input	No
		Can Test	Yes
		Audio Capable	Yes
		Video Capable	Yes
		Still Image Capable	No

[ CDAudio ]

	MCI Device Properties:
		Device	CDAudio
		Description	MCI driver for cdaudio devices
		Driver	mcicda.dll
		Status	Enabled

[ MPEGVideo ]

	MCI Device Properties:
		Device	MPEGVideo
		Name	DirectShow
		Description	DirectShow MCI Driver
		Type	Digital Video Device
		Driver	mciqtz32.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	Yes
		File Based Device	Yes
		Can Eject	No
		Can Play	Yes
		Can Play In Reverse	No
		Can Record	No
		Can Save Data	No
		Can Freeze Data	No
		Can Lock Data	No
		Can Stretch Frame	Yes
		Can Stretch Input	No
		Can Test	Yes
		Audio Capable	Yes
		Video Capable	Yes
		Still Image Capable	No

[ Sequencer ]

	MCI Device Properties:
		Device	Sequencer
		Name	MIDI Sequencer
		Description	MCI driver for MIDI sequencer
		Type	Sequencer Device
		Driver	mciseq.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	Yes
		File Based Device	Yes
		Can Eject	No
		Can Play	Yes
		Can Record	No
		Can Save Data	No
		Audio Capable	Yes
		Video Capable	No

[ WaveAudio ]

	MCI Device Properties:
		Device	WaveAudio
		Name	Sound
		Description	MCI driver for waveform audio
		Type	Waveform Audio Device
		Driver	mciwave.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	Yes
		File Based Device	Yes
		Can Eject	No
		Can Play	Yes
		Can Record	Yes
		Can Save Data	Yes
		Audio Capable	Yes
		Video Capable	No

SAPI


SAPI Properties:
	SAPI4 Version	-
	SAPI5 Version	5.3.18709.0

Voice (SAPI5):
	Name	Microsoft David Desktop - English (United States)
	Voice Path	C:\Windows\Speech\Engines\TTS\en-US\M1033DAV
	Age	Adult
	Gender	Male
	Language	English (United States)
	Vendor	Microsoft
	Version	11.0
	DLL File	C:\Windows\SysWOW64\speech\engines\tts\MSTTSEngine.dll (x86)
	CLSID	{C64501F6-E6E6-451f-A150-25D0839BC510}

Voice (SAPI5):
	Name	Microsoft Zira Desktop - English (United States)
	Voice Path	C:\Windows\Speech\Engines\TTS\en-US\M1033ZIR
	Age	Adult
	Gender	Female
	Language	English (United States)
	Vendor	Microsoft
	Version	11.0
	DLL File	C:\Windows\SysWOW64\speech\engines\tts\MSTTSEngine.dll (x86)
	CLSID	{C64501F6-E6E6-451f-A150-25D0839BC510}

Speech Recognizer (SAPI5):
	Name	Microsoft Speech Recognizer 8.0 for Windows (English - US)
	Description	Microsoft Speech Recognizer 8.0 for Windows (English - US)
	FE Config Data File	C:\Windows\Speech\Engines\SR\en-US\c1033dsk.fe
	Language	English (United States); English
	Speaking Style	Discrete;Continuous
	Supported Locales	English (United States); English (Canada); English (Philippines); English
	Vendor	Microsoft
	Version	8.0
	DLL File	C:\Windows\System32\Speech\Engines\SR\spsreng.dll (x64)
	CLSID	{DAC9F469-0C67-4643-9258-87EC128C5941}
	RecoExtension	{4F4DB904-CA35-4A3A-90AF-C9D8BE7532AC}

Windows Storage


[ Samsung CGND3R ]

	Device Properties:
		Driver Description	Samsung CGND3R
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	disk.inf

	Device Manufacturer:
		Company Name	Samsung
		Product Information	http://www.samsung.com/us/computer/solid-state-drives

[ Microsoft Storage Spaces Controller ]

	Device Properties:
		Driver Description	Microsoft Storage Spaces Controller
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	spaceport.inf

[ SD Storage Class Controller ]

	Device Properties:
		Driver Description	SD Storage Class Controller
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	sdstor.inf

Logical Drives


Drive	Drive Type	File System	Total Size	Used Space	Free Space	% Free	Volume Serial
C:	Local Disk	NTFS	58862 MB	22035 MB	36827 MB	63 %	A299-DFFF

Physical Drives


[ Drive #1 - CGND3R (58 GB) ]

	Partition	Partition Type	Drive	Start Offset	Partition Length
	#1	EFI System		1 MB	260 MB
	#2	MS Reserved		261 MB	16 MB
	#3	Basic Data	C:	277 MB	58863 MB
	#4	MS Recovery		59140 MB	499 MB

Windows Network


[ Bluetooth Device (Personal Area Network) ]

	Network Adapter Properties:
		Network Adapter	Bluetooth Device (Personal Area Network)
		Interface Type	Bluetooth Ethernet
		Hardware Address	04-E6-76-43-62-CF
		Connection Name	Bluetooth Network Connection
		Connection Speed	3 Mbps
		MTU	1500 bytes
		Bytes Received	0
		Bytes Sent	0

[ Broadcom 802.11abgn Wireless SDIO Adapter ]

	Network Adapter Properties:
		Network Adapter	Broadcom 802.11abgn Wireless SDIO Adapter
		Interface Type	802.11 Wireless Ethernet
		Hardware Address	04-E6-76-43-62-CE
		Connection Name	Wi-Fi
		Connection Speed	150 Mbps
		MTU	1500 bytes
		DHCP Lease Obtained	27/08/2015 16:43:45
		DHCP Lease Expires	28/08/2015 16:43:45
		Bytes Received	2109418234 (2011.7 MB)
		Bytes Sent	45973586 (43.8 MB)

	Network Adapter Addresses:
		IP / Subnet Mask	192.168.1.112 / 255.255.255.0
		Gateway	192.168.1.1
		DHCP	192.168.1.1
		DNS	192.168.1.1

	Network Adapter Manufacturer:
		Company Name	Broadcom Corporation
		Product Information	http://www.broadcom.com/products
		Driver Download	http://www.broadcom.com/support/?gid=9
		Driver Update	http://www.aida64.com/driver-updates

[ Microsoft Wi-Fi Direct Virtual Adapter ]

	Network Adapter Properties:
		Network Adapter	Microsoft Wi-Fi Direct Virtual Adapter
		Interface Type	802.11 Wireless Ethernet
		Hardware Address	06-E6-76-43-62-CE
		Connection Name	Local Area Connection* 2
		MTU	1500 bytes
		Bytes Received	0
		Bytes Sent	0

Internet


Internet Settings:
	Start Page	about:Tabs
	Search Page	http://go.microsoft.com/fwlink/?LinkId=54896
	Local Page	%11%\blank.htm
	Download Folder

Current Proxy:
	Proxy Status	Disabled

LAN Proxy:
	Proxy Status	Disabled

Routes


Type	Net Destination	Netmask	Gateway	Metric	Interface
Active	0.0.0.0	0.0.0.0	192.168.1.1	25	192.168.1.112 (Broadcom 802.11abgn Wireless SDIO Adapter)
Active	127.0.0.0	255.0.0.0	127.0.0.1	306	127.0.0.1 (Software Loopback Interface 1)
Active	127.0.0.1	255.255.255.255	127.0.0.1	306	127.0.0.1 (Software Loopback Interface 1)
Active	127.255.255.255	255.255.255.255	127.0.0.1	306	127.0.0.1 (Software Loopback Interface 1)
Active	192.168.1.0	255.255.255.0	192.168.1.112	281	192.168.1.112 (Broadcom 802.11abgn Wireless SDIO Adapter)
Active	192.168.1.112	255.255.255.255	192.168.1.112	281	192.168.1.112 (Broadcom 802.11abgn Wireless SDIO Adapter)
Active	192.168.1.255	255.255.255.255	192.168.1.112	281	192.168.1.112 (Broadcom 802.11abgn Wireless SDIO Adapter)
Active	224.0.0.0	240.0.0.0	127.0.0.1	306	127.0.0.1 (Software Loopback Interface 1)
Active	224.0.0.0	240.0.0.0	192.168.1.112	281	192.168.1.112 (Broadcom 802.11abgn Wireless SDIO Adapter)
Active	255.255.255.255	255.255.255.255	127.0.0.1	306	127.0.0.1 (Software Loopback Interface 1)
Active	255.255.255.255	255.255.255.255	192.168.1.112	281	192.168.1.112 (Broadcom 802.11abgn Wireless SDIO Adapter)

IE Cookie


		Last Access	URL
		2015-08-27 16:43:34	galff@g.live.com/
		2015-08-27 16:43:55	galff@login.live.com/
		2015-08-27 16:43:59	galff@live.com/

Browser History


		Last Access	URL
		2015-08-20 20:18:32	galff@https://green.erne.co/tags?id1=cm_tc_195430B255D60BE971F81E9C6F9E1E02&id2=cm_uid_298049953804454889&ncm=1&cid=c400d45a
		2015-08-20 20:18:32	galff@https://pix.tagcdn.com/cm/c400d45a
		2015-08-20 20:54:04	galff@https://p4-ctdzib5cod32c-lcohvigbcihq2nhb-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
		2015-08-20 20:54:04	galff@https://p4-ctdzib5cod32c-lcohvigbcihq2nhb-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
		2015-08-21 00:49:49	galff@https://huomdgde.hit.gemius.pl/gdejs/xgde.html
		2015-08-22 11:40:00	galff@https://vine.co/v/eDpBrmgQXxw
		2015-08-22 16:50:49	galff@https://green.erne.co/tags?id1=cm_tc_195430B255D87E3A71FA1E9893367C02&id2=cm_uid_298326098726911546&ncm=1&cid=d9b700c1
		2015-08-22 16:50:49	galff@https://pix.tagcdn.com/cm/d9b700c1
		2015-08-22 20:09:23	galff@https://apps.skype.com/chatadwidget/?containerType=NR
		2015-08-22 20:09:26	galff@https://az361816.vo.msecnd.net/flextag/flextag.html?guid=37778bd6-65e6-49ad-93ca-484ac0865c4e
		2015-08-22 21:11:56	galff@https://tap-secure.rubiconproject.com/partner/scripts/rubicon/emily.html?pc=11742/55632&geo=eu&co=hu
		2015-08-22 21:11:56	galff@https://tap-secure.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=11742/55632&geo=eu&co=hu
		2015-08-22 23:03:13	galff@https://apps.skype.com/incalladwidget/
		2015-08-22 23:03:15	galff@https://az361816.vo.msecnd.net/flextag/flextag.html?guid=7ccf551d-173c-4727-9de8-5e70e2001889
		2015-08-22 23:03:15	galff@https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
		2015-08-22 23:03:15	galff@https://tpc.googlesyndication.com/safeframe/1-0-2/html/container.html?n=2
		2015-08-22 23:03:15	galff@https://www.google.com/pagead/drt/ui
		2015-08-23 01:12:25	galff@https://pix.tagcdn.com/cm/b31b41f5
		2015-08-23 01:12:26	galff@https://green.erne.co/tags?id1=cm_tc_195430B255D8F3CA71F81E9995403202&id2=cm_uid_298034451120190410&ncm=1&cid=b31b41f5
		2015-08-23 18:45:55	galff@http://support.amd.com/en-us/download/ccc
		2015-08-23 18:45:55	galff@http://support.amd.com/en-us/download/ccc?lang=us
		2015-08-23 18:45:55	galff@http://support.amd.com/us/ccc/Pages/index.aspx
		2015-08-24 11:31:31	galff@https://apps.skype.com/adcontrol/prelogic.html
		2015-08-24 11:31:36	galff@https://apps.skype.com/home/?uiversion=7.8.0.102&language=hu
		2015-08-24 11:31:41	galff@https://apps.skype.com/home/index.html
		2015-08-24 11:31:41	galff@https://m.hotmail.com/
		2015-08-24 11:31:41	galff@https://s-static.ak.facebook.com/connect/xd_arbiter/PqAPbTuc2cR.js?version=41
		2015-08-24 11:31:43	galff@http://pbid.fxdepo.com/engine?site=139812;size=300x250;linktarget=_blank;rnd=(randomNumber)
		2015-08-24 11:31:44	galff@https://ls.hit.gemius.pl/lsset.html
		2015-08-24 11:32:03	galff@https://apps.skype.com/shared/adexpert/frame-hider.html
		2015-08-24 11:32:03	galff@https://static.skypeassets.com/adserver/AdLoader.html?version=1.66.17
		2015-08-24 11:32:05	galff@https://az361816.vo.msecnd.net/flextag/flextag.html?guid=cd2e0a1f-d251-46d3-8cc6-5aa22bd23662
		2015-08-24 11:32:05	galff@https://ls.hit.gemius.pl/lsget.html
		2015-08-27 16:43:57	galff@https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srf
		2015-08-27 16:43:58	galff@https://login.live.com/oauth20_desktop.srf?lc=2057
		2015-08-27 16:44:00	galff@https://login.live.com/oauth20_desktop.srf?lc=1033
		2015-08-27 16:53:07	galff@ms-settings:powersleep
		2015-08-27 17:10:57	galff@file:///C:/Users/galff/OneDrive/t100.txt
		2015-08-27 17:11:42	galff@file:///C:/Users/galff/Downloads
		2015-08-27 17:19:15	galff@file:///C:/Users/galff/AppData/Local/Temp/rpt-1.htm

DirectX Files


Name	Version	Type	Language	Size	Date
amstream.dll	6.02.10240.16384	Final Retail	English	82944	10/07/2015 14:00:28
bdaplgin.ax	6.02.10240.16384	Final Retail	English	78336	10/07/2015 14:01:12
d2d1.dll	6.02.10240.16384	Final Retail	English	4737024	10/07/2015 14:00:30
d3d10.dll	6.02.10240.16384	Final Retail	English	1060352	10/07/2015 14:00:36
d3d10_1.dll	6.02.10240.16384	Final Retail	English	157696	10/07/2015 14:00:36
d3d10_1core.dll	6.02.10240.16384	Final Retail	English	356352	10/07/2015 14:00:36
d3d10core.dll	6.02.10240.16384	Final Retail	English	320000	10/07/2015 14:00:36
d3d10level9.dll	6.02.10240.16384	Final Retail	English	501992	10/07/2015 14:00:30
d3d10warp.dll	6.02.10240.16384	Final Retail	English	2187960	10/07/2015 14:00:36
d3d11.dll	6.02.10240.16384	Final Retail	English	2158960	10/07/2015 14:00:30
d3d12.dll	6.02.10240.16384	Final Retail	English	632832	10/07/2015 14:00:30
d3d8.dll	6.02.10240.16384	Final Retail	English	1074176	10/07/2015 14:00:34
d3d8thk.dll	6.02.10240.16384	Final Retail	English	12800	10/07/2015 14:00:34
d3d9.dll	6.02.10240.16412	Final Retail	English	1867160	30/07/2015 07:26:17
d3dim.dll	6.02.10240.16384	Final Retail	English	402432	10/07/2015 14:00:34
d3dim700.dll	6.02.10240.16384	Final Retail	English	889856	10/07/2015 14:00:34
d3dramp.dll	6.02.10240.16384	Final Retail	English	595456	10/07/2015 14:00:34
d3dxof.dll	6.02.10240.16384	Final Retail	English	58880	10/07/2015 14:00:34
ddraw.dll	6.02.10240.16384	Final Retail	English	536064	10/07/2015 14:00:34
ddrawex.dll	6.02.10240.16384	Final Retail	English	39936	10/07/2015 14:00:34
devenum.dll	6.02.10240.16384	Final Retail	English	82104	10/07/2015 14:00:28
dinput.dll	6.02.10240.16384	Final Retail	English	136192	10/07/2015 14:00:31
dinput8.dll	6.02.10240.16384	Final Retail	English	172032	10/07/2015 14:00:31
dmband.dll	6.02.10240.16384	Final Retail	English	35328	10/07/2015 14:00:23
dmcompos.dll	6.02.10240.16384	Final Retail	English	75776	10/07/2015 14:00:23
dmime.dll	6.02.10240.16384	Final Retail	English	206848	10/07/2015 14:00:23
dmloader.dll	6.02.10240.16384	Final Retail	English	43008	10/07/2015 14:00:23
dmscript.dll	6.02.10240.16384	Final Retail	English	96256	10/07/2015 14:00:23
dmstyle.dll	6.02.10240.16384	Final Retail	English	121856	10/07/2015 14:00:23
dmsynth.dll	6.02.10240.16384	Final Retail	English	114688	10/07/2015 14:00:23
dmusic.dll	6.02.10240.16384	Final Retail	English	113664	10/07/2015 14:00:23
dplaysvr.exe	10.00.10240.16384	Final Retail	English	8192	10/07/2015 14:00:31
dplayx.dll	10.00.10240.16384	Final Retail	English	8192	10/07/2015 14:00:31
dpmodemx.dll	10.00.10240.16384	Final Retail	English	8192	10/07/2015 14:00:31
dpnaddr.dll	10.00.10240.16384	Final Retail	English	8192	10/07/2015 14:00:31
dpnathlp.dll	10.00.10240.16384	Final Retail	English	8192	10/07/2015 14:00:32
dpnet.dll	10.00.10240.16384	Final Retail	English	8192	10/07/2015 14:00:31
dpnhpast.dll	10.00.10240.16384	Final Retail	English	8192	10/07/2015 14:00:31
dpnhupnp.dll	10.00.10240.16384	Final Retail	English	8192	10/07/2015 14:00:31
dpnlobby.dll	10.00.10240.16384	Final Retail	English	8192	10/07/2015 14:00:31
dpnsvr.exe	10.00.10240.16384	Final Retail	English	8192	10/07/2015 14:00:31
dpwsockx.dll	10.00.10240.16384	Final Retail	English	8192	10/07/2015 14:00:31
dsdmo.dll	6.02.10240.16384	Final Retail	English	186880	10/07/2015 14:00:28
dsound.dll	6.02.10240.16384	Final Retail	English	527360	10/07/2015 14:00:28
dswave.dll	6.02.10240.16384	Final Retail	English	24064	10/07/2015 14:00:23
dwrite.dll	6.02.10240.16430	Final Retail	English	1985024	08/08/2015 09:00:46
dxdiagn.dll	6.02.10240.16384	Final Retail	English	272896	10/07/2015 14:00:34
dxgi.dll	6.02.10240.16412	Final Retail	English	507696	30/07/2015 07:22:32
dxmasf.dll	12.00.10240.16384	Final Retail	English	4608	10/07/2015 14:01:37
dxtmsft.dll	11.00.10240.16384	Final Retail	English	400896	10/07/2015 14:01:20
dxtrans.dll	11.00.10240.16384	Final Retail	English	252928	10/07/2015 14:01:20
dxva2.dll	6.02.10240.16384	Final Retail	English	113112	10/07/2015 14:00:30
encapi.dll	6.02.10240.16384	Final Retail	English	22016	10/07/2015 14:00:28
gcdef.dll	6.02.10240.16384	Final Retail	English	123904	10/07/2015 14:00:31
iac25_32.ax	2.00.0005.0053	Final Retail	English	197632	10/07/2015 14:00:23
ir41_32.ax	6.02.10240.16384	Final Retail	English	9216	10/07/2015 14:00:23
ir41_qc.dll	6.02.10240.16384	Final Retail	English	9216	10/07/2015 14:00:23
ir41_qcx.dll	6.02.10240.16384	Final Retail	English	9216	10/07/2015 14:00:23
ir50_32.dll	6.02.10240.16384	Final Retail	English	9216	10/07/2015 14:00:23
ir50_qc.dll	6.02.10240.16384	Final Retail	English	9216	10/07/2015 14:00:23
ir50_qcx.dll	6.02.10240.16384	Final Retail	English	9216	10/07/2015 14:00:23
ivfsrc.ax	5.10.0002.0051	Final Retail	English	146944	10/07/2015 14:00:23
joy.cpl	6.02.10240.16384	Final Retail	English	137216	10/07/2015 14:00:31
ksproxy.ax	6.02.10240.16384	Final Retail	English	235008	10/07/2015 14:00:28
kstvtune.ax	6.02.10240.16384	Final Retail	English	93696	10/07/2015 14:01:12
ksuser.dll	6.02.10240.16384	Final Retail	English	19136	10/07/2015 14:00:28
kswdmcap.ax	6.02.10240.16384	Final Retail	English	118784	10/07/2015 14:00:28
ksxbar.ax	6.02.10240.16384	Final Retail	English	57856	10/07/2015 14:01:12
mciqtz32.dll	6.02.10240.16384	Final Retail	English	39936	10/07/2015 14:00:28
mfc40.dll	4.01.0000.6140	Final Retail	English	924944	10/07/2015 14:00:27
mfc42.dll	6.06.8063.0000	Beta Retail	English	1206784	10/07/2015 14:00:27
mpeg2data.ax	6.02.10240.16384	Final Retail	English	82944	10/07/2015 14:01:12
mpg2splt.ax	6.02.10240.16384	Final Retail	English	221696	10/07/2015 14:00:31
msdmo.dll	6.02.10240.16384	Final Retail	English	28424	10/07/2015 14:00:28
msdvbnp.ax	6.02.10240.16384	Final Retail	English	72192	10/07/2015 14:01:12
msvidctl.dll	6.05.10240.16384	Final Retail	English	2362368	10/07/2015 14:01:12
msyuv.dll	6.02.10240.16384	Final Retail	English	23552	10/07/2015 14:00:28
pid.dll	6.02.10240.16384	Final Retail	English	37888	10/07/2015 14:00:31
psisdecd.dll	6.02.10240.16384	Final Retail	English	499200	10/07/2015 14:01:12
psisrndr.ax	6.02.10240.16384	Final Retail	English	87552	10/07/2015 14:01:12
qasf.dll	12.00.10240.16384	Final Retail	English	236544	10/07/2015 14:00:31
qcap.dll	6.02.10240.16384	Final Retail	English	218624	10/07/2015 14:00:28
qdv.dll	6.02.10240.16384	Final Retail	English	296960	10/07/2015 14:00:28
qdvd.dll	6.02.10240.16384	Final Retail	English	563200	10/07/2015 14:00:28
qedit.dll	6.02.10240.16384	Final Retail	English	573440	10/07/2015 14:01:12
qedwipes.dll	6.02.10240.16384	Final Retail	English	734208	10/07/2015 14:01:12
quartz.dll	6.02.10240.16384	Final Retail	English	1541632	10/07/2015 14:00:28
vbisurf.ax	6.02.10240.16384	Final Retail	English	40960	10/07/2015 14:01:12
vfwwdm32.dll	6.02.10240.16384	Final Retail	English	58880	10/07/2015 14:00:28
wsock32.dll	6.02.10240.16384	Final Retail	English	16384	10/07/2015 14:00:32

DirectX Video


[ Primary Display Driver ]

	DirectDraw Device Properties:
		DirectDraw Driver Name	display
		DirectDraw Driver Description	Primary Display Driver
		Hardware Driver	igdumdim32.dll (10.18.15.4256)
		Hardware Description	Intel(R) HD Graphics

	Direct3D Device Properties:
		Rendering Bit Depths	8, 16, 32
		Z-Buffer Bit Depths	16, 24, 32
		Multisample Anti-Aliasing Modes	MSAA 2x, MSAA 4x, MSAA 8x
		Min Texture Size	1 x 1
		Max Texture Size	8192 x 8192
		Unified Shader Version	5.1
		DirectX Hardware Support	DirectX v11.1

	Direct3D Device Features:
		Additive Texture Blending	Supported
		AGP Texturing	Not Supported
		Anisotropic Filtering	Supported
		Automatic Mipmap Generation	Supported
		Bilinear Filtering	Supported
		Compute Shader	Supported
		Cubic Environment Mapping	Supported
		Cubic Filtering	Not Supported
		Decal-Alpha Texture Blending	Supported
		Decal Texture Blending	Supported
		Directional Lights	Supported
		DirectX Texture Compression	Not Supported
		DirectX Volumetric Texture Compression	Not Supported
		Dithering	Supported
		Dot3 Texture Blending	Supported
		Double-Precision Floating-Point	Supported
		Driver Concurrent Creates	Supported
		Driver Command Lists	Not Supported
		Dynamic Textures	Supported
		Edge Anti-Aliasing	Not Supported
		Environmental Bump Mapping	Supported
		Environmental Bump Mapping + Luminance	Supported
		Factor Alpha Blending	Supported
		Geometric Hidden-Surface Removal	Not Supported
		Geometry Shader	Supported
		Guard Band	Supported
		Hardware Scene Rasterization	Supported
		Hardware Transform & Lighting	Supported
		Legacy Depth Bias	Supported
		Map On Default Buffers	Supported
		Mipmap LOD Bias Adjustments	Supported
		Mipmapped Cube Textures	Supported
		Mipmapped Volume Textures	Supported
		Modulate-Alpha Texture Blending	Supported
		Modulate Texture Blending	Supported
		Non-Square Textures	Supported
		N-Patches	Not Supported
		Perspective Texture Correction	Supported
		Point Lights	Supported
		Point Sampling	Supported
		Projective Textures	Supported
		Quintic Bezier Curves & B-Splines	Not Supported
		Range-Based Fog	Supported
		Rectangular & Triangular Patches	Not Supported
		Rendering In Windowed Mode	Supported
		Runtime Shader Linking	Supported
		Scissor Test	Supported
		Slope-Scale Based Depth Bias	Supported
		Specular Flat Shading	Supported
		Specular Gouraud Shading	Supported
		Specular Phong Shading	Not Supported
		Spherical Mapping	Supported
		Spot Lights	Supported
		Stencil Buffers	Supported
		Sub-Pixel Accuracy	Supported
		Subtractive Texture Blending	Supported
		Table Fog	Supported
		Texture Alpha Blending	Supported
		Texture Clamping	Supported
		Texture Mirroring	Supported
		Texture Transparency	Supported
		Texture Wrapping	Supported
		Tiled Resources	Not Supported
		Triangle Culling	Not Supported
		Trilinear Filtering	Supported
		Two-Sided Stencil Test	Supported
		Vertex Alpha Blending	Supported
		Vertex Fog	Supported
		Vertex Tweening	Supported
		Volume Textures	Supported
		W-Based Fog	Supported
		W-Buffering	Not Supported
		Z-Based Fog	Supported
		Z-Bias	Supported
		Z-Test	Supported

	Supported FourCC Codes:
		AI44	Supported
		AYUV	Supported
		I420	Supported
		IA44	Supported
		IMC1	Supported
		IMC2	Supported
		IMC3	Supported
		IMC4	Supported
		IYUV	Supported
		NV11	Supported
		NV12	Supported
		P010	Supported
		P016	Supported
		P208	Supported
		UYVY	Supported
		VYUY	Supported
		YUY2	Supported
		YV12	Supported
		YVU9	Supported
		YVYU	Supported

	Video Adapter Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

DirectX Sound


[ Primary Sound Driver ]

	DirectSound Device Properties:
		Device Description	Primary Sound Driver
		Driver Module
		Primary Buffers	1
		Min / Max Secondary Buffers Sample Rate	100 / 200000 Hz
		Primary Buffers Sound Formats	8-bit, 16-bit, Mono, Stereo
		Secondary Buffers Sound Formats	8-bit, 16-bit, Mono, Stereo
		Total / Free Sound Buffers	1 / 0
		Total / Free Static Sound Buffers	1 / 0
		Total / Free Streaming Sound Buffers	1 / 0
		Total / Free 3D Sound Buffers	0 / 0
		Total / Free 3D Static Sound Buffers	0 / 0
		Total / Free 3D Streaming Sound Buffers	0 / 0

	DirectSound Device Features:
		Certified Driver	No
		Emulated Device	No
		Precise Sample Rate	Supported
		DirectSound3D	Not Supported
		Creative EAX 1.0	Not Supported
		Creative EAX 2.0	Not Supported
		Creative EAX 3.0	Not Supported
		Creative EAX 4.0	Not Supported
		Creative EAX 5.0	Not Supported
		I3DL2	Not Supported
		Sensaura ZoomFX	Not Supported

[ Speakers (Intel SST Audio Device (WDM)) ]

	DirectSound Device Properties:
		Device Description	Speakers (Intel SST Audio Device (WDM))
		Driver Module	{0.0.0.00000000}.{f27245b5-275c-4919-9d37-093b4165f65b}
		Primary Buffers	1
		Min / Max Secondary Buffers Sample Rate	100 / 200000 Hz
		Primary Buffers Sound Formats	8-bit, 16-bit, Mono, Stereo
		Secondary Buffers Sound Formats	8-bit, 16-bit, Mono, Stereo
		Total / Free Sound Buffers	1 / 0
		Total / Free Static Sound Buffers	1 / 0
		Total / Free Streaming Sound Buffers	1 / 0
		Total / Free 3D Sound Buffers	0 / 0
		Total / Free 3D Static Sound Buffers	0 / 0
		Total / Free 3D Streaming Sound Buffers	0 / 0

	DirectSound Device Features:
		Certified Driver	No
		Emulated Device	No
		Precise Sample Rate	Supported
		DirectSound3D	Not Supported
		Creative EAX 1.0	Not Supported
		Creative EAX 2.0	Not Supported
		Creative EAX 3.0	Not Supported
		Creative EAX 4.0	Not Supported
		Creative EAX 5.0	Not Supported
		I3DL2	Not Supported
		Sensaura ZoomFX	Not Supported

Windows Devices


[ Devices ]

	Audio inputs and outputs:
		Microphone (Intel SST Audio Device (WDM))	10.0.10240.16384
		Speakers (Intel SST Audio Device (WDM))	10.0.10240.16384

	Batteries:
		Microsoft AC Adapter	10.0.10240.16384
		Microsoft ACPI-Compliant Control Method Battery	10.0.10240.16384

	Bluetooth:
		Bluetooth Radio	10.0.10240.16391
		Microsoft Bluetooth Enumerator	10.0.10240.16391
		Microsoft Bluetooth LE Enumerator	10.0.10240.16384

	Computer:
		ACPI x64-based PC	10.0.10240.16384
		Intel(R) Serial IO DMA Controller	10.0.10240.16384
		Intel(R) Serial IO DMA Controller	10.0.10240.16384

	Disk drives:
		Samsung CGND3R	10.0.10240.16384

	Display adapters:
		Intel(R) HD Graphics	10.18.15.4256

	Firmware:
		System Firmware	10.0.10240.16384

	Human Interface Devices:
		Converted Portable Device Control device	10.0.10240.16384
		GPIO Laptop or Slate Indicator Driver	10.0.10240.16425
		HID Button over Interrupt Driver	10.0.10240.16384
		HID PCI Minidriver for ISS	2.0.0.3012
		HID PCI Minidriver for ISS	2.0.0.3012
		HID PCI Minidriver for ISS	2.0.0.3012
		HID PCI Minidriver for ISS	2.0.0.3012
		HID PCI Minidriver for ISS	2.0.0.3012
		HID-compliant consumer control device	10.0.10240.16384
		HID-compliant consumer control device	10.0.10240.16384
		HID-compliant consumer control device	10.0.10240.16384
		HID-compliant consumer control device	10.0.10240.16384
		HID-compliant consumer control device	10.0.10240.16384
		HID-compliant consumer control device	10.0.10240.16384
		HID-compliant consumer control device	10.0.10240.16384
		HID-compliant consumer control device	10.0.10240.16384
		HID-compliant consumer control device	10.0.10240.16384
		HID-compliant consumer control device	10.0.10240.16384
		HID-compliant consumer control device	10.0.10240.16384
		HID-compliant device	10.0.10240.16384
		HID-compliant system controller	10.0.10240.16384
		HID-compliant system controller	10.0.10240.16384
		HID-compliant system controller	10.0.10240.16384
		HID-compliant system controller	10.0.10240.16384
		HID-compliant system controller	10.0.10240.16384
		HID-compliant touch screen	10.0.10240.16384
		HID-compliant vendor-defined device	10.0.10240.16384
		HID-compliant vendor-defined device	10.0.10240.16384
		HID-compliant vendor-defined device	10.0.10240.16384
		HID-compliant vendor-defined device	10.0.10240.16384
		HID-compliant vendor-defined device	10.0.10240.16384
		HID-compliant vendor-defined device	10.0.10240.16384
		HID-compliant wireless radio controls	10.0.10240.16384
		I2C HID Device	10.0.10240.16384
		Intel(R) HID Event Filter	604.10146.2708.64268
		Portable Device Control device	10.0.10240.16384
		USB Input Device	10.0.10240.16384
		USB Input Device	10.0.10240.16384
		USB Input Device	10.0.10240.16384
		USB Input Device	10.0.10240.16384

	Imaging devices:
		Intel(R) AVStream Camera	21.10154.5886.364

	Keyboards:
		HID Keyboard Device	10.0.10240.16384
		HID Keyboard Device	10.0.10240.16384
		HID Keyboard Device	10.0.10240.16384

	Mice and other pointing devices:
		ASUS Touchpad	8.1.0.16
		HID-compliant mouse	10.0.10240.16384

	Monitors:
		Generic PnP Monitor	10.0.10240.16384

	Network adapters:
		Bluetooth Device (Personal Area Network)	10.0.10240.16384
		Bluetooth Device (RFCOMM Protocol TDI)	10.0.10240.16384
		Broadcom 802.11abgn Wireless SDIO Adapter	5.93.103.20
		Microsoft ISATAP Adapter	10.0.10240.16384
		Microsoft Kernel Debug Network Adapter	10.0.10240.16384
		Microsoft Teredo Tunneling Adapter	10.0.10240.16384
		Microsoft Wi-Fi Direct Virtual Adapter	10.0.10240.16384

	Ports (COM & LPT):
		Communications Port (COM1)	10.0.10240.16384

	Print queues:
		Fax	10.0.10240.16384
		Microsoft Print to PDF	10.0.10240.16384
		Microsoft XPS Document Writer	10.0.10240.16384
		Root Print Queue	10.0.10240.16384

	Processors:
		Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz	10.0.10240.16384
		Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz	10.0.10240.16384
		Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz	10.0.10240.16384
		Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz	10.0.10240.16384

	SD host adapters:
		Intel SD Host Controller	10.0.10240.16384
		Intel SD Host Controller	10.0.10240.16384
		Intel SD Host Controller	10.0.10240.16384

	Security devices:
		Trusted Platform Module 2.0	10.0.10240.16384

	Sensors:
		HID Advanced Sensor Collection V2	2.0.0.3012
		HID Advanced Sensor Collection	2.0.0.3012
		HID Sensor Collection V2	10.0.10240.16412
		HID Sensor Collection V2	10.0.10240.16412
		HID Sensor Collection V2	10.0.10240.16412

	Software devices:
		Bluetooth	10.0.10240.16384
		Lightweight Sensors Root Enumerator	10.0.10240.16384
		Microsoft Device Association Root Enumerator	10.0.10240.16384
		Microsoft GS Wavetable Synth	10.0.10240.16384
		Microsoft IPv4 IPv6 Transition Adapter Bus	10.0.10240.16384
		Microsoft Passport Container Enumeration Bus	10.0.10240.16384
		Microsoft Radio Device Enumeration Bus	10.0.10240.16384
		Smart Card Device Enumeration Bus	10.0.10240.16384
		Wi-Fi	10.0.10240.16384

	Sound, video and game controllers:
		Intel SST Audio Device (WDM)	604.10135.6766.2749
		Realtek I2S Audio Codec	6.4.10147.4290

	Storage controllers:
		Microsoft Storage Spaces Controller	10.0.10240.16384
		SD Storage Class Controller	10.0.10240.16384

	Storage volumes:
		Generic volume	10.0.10240.16384
		Generic volume	10.0.10240.16384
		Generic volume	10.0.10240.16384
		Generic volume	10.0.10240.16384

	System devices:
		ACPI Fixed Feature Button	10.0.10240.16384
		ACPI Lid	10.0.10240.16384
		ACPI Power Button	10.0.10240.16384
		ACPI Processor Aggregator	10.0.10240.16384
		ACPI Sleep Button	10.0.10240.16384
		ACPI Thermal Zone	10.0.10240.16384
		bcmfn2 Device	5.93.103.20
		bcmfn2 Device	5.93.103.20
		Broadcom Serial Bus Driver over UART Bus Enumerator	12.0.1.695
		Camera Sensor ov5670	21.10130.350.8554
		Camera Sensor Unicam hm2051	1.0.10.1
		Composite Bus Enumerator	10.0.10240.16384
		High precision event timer	10.0.10240.16384
		Intel Serial IO GPIO Controller	604.10146.2652.361
		Intel Serial IO GPIO Controller	604.10146.2652.361
		Intel Serial IO GPIO Controller	604.10146.2652.361
		Intel Serial IO GPIO Controller	604.10146.2652.361
		Intel Serial IO GPIO Controller	604.10146.2652.361
		Intel(R) Dynamic Platform & Thermal Framework Display Participant Driver	604.10146.2651.1559
		Intel(R) Dynamic Platform & Thermal Framework Driver	604.10146.2651.1559
		Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver	604.10146.2651.1559
		Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver	604.10146.2651.1559
		Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver	604.10146.2651.1559
		Intel(R) Dynamic Platform & Thermal Framework Processor Participant Driver	604.10146.2651.1559
		Intel(R) Imaging Signal Processor 2401	21.10154.5886.364
		Intel(R) Integrated Sensor Solution	2.0.0.3012
		Intel(R) Power Engine Plug-in	10.0.10240.16384
		Intel(R) Power Management IC Device	604.10146.2656.541
		Intel(R) Serial IO I2C ES Controller	604.10146.2654.2819
		Intel(R) Serial IO I2C ES Controller	604.10146.2654.2819
		Intel(R) Serial IO I2C ES Controller	604.10146.2654.2819
		Intel(R) Serial IO I2C ES Controller	604.10146.2654.2819
		Intel(R) Serial IO I2C ES Controller	604.10146.2654.2819
		Intel(R) Serial IO I2C ES Controller	604.10146.2654.2819
		Intel(R) Serial IO I2C ES Controller	604.10146.2654.2819
		Intel(R) Serial IO SPI Controller	604.10146.2657.947
		Intel(R) Serial IO SPI Controller	604.10146.2657.947
		Intel(R) Serial IO SPI Controller	604.10146.2657.947
		Intel(R) Serial IO UART Controller	604.10146.2653.391
		Intel(R) Serial IO UART Controller	604.10146.2653.391
		Intel(R) Sideband Fabric Device	604.10146.2655.573
		Intel(R) Trusted Execution Engine Interface	2.0.0.1067
		ISS Dynamic Bus Enumerator	2.0.0.3012
		Legacy device	10.0.10240.16384
		Microsoft ACPI-Compliant System	10.0.10240.16397
		Microsoft Basic Display Driver	10.0.10240.16384
		Microsoft Basic Render Driver	10.0.10240.16384
		Microsoft System Management BIOS Driver	10.0.10240.16384
		Microsoft UEFI-Compliant System	10.0.10240.16384
		Microsoft Virtual Drive Enumerator	10.0.10240.16384
		Microsoft Windows Management Interface for ACPI	10.0.10240.16384
		Motherboard resources	10.0.10240.16384
		Motherboard resources	10.0.10240.16384
		Motherboard resources	10.0.10240.16384
		Motherboard resources	10.0.10240.16384
		NDIS Virtual Network Adapter Enumerator	10.0.10240.16384
		PCI Express Root Complex	10.0.10240.16390
		PCI standard host CPU bridge	10.0.10240.16384
		PCI standard ISA bridge	10.0.10240.16384
		Plug and Play Software Device Enumerator	10.0.10240.16384
		Programmable interrupt controller	10.0.10240.16384
		Remote Desktop Device Redirector Bus	10.0.10240.16384
		System CMOS/real time clock	10.0.10240.16384
		System timer	10.0.10240.16384
		UMBus Root Bus Enumerator	10.0.10240.16384
		Volume Manager	10.0.10240.16384

	Universal Serial Bus controllers:
		Generic USB Hub	10.0.10240.16425
		Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)	10.0.10240.16384
		USB Composite Device	10.0.10240.16384
		USB Root Hub (xHCI)	10.0.10240.16425

	Unknown:
		Unknown

[ Audio inputs and outputs / Microphone (Intel SST Audio Device (WDM)) ]

	Device Properties:
		Driver Description	Microphone (Intel SST Audio Device (WDM))
		Driver Date	09/07/2015
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	audioendpoint.inf
		Hardware ID	MMDEVAPI\AudioEndpoints

[ Audio inputs and outputs / Speakers (Intel SST Audio Device (WDM)) ]

	Device Properties:
		Driver Description	Speakers (Intel SST Audio Device (WDM))
		Driver Date	09/07/2015
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	audioendpoint.inf
		Hardware ID	MMDEVAPI\AudioEndpoints

[ Batteries / Microsoft AC Adapter ]

	Device Properties:
		Driver Description	Microsoft AC Adapter
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	cmbatt.inf
		Hardware ID	ACPI\VEN_ACPI&DEV_0003

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Batteries / Microsoft ACPI-Compliant Control Method Battery ]

	Device Properties:
		Driver Description	Microsoft ACPI-Compliant Control Method Battery
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	cmbatt.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C0A

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Bluetooth / Bluetooth Radio ]

	Device Properties:
		Driver Description	Bluetooth Radio
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16391
		Driver Provider	Microsoft
		INF File	bth.inf
		Hardware ID	BCMBTBUS\BLUETOOTH
		Location Information	Serial HCI Bus - Bluetooth Function

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Bluetooth / Microsoft Bluetooth Enumerator ]

	Device Properties:
		Driver Description	Microsoft Bluetooth Enumerator
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16391
		Driver Provider	Microsoft
		INF File	bth.inf
		Hardware ID	BTH\MS_BTHBRB

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Bluetooth / Microsoft Bluetooth LE Enumerator ]

	Device Properties:
		Driver Description	Microsoft Bluetooth LE Enumerator
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	bthleenum.inf
		Hardware ID	BTH\MS_BTHLE

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Computer / ACPI x64-based PC ]

	Device Properties:
		Driver Description	ACPI x64-based PC
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	hal.inf
		Hardware ID	acpiapic

[ Computer / Intel(R) Serial IO DMA Controller ]

	Device Properties:
		Driver Description	Intel(R) Serial IO DMA Controller
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	halextintclpiodma.inf
		Hardware ID	ACPI\VEN_INTL&DEV_9C60

[ Computer / Intel(R) Serial IO DMA Controller ]

	Device Properties:
		Driver Description	Intel(R) Serial IO DMA Controller
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	halextintclpiodma.inf
		Hardware ID	ACPI\VEN_INTL&DEV_9C60

[ Disk drives / Samsung CGND3R ]

	Device Properties:
		Driver Description	Samsung CGND3R
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	disk.inf
		Hardware ID	SD\GenDisk
		Location Information	Bus Number 1, Target Id 2, LUN 0

	Device Manufacturer:
		Company Name	Samsung
		Product Information	http://www.samsung.com/us/computer/solid-state-drives
		Driver Update	http://www.aida64.com/driver-updates

[ Display adapters / Intel(R) HD Graphics ]

	Device Properties:
		Driver Description	Intel(R) HD Graphics
		Driver Date	17/07/2015
		Driver Version	10.18.15.4256
		Driver Provider	Intel Corporation
		INF File	oem30.inf
		Hardware ID	PCI\VEN_8086&DEV_22B0&SUBSYS_1BDD1043&REV_20
		Location Information	PCI bus 0, device 2, function 0
		PCI Device	Intel Cherry Trail / Braswell SoC - Integrated Graphics Controller (16 EU)

	Device Resources:
		IRQ	65536
		Memory	80000000-8FFFFFFF
		Memory	90000000-90FFFFFF
		Port	F000-F03F

	Video Adapter Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

[ Firmware / System Firmware ]

	Device Properties:
		Driver Description	System Firmware
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	c_firmware.inf
		Hardware ID	UEFI\RES_{7039436b-6acf-433b-86a1-368ec2ef7e1f}&REV_204

[ Human Interface Devices / Converted Portable Device Control device ]

	Device Properties:
		Driver Description	Converted Portable Device Control device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	buttonconverter.inf
		Hardware ID	ButtonConverter\ConvertedDevice

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / GPIO Laptop or Slate Indicator Driver ]

	Device Properties:
		Driver Description	GPIO Laptop or Slate Indicator Driver
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16425
		Driver Provider	Microsoft
		INF File	msgpiowin32.inf
		Hardware ID	ACPI\VEN_INT&DEV_33D3

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID Button over Interrupt Driver ]

	Device Properties:
		Driver Description	HID Button over Interrupt Driver
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	hidinterrupt.inf
		Hardware ID	ACPI\VEN_ACPI&DEV_0011

	Device Resources:
		IRQ	1031
		IRQ	1032
		IRQ	1033
		IRQ	1034
		IRQ	1035

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID PCI Minidriver for ISS ]

	Device Properties:
		Driver Description	HID PCI Minidriver for ISS
		Driver Date	02/07/2015
		Driver Version	2.0.0.3012
		Driver Provider	Vendor Name
		INF File	oem3.inf
		Hardware ID	{DEA5AE2A-D1FD-438A-A091-CBD484788436}\Vid_8086&Pid_0001
		Location Information	ISH Bus 0

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID PCI Minidriver for ISS ]

	Device Properties:
		Driver Description	HID PCI Minidriver for ISS
		Driver Date	02/07/2015
		Driver Version	2.0.0.3012
		Driver Provider	Vendor Name
		INF File	oem3.inf
		Hardware ID	{DEA5AE2A-D1FD-438A-A091-CBD484788436}\Vid_8086&Pid_0001
		Location Information	ISH Bus 0

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID PCI Minidriver for ISS ]

	Device Properties:
		Driver Description	HID PCI Minidriver for ISS
		Driver Date	02/07/2015
		Driver Version	2.0.0.3012
		Driver Provider	Vendor Name
		INF File	oem3.inf
		Hardware ID	{DEA5AE2A-D1FD-438A-A091-CBD484788436}\Vid_8086&Pid_0001
		Location Information	ISH Bus 0

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID PCI Minidriver for ISS ]

	Device Properties:
		Driver Description	HID PCI Minidriver for ISS
		Driver Date	02/07/2015
		Driver Version	2.0.0.3012
		Driver Provider	Vendor Name
		INF File	oem3.inf
		Hardware ID	{DEA5AE2A-D1FD-438A-A091-CBD484788436}\Vid_8086&Pid_0002
		Location Information	ISH Bus 0

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID PCI Minidriver for ISS ]

	Device Properties:
		Driver Description	HID PCI Minidriver for ISS
		Driver Date	02/07/2015
		Driver Version	2.0.0.3012
		Driver Provider	Vendor Name
		INF File	oem3.inf
		Hardware ID	{DEA5AE2A-D1FD-438A-A091-CBD484788436}\Vid_8086&Pid_8002
		Location Information	ISH Bus 0

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant consumer control device ]

	Device Properties:
		Driver Description	HID-compliant consumer control device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	hidserv.inf
		Hardware ID	HID\VID_0B05&PID_1807&REV_0011&MI_01&Col02

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant consumer control device ]

	Device Properties:
		Driver Description	HID-compliant consumer control device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	hidserv.inf
		Hardware ID	HID\INTC816&Col06

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant consumer control device ]

	Device Properties:
		Driver Description	HID-compliant consumer control device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	hidserv.inf
		Hardware ID	HID\INTC816&Col07

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant consumer control device ]

	Device Properties:
		Driver Description	HID-compliant consumer control device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	hidserv.inf
		Hardware ID	HID\INTC816&Col08

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant consumer control device ]

	Device Properties:
		Driver Description	HID-compliant consumer control device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	hidserv.inf
		Hardware ID	HID\INTC816&Col09

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant consumer control device ]

	Device Properties:
		Driver Description	HID-compliant consumer control device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	hidserv.inf
		Hardware ID	HID\INTC816&Col0A

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant consumer control device ]

	Device Properties:
		Driver Description	HID-compliant consumer control device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	hidserv.inf
		Hardware ID	HID\INTC816&Col0B

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant consumer control device ]

	Device Properties:
		Driver Description	HID-compliant consumer control device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	hidserv.inf
		Hardware ID	HID\INTC816&Col0C

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant consumer control device ]

	Device Properties:
		Driver Description	HID-compliant consumer control device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	hidserv.inf
		Hardware ID	HID\INTC816&Col0D

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant consumer control device ]

	Device Properties:
		Driver Description	HID-compliant consumer control device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	hidserv.inf
		Hardware ID	HID\INTC816&Col0E

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant consumer control device ]

	Device Properties:
		Driver Description	HID-compliant consumer control device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	hidserv.inf
		Hardware ID	HID\ConvertedDevice&Col02

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant device ]

	Device Properties:
		Driver Description	HID-compliant device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	input.inf
		Hardware ID	HID\VID_0B05&PID_1807&REV_0011&MI_01&Col03

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant system controller ]

	Device Properties:
		Driver Description	HID-compliant system controller
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	input.inf
		Hardware ID	HID\VID_0B05&PID_1807&REV_0011&MI_01&Col04

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant system controller ]

	Device Properties:
		Driver Description	HID-compliant system controller
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	input.inf
		Hardware ID	HID\INTC816&Col03

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant system controller ]

	Device Properties:
		Driver Description	HID-compliant system controller
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	input.inf
		Hardware ID	HID\INTC816&Col04

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant system controller ]

	Device Properties:
		Driver Description	HID-compliant system controller
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	input.inf
		Hardware ID	HID\INTC816&Col05

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant system controller ]

	Device Properties:
		Driver Description	HID-compliant system controller
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	input.inf
		Hardware ID	HID\ConvertedDevice&Col03

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant touch screen ]

	Device Properties:
		Driver Description	HID-compliant touch screen
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	input.inf
		Hardware ID	HID\VEN_SIS&DEV_0457&Col01

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant vendor-defined device ]

	Device Properties:
		Driver Description	HID-compliant vendor-defined device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	input.inf
		Hardware ID	HID\VID_0B05&PID_1807&REV_0011&MI_01&Col01

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant vendor-defined device ]

	Device Properties:
		Driver Description	HID-compliant vendor-defined device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	input.inf
		Hardware ID	HID\VID_0B05&PID_1807&REV_0011&MI_02&Col02

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant vendor-defined device ]

	Device Properties:
		Driver Description	HID-compliant vendor-defined device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	input.inf
		Hardware ID	HID\INTC816&Col0F

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant vendor-defined device ]

	Device Properties:
		Driver Description	HID-compliant vendor-defined device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	input.inf
		Hardware ID	HID\INTC816&Col10

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant vendor-defined device ]

	Device Properties:
		Driver Description	HID-compliant vendor-defined device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	input.inf
		Hardware ID	HID\INTC816&Col11

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant vendor-defined device ]

	Device Properties:
		Driver Description	HID-compliant vendor-defined device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	input.inf
		Hardware ID	HID\VEN_SIS&DEV_0457&Col02

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant wireless radio controls ]

	Device Properties:
		Driver Description	HID-compliant wireless radio controls
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	input.inf
		Hardware ID	HID\INTC816&Col02

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / I2C HID Device ]

	Device Properties:
		Driver Description	I2C HID Device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	hidi2c.inf
		Hardware ID	ACPI\VEN_SIS&DEV_0457

	Device Resources:
		IRQ	1039

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / Intel(R) HID Event Filter ]

	Device Properties:
		Driver Description	Intel(R) HID Event Filter
		Driver Date	25/04/2015
		Driver Version	604.10146.2708.64268
		Driver Provider	Intel(R)
		INF File	oem6.inf
		Hardware ID	ACPI\VEN_INT&DEV_33D5

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / Portable Device Control device ]

	Device Properties:
		Driver Description	Portable Device Control device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	buttonconverter.inf
		Hardware ID	HID\VEN_ACPI&DEV_0011

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / USB Input Device ]

	Device Properties:
		Driver Description	USB Input Device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	input.inf
		Hardware ID	USB\VID_0B05&PID_1807&REV_0011&MI_00
		Location Information	0000.0014.0000.003.003.000.000.000.000

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / USB Input Device ]

	Device Properties:
		Driver Description	USB Input Device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	input.inf
		Hardware ID	USB\VID_0B05&PID_1807&REV_0011&MI_01
		Location Information	0000.0014.0000.003.003.000.000.000.000

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / USB Input Device ]

	Device Properties:
		Driver Description	USB Input Device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	input.inf
		Hardware ID	USB\VID_0B05&PID_1807&REV_0011&MI_02
		Location Information	0000.0014.0000.003.003.000.000.000.000

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / USB Input Device ]

	Device Properties:
		Driver Description	USB Input Device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	input.inf
		Hardware ID	USB\VID_0458&PID_003A&REV_0100
		Location Information	Port_#0001.Hub_#0002

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Imaging devices / Intel(R) AVStream Camera ]

	Device Properties:
		Driver Description	Intel(R) AVStream Camera
		Driver Date	02/07/2015
		Driver Version	21.10154.5886.364
		Driver Provider	Intel
		INF File	oem25.inf
		Hardware ID	VIDEO\VEN_8086&DEV_22B0&SUBSYS_1BDD1043&REV_20&INT22B8

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Keyboards / HID Keyboard Device ]

	Device Properties:
		Driver Description	HID Keyboard Device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	keyboard.inf
		Hardware ID	HID\VID_0B05&PID_1807&REV_0011&MI_00

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Keyboards / HID Keyboard Device ]

	Device Properties:
		Driver Description	HID Keyboard Device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	keyboard.inf
		Hardware ID	HID\INTC816&Col01

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Keyboards / HID Keyboard Device ]

	Device Properties:
		Driver Description	HID Keyboard Device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	keyboard.inf
		Hardware ID	HID\ConvertedDevice&Col01

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Mice and other pointing devices / ASUS Touchpad ]

	Device Properties:
		Driver Description	ASUS Touchpad
		Driver Date	18/06/2015
		Driver Version	8.1.0.16
		Driver Provider	ASUS
		INF File	oem29.inf
		Hardware ID	HID\VID_0B05&PID_1807&REV_0011&MI_02&Col01

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Mice and other pointing devices / HID-compliant mouse ]

	Device Properties:
		Driver Description	HID-compliant mouse
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	msmouse.inf
		Hardware ID	HID\VID_0458&PID_003A&REV_0100

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Monitors / Generic PnP Monitor ]

	Device Properties:
		Driver Description	Generic PnP Monitor
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	monitor.inf
		Hardware ID	MONITOR\AUO20D4

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Network adapters / Bluetooth Device (Personal Area Network) ]

	Device Properties:
		Driver Description	Bluetooth Device (Personal Area Network)
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	bthpan.inf
		Hardware ID	BTH\MS_BTHPAN

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Network adapters / Bluetooth Device (RFCOMM Protocol TDI) ]

	Device Properties:
		Driver Description	Bluetooth Device (RFCOMM Protocol TDI)
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	tdibth.inf
		Hardware ID	BTH\MS_RFCOMM

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Network adapters / Broadcom 802.11abgn Wireless SDIO Adapter ]

	Device Properties:
		Driver Description	Broadcom 802.11abgn Wireless SDIO Adapter
		Driver Date	16/07/2015
		Driver Version	5.93.103.20
		Driver Provider	Broadcom
		INF File	oem26.inf
		Hardware ID	SD\VID_02d0&PID_a94d&FN_1

	Device Resources:
		IRQ	1040

	Network Adapter Manufacturer:
		Company Name	Broadcom Corporation
		Product Information	http://www.broadcom.com/products
		Driver Download	http://www.broadcom.com/support/?gid=9
		Driver Update	http://www.aida64.com/driver-updates

[ Network adapters / Microsoft ISATAP Adapter ]

	Device Properties:
		Driver Description	Microsoft ISATAP Adapter
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	nettun.inf
		Hardware ID	*ISATAP

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Network adapters / Microsoft Kernel Debug Network Adapter ]

	Device Properties:
		Driver Description	Microsoft Kernel Debug Network Adapter
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	kdnic.inf
		Hardware ID	root\kdnic

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Network adapters / Microsoft Teredo Tunneling Adapter ]

	Device Properties:
		Driver Description	Microsoft Teredo Tunneling Adapter
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	nettun.inf
		Hardware ID	*TEREDO

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Network adapters / Microsoft Wi-Fi Direct Virtual Adapter ]

	Device Properties:
		Driver Description	Microsoft Wi-Fi Direct Virtual Adapter
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	netvwifimp.inf
		Hardware ID	{5d624f94-8850-40c3-a3fa-a4fd2080baf3}\vwifimp_wfd
		Location Information	VWiFi Bus 0

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Ports (COM & LPT) / Communications Port (COM1) ]

	Device Properties:
		Driver Description	Communications Port (COM1)
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	msports.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0501

	Device Resources:
		IRQ	04
		Port	03F8-03FF

[ Print queues / Fax ]

	Device Properties:
		Driver Description	Fax
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	printqueue.inf
		Hardware ID	PRINTENUM\microsoftmicrosoft_s7d14

[ Print queues / Microsoft Print to PDF ]

	Device Properties:
		Driver Description	Microsoft Print to PDF
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	printqueue.inf
		Hardware ID	PRINTENUM\{084f01fa-e634-4d77-83ee-074817c03581}

[ Print queues / Microsoft XPS Document Writer ]

	Device Properties:
		Driver Description	Microsoft XPS Document Writer
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	printqueue.inf
		Hardware ID	PRINTENUM\{0f4130dd-19c7-7ab6-99a1-980f03b2ee4e}

[ Print queues / Root Print Queue ]

	Device Properties:
		Driver Description	Root Print Queue
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	printqueue.inf
		Hardware ID	PRINTENUM\LocalPrintQueue

[ Processors / Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz ]

	Device Properties:
		Driver Description	Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz
		Driver Date	21/04/2009
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	cpu.inf
		Hardware ID	ACPI\GenuineIntel_-_Intel64_Family_6_Model_76

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel%20Atom%20x5-Z8500
		Driver Update	http://www.aida64.com/driver-updates

[ Processors / Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz ]

	Device Properties:
		Driver Description	Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz
		Driver Date	21/04/2009
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	cpu.inf
		Hardware ID	ACPI\GenuineIntel_-_Intel64_Family_6_Model_76

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel%20Atom%20x5-Z8500
		Driver Update	http://www.aida64.com/driver-updates

[ Processors / Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz ]

	Device Properties:
		Driver Description	Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz
		Driver Date	21/04/2009
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	cpu.inf
		Hardware ID	ACPI\GenuineIntel_-_Intel64_Family_6_Model_76

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel%20Atom%20x5-Z8500
		Driver Update	http://www.aida64.com/driver-updates

[ Processors / Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz ]

	Device Properties:
		Driver Description	Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz
		Driver Date	21/04/2009
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	cpu.inf
		Hardware ID	ACPI\GenuineIntel_-_Intel64_Family_6_Model_76

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel%20Atom%20x5-Z8500
		Driver Update	http://www.aida64.com/driver-updates

[ SD host adapters / Intel SD Host Controller ]

	Device Properties:
		Driver Description	Intel SD Host Controller
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	sdbus.inf
		Hardware ID	ACPI\VEN_8086&DEV_0F14&REV_0001

	Device Resources:
		IRQ	45
		Memory	91838000-91838FFF

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ SD host adapters / Intel SD Host Controller ]

	Device Properties:
		Driver Description	Intel SD Host Controller
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	sdbus.inf
		Hardware ID	ACPI\VEN_8086&DEV_0F14&REV_0001

	Device Resources:
		IRQ	46
		Memory	91836000-91836FFF

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ SD host adapters / Intel SD Host Controller ]

	Device Properties:
		Driver Description	Intel SD Host Controller
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	sdbus.inf
		Hardware ID	ACPI\VEN_8086&DEV_0F14&REV_0001

	Device Resources:
		IRQ	1038
		IRQ	47
		Memory	91834000-91834FFF

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Security devices / Trusted Platform Module 2.0 ]

	Device Properties:
		Driver Description	Trusted Platform Module 2.0
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	tpm.inf
		Hardware ID	ACPI\VEN_MSFT&DEV_0101

	Device Resources:
		Memory	7FF00000-7FF00FFF

[ Sensors / HID Advanced Sensor Collection V2 ]

	Device Properties:
		Driver Description	HID Advanced Sensor Collection V2
		Driver Date	02/07/2015
		Driver Version	2.0.0.3012
		Driver Provider	Intel Corporation
		INF File	oem12.inf
		Hardware ID	HID\Vid_8086&Pid_0002

[ Sensors / HID Advanced Sensor Collection ]

	Device Properties:
		Driver Description	HID Advanced Sensor Collection
		Driver Date	02/07/2015
		Driver Version	2.0.0.3012
		Driver Provider	Intel Corporation
		INF File	oem23.inf
		Hardware ID	HID\Vid_8086&Pid_8002

[ Sensors / HID Sensor Collection V2 ]

	Device Properties:
		Driver Description	HID Sensor Collection V2
		Driver Date	21/04/2009
		Driver Version	10.0.10240.16412
		Driver Provider	Microsoft
		INF File	SensorsHidClassDriver.inf
		Hardware ID	HID\Vid_8086&Pid_0001

[ Sensors / HID Sensor Collection V2 ]

	Device Properties:
		Driver Description	HID Sensor Collection V2
		Driver Date	21/04/2009
		Driver Version	10.0.10240.16412
		Driver Provider	Microsoft
		INF File	SensorsHidClassDriver.inf
		Hardware ID	HID\Vid_8086&Pid_0001

[ Sensors / HID Sensor Collection V2 ]

	Device Properties:
		Driver Description	HID Sensor Collection V2
		Driver Date	21/04/2009
		Driver Version	10.0.10240.16412
		Driver Provider	Microsoft
		INF File	SensorsHidClassDriver.inf
		Hardware ID	HID\Vid_8086&Pid_0001

[ Software devices / Bluetooth ]

	Device Properties:
		Driver Description	Bluetooth
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	c_swdevice.inf

[ Software devices / Lightweight Sensors Root Enumerator ]

	Device Properties:
		Driver Description	Lightweight Sensors Root Enumerator
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	c_swdevice.inf

[ Software devices / Microsoft Device Association Root Enumerator ]

	Device Properties:
		Driver Description	Microsoft Device Association Root Enumerator
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	c_swdevice.inf

[ Software devices / Microsoft GS Wavetable Synth ]

	Device Properties:
		Driver Description	Microsoft GS Wavetable Synth
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	c_swdevice.inf

[ Software devices / Microsoft IPv4 IPv6 Transition Adapter Bus ]

	Device Properties:
		Driver Description	Microsoft IPv4 IPv6 Transition Adapter Bus
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	c_swdevice.inf

[ Software devices / Microsoft Passport Container Enumeration Bus ]

	Device Properties:
		Driver Description	Microsoft Passport Container Enumeration Bus
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	c_swdevice.inf

[ Software devices / Microsoft Radio Device Enumeration Bus ]

	Device Properties:
		Driver Description	Microsoft Radio Device Enumeration Bus
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	c_swdevice.inf

[ Software devices / Smart Card Device Enumeration Bus ]

	Device Properties:
		Driver Description	Smart Card Device Enumeration Bus
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	c_swdevice.inf

[ Software devices / Wi-Fi ]

	Device Properties:
		Driver Description	Wi-Fi
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	c_swdevice.inf

[ Sound, video and game controllers / Intel SST Audio Device (WDM) ]

	Device Properties:
		Driver Description	Intel SST Audio Device (WDM)
		Driver Date	29/06/2015
		Driver Version	604.10135.6766.2749
		Driver Provider	Intel
		INF File	oem18.inf
		Hardware ID	ACPI\VEN_8086&DEV_22A8&SUBSYS_10431BDD

	Device Resources:
		IRQ	1025
		IRQ	24
		IRQ	25
		IRQ	26
		IRQ	27
		IRQ	28
		IRQ	29
		Memory	20000000-201FFFFF
		Memory	91400000-915FFFFF
		Memory	91832000-91832FFF

	Device Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		Driver Update	http://www.aida64.com/driver-updates

[ Sound, video and game controllers / Realtek I2S Audio Codec ]

	Device Properties:
		Driver Description	Realtek I2S Audio Codec
		Driver Date	09/07/2015
		Driver Version	6.4.10147.4290
		Driver Provider	REALTEK
		INF File	oem8.inf
		Hardware ID	ACPI\VEN_10EC&DEV_3270&SUBSYS_104314FF

	Device Resources:
		IRQ	1029

	Device Manufacturer:
		Company Name	Realtek Semiconductor Corp.
		Product Information	http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=8&PFid=14&Level=3&Conn=2
		Driver Download	http://www.realtek.com.tw/downloads
		Driver Update	http://www.aida64.com/driver-updates

[ Storage controllers / Microsoft Storage Spaces Controller ]

	Device Properties:
		Driver Description	Microsoft Storage Spaces Controller
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	spaceport.inf
		Hardware ID	Root\Spaceport

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Storage controllers / SD Storage Class Controller ]

	Device Properties:
		Driver Description	SD Storage Class Controller
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	sdstor.inf
		Hardware ID	SD\VID_15&OID_0000&PID_CGND3R&REV_0.1

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Storage volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	volume.inf
		Hardware ID	STORAGE\Volume

[ Storage volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	volume.inf
		Hardware ID	STORAGE\Volume

[ Storage volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	volume.inf
		Hardware ID	STORAGE\Volume

[ Storage volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	volume.inf
		Hardware ID	STORAGE\Volume

[ System devices / ACPI Fixed Feature Button ]

	Device Properties:
		Driver Description	ACPI Fixed Feature Button
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\FixedButton

[ System devices / ACPI Lid ]

	Device Properties:
		Driver Description	ACPI Lid
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C0D

[ System devices / ACPI Power Button ]

	Device Properties:
		Driver Description	ACPI Power Button
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C0C

[ System devices / ACPI Processor Aggregator ]

	Device Properties:
		Driver Description	ACPI Processor Aggregator
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	acpipagr.inf
		Hardware ID	ACPI\VEN_ACPI&DEV_000C

[ System devices / ACPI Sleep Button ]

	Device Properties:
		Driver Description	ACPI Sleep Button
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C0E

[ System devices / ACPI Thermal Zone ]

	Device Properties:
		Driver Description	ACPI Thermal Zone
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\ThermalZone

[ System devices / bcmfn2 Device ]

	Device Properties:
		Driver Description	bcmfn2 Device
		Driver Date	16/07/2015
		Driver Version	5.93.103.20
		Driver Provider	Broadcom
		INF File	oem27.inf
		Hardware ID	SD\VID_02d0&PID_a94d&FN_3

[ System devices / bcmfn2 Device ]

	Device Properties:
		Driver Description	bcmfn2 Device
		Driver Date	16/07/2015
		Driver Version	5.93.103.20
		Driver Provider	Broadcom
		INF File	oem27.inf
		Hardware ID	SD\VID_02d0&PID_a94d&FN_2

[ System devices / Broadcom Serial Bus Driver over UART Bus Enumerator ]

	Device Properties:
		Driver Description	Broadcom Serial Bus Driver over UART Bus Enumerator
		Driver Date	10/07/2015
		Driver Version	12.0.1.695
		Driver Provider	Broadcom
		INF File	oem7.inf
		Hardware ID	ACPI\VEN_BCM&DEV_2E72

	Device Resources:
		IRQ	1028

[ System devices / Camera Sensor ov5670 ]

	Device Properties:
		Driver Description	Camera Sensor ov5670
		Driver Date	02/07/2015
		Driver Version	21.10130.350.8554
		Driver Provider	Intel Corporation
		INF File	oem14.inf
		Hardware ID	ACPI\VEN_OVTI&DEV_5670&SUBSYS_1BDD1043

[ System devices / Camera Sensor Unicam hm2051 ]

	Device Properties:
		Driver Description	Camera Sensor Unicam hm2051
		Driver Date	30/06/2015
		Driver Version	1.0.10.1
		Driver Provider	Intel Corporation
		INF File	oem9.inf
		Hardware ID	ACPI\VEN_HIMX&DEV_2051&SUBSYS_1BDD1043

[ System devices / Composite Bus Enumerator ]

	Device Properties:
		Driver Description	Composite Bus Enumerator
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	compositebus.inf
		Hardware ID	ROOT\CompositeBus

[ System devices / High precision event timer ]

	Device Properties:
		Driver Description	High precision event timer
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0103

[ System devices / Intel Serial IO GPIO Controller ]

	Device Properties:
		Driver Description	Intel Serial IO GPIO Controller
		Driver Date	21/05/2015
		Driver Version	604.10146.2652.361
		Driver Provider	Intel Corporation
		INF File	oem11.inf
		Hardware ID	ACPI\VEN_INT&DEV_33FF

	Device Resources:
		IRQ	49
		Memory	FED80000-FED87FFF

[ System devices / Intel Serial IO GPIO Controller ]

	Device Properties:
		Driver Description	Intel Serial IO GPIO Controller
		Driver Date	21/05/2015
		Driver Version	604.10146.2652.361
		Driver Provider	Intel Corporation
		INF File	oem11.inf
		Hardware ID	ACPI\VEN_INT&DEV_33FF

	Device Resources:
		IRQ	50
		Memory	FED90000-FED97FFF

[ System devices / Intel Serial IO GPIO Controller ]

	Device Properties:
		Driver Description	Intel Serial IO GPIO Controller
		Driver Date	21/05/2015
		Driver Version	604.10146.2652.361
		Driver Provider	Intel Corporation
		INF File	oem11.inf
		Hardware ID	ACPI\VEN_INT&DEV_33FF

	Device Resources:
		IRQ	91
		Memory	FED98000-FED9FFFF

[ System devices / Intel Serial IO GPIO Controller ]

	Device Properties:
		Driver Description	Intel Serial IO GPIO Controller
		Driver Date	21/05/2015
		Driver Version	604.10146.2652.361
		Driver Provider	Intel Corporation
		INF File	oem11.inf
		Hardware ID	ACPI\VEN_INT&DEV_33FF

	Device Resources:
		IRQ	108
		Memory	FEDA0000-FEDA7FFF

[ System devices / Intel Serial IO GPIO Controller ]

	Device Properties:
		Driver Description	Intel Serial IO GPIO Controller
		Driver Date	21/05/2015
		Driver Version	604.10146.2652.361
		Driver Provider	Intel Corporation
		INF File	oem11.inf
		Hardware ID	ACPI\VEN_INT&DEV_33FF

	Device Resources:
		IRQ	48
		Memory	FED88000-FED8FFFF

[ System devices / Intel(R) Dynamic Platform & Thermal Framework Display Participant Driver ]

	Device Properties:
		Driver Description	Intel(R) Dynamic Platform & Thermal Framework Display Participant Driver
		Driver Date	10/06/2015
		Driver Version	604.10146.2651.1559
		Driver Provider	Intel
		INF File	oem19.inf
		Hardware ID	ACPI\VEN_INT&DEV_3406

[ System devices / Intel(R) Dynamic Platform & Thermal Framework Driver ]

	Device Properties:
		Driver Description	Intel(R) Dynamic Platform & Thermal Framework Driver
		Driver Date	10/06/2015
		Driver Version	604.10146.2651.1559
		Driver Provider	Intel
		INF File	oem19.inf
		Hardware ID	ACPI\VEN_INT&DEV_3400

[ System devices / Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver ]

	Device Properties:
		Driver Description	Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
		Driver Date	10/06/2015
		Driver Version	604.10146.2651.1559
		Driver Provider	Intel
		INF File	oem19.inf
		Hardware ID	ACPI\VEN_INT&DEV_3403

	Device Resources:
		IRQ	1024

[ System devices / Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver ]

	Device Properties:
		Driver Description	Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
		Driver Date	10/06/2015
		Driver Version	604.10146.2651.1559
		Driver Provider	Intel
		INF File	oem19.inf
		Hardware ID	ACPI\VEN_INT&DEV_3403

	Device Resources:
		IRQ	1036

[ System devices / Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver ]

	Device Properties:
		Driver Description	Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
		Driver Date	10/06/2015
		Driver Version	604.10146.2651.1559
		Driver Provider	Intel
		INF File	oem19.inf
		Hardware ID	ACPI\VEN_INT&DEV_3403

	Device Resources:
		IRQ	1037

[ System devices / Intel(R) Dynamic Platform & Thermal Framework Processor Participant Driver ]

	Device Properties:
		Driver Description	Intel(R) Dynamic Platform & Thermal Framework Processor Participant Driver
		Driver Date	10/06/2015
		Driver Version	604.10146.2651.1559
		Driver Provider	Intel
		INF File	oem19.inf
		Hardware ID	PCI\VEN_8086&DEV_22DC&SUBSYS_1BDD1043&REV_20
		Location Information	PCI bus 0, device 11, function 0
		PCI Device	Intel Cherry Trail / Braswell SoC - P-Unit

	Device Resources:
		IRQ	65536
		Memory	DFBFE000-DFBFEFFF

[ System devices / Intel(R) Imaging Signal Processor 2401 ]

	Device Properties:
		Driver Description	Intel(R) Imaging Signal Processor 2401
		Driver Date	02/07/2015
		Driver Version	21.10154.5886.364
		Driver Provider	Intel Corporation
		INF File	oem4.inf
		Hardware ID	PCI\VEN_8086&DEV_22B8&SUBSYS_1BDD1043&REV_20
		Location Information	PCI bus 0, device 3, function 0
		PCI Device	Intel Cherry Trail / Braswell SoC - Image Signal Processor

	Device Resources:
		IRQ	65536
		Memory	DFC00000-DFFFFFFF

[ System devices / Intel(R) Integrated Sensor Solution ]

	Device Properties:
		Driver Description	Intel(R) Integrated Sensor Solution
		Driver Date	02/07/2015
		Driver Version	2.0.0.3012
		Driver Provider	Intel
		INF File	oem22.inf
		Hardware ID	PCI\VEN_8086&DEV_22D8&SUBSYS_1BDD1043&REV_20
		Location Information	PCI bus 0, device 10, function 0
		PCI Device	Intel(R) Integrated Sensor Solution [8086-22D8] [NoDB]

	Device Resources:
		IRQ	20
		Memory	DFBFF000-DFBFFFFF

[ System devices / Intel(R) Power Engine Plug-in ]

	Device Properties:
		Driver Description	Intel(R) Power Engine Plug-in
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	intelpep.inf
		Hardware ID	ACPI\VEN_INT&DEV_33A4

[ System devices / Intel(R) Power Management IC Device ]

	Device Properties:
		Driver Description	Intel(R) Power Management IC Device
		Driver Date	25/05/2015
		Driver Version	604.10146.2656.541
		Driver Provider	Intel Corporation
		INF File	oem1.inf
		Hardware ID	ACPI\VEN_INT&DEV_33FD&REV_0003

	Device Resources:
		IRQ	1030

[ System devices / Intel(R) Serial IO I2C ES Controller ]

	Device Properties:
		Driver Description	Intel(R) Serial IO I2C ES Controller
		Driver Date	30/06/2015
		Driver Version	604.10146.2654.2819
		Driver Provider	Intel Corporation
		INF File	oem10.inf
		Hardware ID	ACPI\VEN_8086&DEV_22C1

	Device Resources:
		DMA	00
		DMA	01
		IRQ	-1853816800
		Memory	91830000-91830FFF

[ System devices / Intel(R) Serial IO I2C ES Controller ]

	Device Properties:
		Driver Description	Intel(R) Serial IO I2C ES Controller
		Driver Date	30/06/2015
		Driver Version	604.10146.2654.2819
		Driver Provider	Intel Corporation
		INF File	oem10.inf
		Hardware ID	ACPI\VEN_8086&DEV_22C1

	Device Resources:
		DMA	02
		DMA	03
		IRQ	4456481
		Memory	9182E000-9182EFFF

[ System devices / Intel(R) Serial IO I2C ES Controller ]

	Device Properties:
		Driver Description	Intel(R) Serial IO I2C ES Controller
		Driver Date	30/06/2015
		Driver Version	604.10146.2654.2819
		Driver Provider	Intel Corporation
		INF File	oem10.inf
		Hardware ID	ACPI\VEN_8086&DEV_22C1

	Device Resources:
		DMA	04
		DMA	05
		IRQ	-1853816798
		Memory	9182C000-9182CFFF

[ System devices / Intel(R) Serial IO I2C ES Controller ]

	Device Properties:
		Driver Description	Intel(R) Serial IO I2C ES Controller
		Driver Date	30/06/2015
		Driver Version	604.10146.2654.2819
		Driver Provider	Intel Corporation
		INF File	oem10.inf
		Hardware ID	ACPI\VEN_8086&DEV_22C1

	Device Resources:
		DMA	00
		DMA	01
		IRQ	4456484
		Memory	91828000-91828FFF

[ System devices / Intel(R) Serial IO I2C ES Controller ]

	Device Properties:
		Driver Description	Intel(R) Serial IO I2C ES Controller
		Driver Date	30/06/2015
		Driver Version	604.10146.2654.2819
		Driver Provider	Intel Corporation
		INF File	oem10.inf
		Hardware ID	ACPI\VEN_8086&DEV_22C1

	Device Resources:
		DMA	02
		DMA	03
		IRQ	37
		Memory	91826000-91826FFF

[ System devices / Intel(R) Serial IO I2C ES Controller ]

	Device Properties:
		Driver Description	Intel(R) Serial IO I2C ES Controller
		Driver Date	30/06/2015
		Driver Version	604.10146.2654.2819
		Driver Provider	Intel Corporation
		INF File	oem10.inf
		Hardware ID	ACPI\VEN_8086&DEV_22C1

	Device Resources:
		DMA	04
		DMA	05
		IRQ	-1853816794
		Memory	91824000-91824FFF

[ System devices / Intel(R) Serial IO I2C ES Controller ]

	Device Properties:
		Driver Description	Intel(R) Serial IO I2C ES Controller
		Driver Date	30/06/2015
		Driver Version	604.10146.2654.2819
		Driver Provider	Intel Corporation
		INF File	oem10.inf
		Hardware ID	ACPI\VEN_8086&DEV_22C1

	Device Resources:
		DMA	06
		DMA	07
		IRQ	7274531
		Memory	9182A000-9182AFFF

[ System devices / Intel(R) Serial IO SPI Controller ]

	Device Properties:
		Driver Description	Intel(R) Serial IO SPI Controller
		Driver Date	01/06/2015
		Driver Version	604.10146.2657.947
		Driver Provider	Intel Corporation
		INF File	oem15.inf
		Hardware ID	ACPI\VEN_8086&DEV_228E

	Device Resources:
		DMA	06
		DMA	07
		IRQ	89
		Memory	9181B000-9181BFFF

[ System devices / Intel(R) Serial IO SPI Controller ]

	Device Properties:
		Driver Description	Intel(R) Serial IO SPI Controller
		Driver Date	01/06/2015
		Driver Version	604.10146.2657.947
		Driver Provider	Intel Corporation
		INF File	oem15.inf
		Hardware ID	ACPI\VEN_8086&DEV_228E

	Device Resources:
		DMA	08
		DMA	09
		IRQ	90
		Memory	91819000-91819FFF

[ System devices / Intel(R) Serial IO SPI Controller ]

	Device Properties:
		Driver Description	Intel(R) Serial IO SPI Controller
		Driver Date	01/06/2015
		Driver Version	604.10146.2657.947
		Driver Provider	Intel Corporation
		INF File	oem15.inf
		Hardware ID	ACPI\VEN_8086&DEV_228E

	Device Resources:
		DMA	00
		DMA	01
		IRQ	41
		Memory	9181D000-9181DFFF

[ System devices / Intel(R) Serial IO UART Controller ]

	Device Properties:
		Driver Description	Intel(R) Serial IO UART Controller
		Driver Date	21/05/2015
		Driver Version	604.10146.2653.391
		Driver Provider	Intel Corporation
		INF File	oem13.inf
		Hardware ID	ACPI\VEN_8086&DEV_228A

	Device Resources:
		DMA	02
		DMA	03
		IRQ	39
		Memory	91821000-91821FFF

[ System devices / Intel(R) Serial IO UART Controller ]

	Device Properties:
		Driver Description	Intel(R) Serial IO UART Controller
		Driver Date	21/05/2015
		Driver Version	604.10146.2653.391
		Driver Provider	Intel Corporation
		INF File	oem13.inf
		Hardware ID	ACPI\VEN_8086&DEV_228A

	Device Resources:
		DMA	04
		DMA	05
		IRQ	40
		Memory	9181F000-9181FFFF

[ System devices / Intel(R) Sideband Fabric Device ]

	Device Properties:
		Driver Description	Intel(R) Sideband Fabric Device
		Driver Date	26/05/2015
		Driver Version	604.10146.2655.573
		Driver Provider	Intel Corporation
		INF File	oem16.inf
		Hardware ID	ACPI\VEN_INT&DEV_33BD&REV_0002

	Device Resources:
		Memory	E00000D0-E00000DF

[ System devices / Intel(R) Trusted Execution Engine Interface ]

	Device Properties:
		Driver Description	Intel(R) Trusted Execution Engine Interface
		Driver Date	16/06/2015
		Driver Version	2.0.0.1067
		Driver Provider	Intel
		INF File	oem24.inf
		Hardware ID	PCI\VEN_8086&DEV_2298&SUBSYS_1BDD1043&REV_20
		Location Information	PCI bus 0, device 26, function 0
		PCI Device	Intel Cherry Trail / Braswell SoC - Trusted Execution Engine

	Device Resources:
		IRQ	65536
		Memory	91600000-916FFFFF
		Memory	91700000-917FFFFF

[ System devices / ISS Dynamic Bus Enumerator ]

	Device Properties:
		Driver Description	ISS Dynamic Bus Enumerator
		Driver Date	02/07/2015
		Driver Version	2.0.0.3012
		Driver Provider	Intel
		INF File	oem0.inf
		Hardware ID	{DEA5AE2A-D1FD-438A-A091-CBD484788435}\ISH_BUS
		Location Information	ISH HECI BUS

[ System devices / Legacy device ]

	Device Properties:
		Driver Description	Legacy device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_INT&DEV_0800

[ System devices / Microsoft ACPI-Compliant System ]

	Device Properties:
		Driver Description	Microsoft ACPI-Compliant System
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16397
		Driver Provider	Microsoft
		INF File	acpi.inf
		Hardware ID	ACPI_HAL\PNP0C08
		PnP Device	ACPI Driver/BIOS

	Device Resources:
		IRQ	100
		IRQ	101
		IRQ	102
		IRQ	103
		IRQ	104
		IRQ	105
		IRQ	106
		IRQ	107
		IRQ	108
		IRQ	109
		IRQ	110
		IRQ	111
		IRQ	112
		IRQ	113
		IRQ	114
		IRQ	115
		IRQ	116
		IRQ	117
		IRQ	118
		IRQ	119
		IRQ	120
		IRQ	121
		IRQ	122
		IRQ	123
		IRQ	124
		IRQ	125
		IRQ	126
		IRQ	127
		IRQ	128
		IRQ	129
		IRQ	130
		IRQ	131
		IRQ	132
		IRQ	133
		IRQ	134
		IRQ	135
		IRQ	136
		IRQ	137
		IRQ	138
		IRQ	139
		IRQ	140
		IRQ	141
		IRQ	142
		IRQ	143
		IRQ	144
		IRQ	145
		IRQ	146
		IRQ	147
		IRQ	148
		IRQ	149
		IRQ	150
		IRQ	151
		IRQ	152
		IRQ	153
		IRQ	154
		IRQ	155
		IRQ	156
		IRQ	157
		IRQ	158
		IRQ	159
		IRQ	160
		IRQ	161
		IRQ	162
		IRQ	163
		IRQ	164
		IRQ	165
		IRQ	166
		IRQ	167
		IRQ	168
		IRQ	169
		IRQ	170
		IRQ	171
		IRQ	172
		IRQ	173
		IRQ	174
		IRQ	175
		IRQ	176
		IRQ	177
		IRQ	178
		IRQ	179
		IRQ	180
		IRQ	181
		IRQ	182
		IRQ	183
		IRQ	184
		IRQ	185
		IRQ	186
		IRQ	187
		IRQ	188
		IRQ	189
		IRQ	190
		IRQ	191
		IRQ	192
		IRQ	193
		IRQ	194
		IRQ	195
		IRQ	196
		IRQ	197
		IRQ	198
		IRQ	199
		IRQ	200
		IRQ	201
		IRQ	202
		IRQ	203
		IRQ	204
		IRQ	256
		IRQ	257
		IRQ	258
		IRQ	259
		IRQ	260
		IRQ	261
		IRQ	262
		IRQ	263
		IRQ	264
		IRQ	265
		IRQ	266
		IRQ	267
		IRQ	268
		IRQ	269
		IRQ	270
		IRQ	271
		IRQ	272
		IRQ	273
		IRQ	274
		IRQ	275
		IRQ	276
		IRQ	277
		IRQ	278
		IRQ	279
		IRQ	280
		IRQ	281
		IRQ	282
		IRQ	283
		IRQ	284
		IRQ	285
		IRQ	286
		IRQ	287
		IRQ	288
		IRQ	289
		IRQ	290
		IRQ	291
		IRQ	292
		IRQ	293
		IRQ	294
		IRQ	295
		IRQ	296
		IRQ	297
		IRQ	298
		IRQ	299
		IRQ	300
		IRQ	301
		IRQ	302
		IRQ	303
		IRQ	304
		IRQ	305
		IRQ	306
		IRQ	307
		IRQ	308
		IRQ	309
		IRQ	310
		IRQ	311
		IRQ	312
		IRQ	313
		IRQ	314
		IRQ	315
		IRQ	316
		IRQ	317
		IRQ	318
		IRQ	319
		IRQ	320
		IRQ	321
		IRQ	322
		IRQ	323
		IRQ	324
		IRQ	325
		IRQ	326
		IRQ	327
		IRQ	328
		IRQ	329
		IRQ	330
		IRQ	331
		IRQ	332
		IRQ	333
		IRQ	334
		IRQ	335
		IRQ	336
		IRQ	337
		IRQ	338
		IRQ	339
		IRQ	340
		IRQ	341
		IRQ	342
		IRQ	343
		IRQ	344
		IRQ	345
		IRQ	346
		IRQ	347
		IRQ	348
		IRQ	349
		IRQ	350
		IRQ	351
		IRQ	352
		IRQ	353
		IRQ	354
		IRQ	355
		IRQ	356
		IRQ	357
		IRQ	358
		IRQ	359
		IRQ	360
		IRQ	361
		IRQ	362
		IRQ	363
		IRQ	364
		IRQ	365
		IRQ	366
		IRQ	367
		IRQ	368
		IRQ	369
		IRQ	370
		IRQ	371
		IRQ	372
		IRQ	373
		IRQ	374
		IRQ	375
		IRQ	376
		IRQ	377
		IRQ	378
		IRQ	379
		IRQ	380
		IRQ	381
		IRQ	382
		IRQ	383
		IRQ	384
		IRQ	385
		IRQ	386
		IRQ	387
		IRQ	388
		IRQ	389
		IRQ	390
		IRQ	391
		IRQ	392
		IRQ	393
		IRQ	394
		IRQ	395
		IRQ	396
		IRQ	397
		IRQ	398
		IRQ	399
		IRQ	400
		IRQ	401
		IRQ	402
		IRQ	403
		IRQ	404
		IRQ	405
		IRQ	406
		IRQ	407
		IRQ	408
		IRQ	409
		IRQ	410
		IRQ	411
		IRQ	412
		IRQ	413
		IRQ	414
		IRQ	415
		IRQ	416
		IRQ	417
		IRQ	418
		IRQ	419
		IRQ	420
		IRQ	421
		IRQ	422
		IRQ	423
		IRQ	424
		IRQ	425
		IRQ	426
		IRQ	427
		IRQ	428
		IRQ	429
		IRQ	430
		IRQ	431
		IRQ	432
		IRQ	433
		IRQ	434
		IRQ	435
		IRQ	436
		IRQ	437
		IRQ	438
		IRQ	439
		IRQ	440
		IRQ	441
		IRQ	442
		IRQ	443
		IRQ	444
		IRQ	445
		IRQ	446
		IRQ	447
		IRQ	448
		IRQ	449
		IRQ	450
		IRQ	451
		IRQ	452
		IRQ	453
		IRQ	454
		IRQ	455
		IRQ	456
		IRQ	457
		IRQ	458
		IRQ	459
		IRQ	460
		IRQ	461
		IRQ	462
		IRQ	463
		IRQ	464
		IRQ	465
		IRQ	466
		IRQ	467
		IRQ	468
		IRQ	469
		IRQ	470
		IRQ	471
		IRQ	472
		IRQ	473
		IRQ	474
		IRQ	475
		IRQ	476
		IRQ	477
		IRQ	478
		IRQ	479
		IRQ	480
		IRQ	481
		IRQ	482
		IRQ	483
		IRQ	484
		IRQ	485
		IRQ	486
		IRQ	487
		IRQ	488
		IRQ	489
		IRQ	490
		IRQ	491
		IRQ	492
		IRQ	493
		IRQ	494
		IRQ	495
		IRQ	496
		IRQ	497
		IRQ	498
		IRQ	499
		IRQ	500
		IRQ	501
		IRQ	502
		IRQ	503
		IRQ	504
		IRQ	505
		IRQ	506
		IRQ	507
		IRQ	508
		IRQ	509
		IRQ	510
		IRQ	511
		IRQ	54
		IRQ	55
		IRQ	56
		IRQ	57
		IRQ	58
		IRQ	59
		IRQ	60
		IRQ	61
		IRQ	62
		IRQ	63
		IRQ	64
		IRQ	65
		IRQ	66
		IRQ	67
		IRQ	68
		IRQ	69
		IRQ	70
		IRQ	71
		IRQ	72
		IRQ	73
		IRQ	74
		IRQ	75
		IRQ	76
		IRQ	77
		IRQ	78
		IRQ	79
		IRQ	80
		IRQ	81
		IRQ	82
		IRQ	83
		IRQ	84
		IRQ	85
		IRQ	86
		IRQ	87
		IRQ	88
		IRQ	89
		IRQ	90
		IRQ	91
		IRQ	92
		IRQ	93
		IRQ	94
		IRQ	95
		IRQ	96
		IRQ	97
		IRQ	98
		IRQ	99

[ System devices / Microsoft Basic Display Driver ]

	Device Properties:
		Driver Description	Microsoft Basic Display Driver
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	basicdisplay.inf
		Hardware ID	ROOT\BasicDisplay

[ System devices / Microsoft Basic Render Driver ]

	Device Properties:
		Driver Description	Microsoft Basic Render Driver
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	basicrender.inf
		Hardware ID	ROOT\BasicRender

[ System devices / Microsoft System Management BIOS Driver ]

	Device Properties:
		Driver Description	Microsoft System Management BIOS Driver
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	mssmbios.inf
		Hardware ID	ROOT\mssmbios

[ System devices / Microsoft UEFI-Compliant System ]

	Device Properties:
		Driver Description	Microsoft UEFI-Compliant System
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	uefi.inf
		Hardware ID	ACPI_HAL\UEFI

[ System devices / Microsoft Virtual Drive Enumerator ]

	Device Properties:
		Driver Description	Microsoft Virtual Drive Enumerator
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	vdrvroot.inf
		Hardware ID	ROOT\vdrvroot

[ System devices / Microsoft Windows Management Interface for ACPI ]

	Device Properties:
		Driver Description	Microsoft Windows Management Interface for ACPI
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	wmiacpi.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C14

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C02

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C02

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C02

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C02

[ System devices / NDIS Virtual Network Adapter Enumerator ]

	Device Properties:
		Driver Description	NDIS Virtual Network Adapter Enumerator
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	ndisvirtualbus.inf
		Hardware ID	ROOT\NdisVirtualBus

[ System devices / PCI Express Root Complex ]

	Device Properties:
		Driver Description	PCI Express Root Complex
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16390
		Driver Provider	Microsoft
		INF File	pci.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0A08

	Device Resources:
		Memory	000A0000-000BFFFF
		Memory	000C0000-000DFFFF
		Memory	000E0000-000FFFFF
		Memory	20000000-201FFFFF
		Memory	7CC00001-7EC00000
		Memory	80000000-DFFFFFFF
		Port	0000-006F
		Port	0078-0CF7
		Port	0D00-FFFF

[ System devices / PCI standard host CPU bridge ]

	Device Properties:
		Driver Description	PCI standard host CPU bridge
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	PCI\VEN_8086&DEV_2280&SUBSYS_1BDD1043&REV_20
		Location Information	PCI bus 0, device 0, function 0
		PCI Device	Intel Cherry Trail / Braswell SoC - Transaction Router

[ System devices / PCI standard ISA bridge ]

	Device Properties:
		Driver Description	PCI standard ISA bridge
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	PCI\VEN_8086&DEV_229C&SUBSYS_1BDD1043&REV_20
		Location Information	PCI bus 0, device 31, function 0
		PCI Device	Intel Cherry Trail / Braswell SoC - Platform Controller Unit - LPC

[ System devices / Plug and Play Software Device Enumerator ]

	Device Properties:
		Driver Description	Plug and Play Software Device Enumerator
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	swenum.inf
		Hardware ID	ROOT\SWENUM

[ System devices / Programmable interrupt controller ]

	Device Properties:
		Driver Description	Programmable interrupt controller
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0000

[ System devices / Remote Desktop Device Redirector Bus ]

	Device Properties:
		Driver Description	Remote Desktop Device Redirector Bus
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	rdpbus.inf
		Hardware ID	ROOT\RDPBUS

[ System devices / System CMOS/real time clock ]

	Device Properties:
		Driver Description	System CMOS/real time clock
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0B00

	Device Resources:
		Port	0070-0077

[ System devices / System timer ]

	Device Properties:
		Driver Description	System timer
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0100

[ System devices / UMBus Root Bus Enumerator ]

	Device Properties:
		Driver Description	UMBus Root Bus Enumerator
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	umbus.inf
		Hardware ID	root\umbus

[ System devices / Volume Manager ]

	Device Properties:
		Driver Description	Volume Manager
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	volmgr.inf
		Hardware ID	ROOT\VOLMGR

[ Universal Serial Bus controllers / Generic USB Hub ]

	Device Properties:
		Driver Description	Generic USB Hub
		Driver Date	02/08/2015
		Driver Version	10.0.10240.16425
		Driver Provider	Microsoft
		INF File	usbhub3.inf
		Hardware ID	USB\VID_05E3&PID_0610&REV_3298
		Location Information	Port_#0003.Hub_#0001

[ Universal Serial Bus controllers / Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft) ]

	Device Properties:
		Driver Description	Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)
		Driver Date	09/07/2015
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	usbxhci.inf
		Hardware ID	PCI\VEN_8086&DEV_22B5&SUBSYS_1BDD1043&REV_20
		Location Information	PCI bus 0, device 20, function 0
		PCI Device	Intel Cherry Trail / Braswell SoC - USB 3.0 xHCI Controller

	Device Resources:
		IRQ	65536
		Memory	91800000-9180FFFF

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ Universal Serial Bus controllers / USB Composite Device ]

	Device Properties:
		Driver Description	USB Composite Device
		Driver Date	21/06/2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	usb.inf
		Hardware ID	USB\VID_0B05&PID_1807&REV_0011
		Location Information	Port_#0003.Hub_#0002

[ Universal Serial Bus controllers / USB Root Hub (xHCI) ]

	Device Properties:
		Driver Description	USB Root Hub (xHCI)
		Driver Date	02/08/2015
		Driver Version	10.0.10240.16425
		Driver Provider	Microsoft
		INF File	usbhub3.inf
		Hardware ID	USB\ROOT_HUB30&VID8086&PID22B5&REV0020

[ Unknown / Unknown ]

	Device Properties:
		Driver Description	Unknown

Physical Devices


PCI Devices:
	Bus 0, Device 2, Function 0	Intel Cherry Trail / Braswell SoC - Integrated Graphics Controller (16 EU)
	Bus 0, Device 31, Function 0	Intel Cherry Trail / Braswell SoC - Platform Controller Unit - LPC
	Bus 0, Device 11, Function 0	Intel Cherry Trail / Braswell SoC - P-Unit
	Bus 0, Device 0, Function 0	Intel Cherry Trail / Braswell SoC - Transaction Router
	Bus 0, Device 26, Function 0	Intel Cherry Trail / Braswell SoC - Trusted Execution Engine
	Bus 0, Device 20, Function 0	Intel Cherry Trail / Braswell SoC - USB 3.0 xHCI Controller
	Bus 0, Device 10, Function 0	Intel(R) Integrated Sensor Solution [8086-22D8] [NoDB]

PnP Devices:
	PNP0501	16550A-compatible UART Serial Port
	PNP0C08	ACPI Driver/BIOS
	FIXEDBUTTON	ACPI Fixed Feature Button
	PNP0C14	ACPI Management Interface
	ACPI000C	ACPI Processor Aggregator
	THERMALZONE	ACPI Thermal Zone
	PNP0A08	ACPI Three-wire Device Bus
	BCM2E72	Broadcom Serial Bus Driver over UART Bus Enumerator [NoDB]
	OVTI5670	Camera Sensor ov5670
	HIMX2051	Camera Sensor Unicam hm2051
	PNP0C0A	Control Method Battery
	ACPI0011	HID Button over Interrupt Driver
	PNP0103	High Precision Event Timer
	SIS0457	I2C HID Device [NoDB]
	INT3406	Intel Dynamic Platform & Thermal Framework Display Participant
	INT3403	Intel Dynamic Platform & Thermal Framework Generic Participant
	INT3403	Intel Dynamic Platform & Thermal Framework Generic Participant
	INT3403	Intel Dynamic Platform & Thermal Framework Generic Participant
	INT3400	Intel Dynamic Platform & Thermal Framework
	INT0800	Intel Flash EEPROM
	INT33D3	Intel GPIO Button
	INT33D5	Intel HID Event Filter
	INT33BD	Intel MBI Sideband Fabric Device
	INT33FD	Intel Power Management IC Device
	80860F14	Intel SD Host Controller
	80860F14	Intel SD Host Controller
	80860F14	Intel SD Host Controller
	INT33FF	Intel Serial IO GPIO Controller
	INT33FF	Intel Serial IO GPIO Controller
	INT33FF	Intel Serial IO GPIO Controller
	INT33FF	Intel Serial IO GPIO Controller
	INT33FF	Intel Serial IO GPIO Controller
	808622A8	Intel SST Audio Device (WDM)
	GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_76_-_______INTEL(R)_ATOM(TM)_X5-Z8500__CPU_@_1.44GHZ	Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz
	GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_76_-_______INTEL(R)_ATOM(TM)_X5-Z8500__CPU_@_1.44GHZ	Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz
	GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_76_-_______INTEL(R)_ATOM(TM)_X5-Z8500__CPU_@_1.44GHZ	Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz
	GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_76_-_______INTEL(R)_ATOM(TM)_X5-Z8500__CPU_@_1.44GHZ	Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz
	INT33A4	Intel(R) Power Engine Plug-in [NoDB]
	INTL9C60	Intel(R) Serial IO DMA Controller
	INTL9C60	Intel(R) Serial IO DMA Controller
	808622C1	Intel(R) Serial IO I2C ES Controller
	808622C1	Intel(R) Serial IO I2C ES Controller
	808622C1	Intel(R) Serial IO I2C ES Controller
	808622C1	Intel(R) Serial IO I2C ES Controller
	808622C1	Intel(R) Serial IO I2C ES Controller
	808622C1	Intel(R) Serial IO I2C ES Controller
	808622C1	Intel(R) Serial IO I2C ES Controller
	8086228E	Intel(R) Serial IO SPI Controller
	8086228E	Intel(R) Serial IO SPI Controller
	8086228E	Intel(R) Serial IO SPI Controller
	8086228A	Intel(R) Serial IO UART Controller
	8086228A	Intel(R) Serial IO UART Controller
	PNP0C0D	Lid
	ACPI0003	Microsoft AC Adapter
	UEFI	Microsoft UEFI-Compliant System
	PNP0C0C	Power Button
	PNP0000	Programmable Interrupt Controller
	10EC3270	Realtek I2S Audio Codec
	PNP0B00	Real-Time Clock
	PNP0C0E	Sleep Button
	PNP0100	System Timer
	PNP0C02	Thermal Monitoring ACPI Device
	PNP0C02	Thermal Monitoring ACPI Device
	PNP0C02	Thermal Monitoring ACPI Device
	PNP0C02	Thermal Monitoring ACPI Device
	MSFT0101	Trusted Platform Module 2.0

USB Devices:
	05E3 0610	Generic USB Hub
	0B05 1807	USB Composite Device
	0458 003A	USB Input Device
	0B05 1807	USB Input Device
	0B05 1807	USB Input Device
	0B05 1807	USB Input Device

Ports:
	COM1	Communications Port (COM1)

PCI Devices


[ Intel Cherry Trail / Braswell SoC - Integrated Graphics Controller (16 EU) ]

	Device Properties:
		Device Description	Intel Cherry Trail / Braswell SoC - Integrated Graphics Controller (16 EU)
		Bus Type	PCI
		Bus / Device / Function	0 / 2 / 0
		Device ID	8086-22B0
		Subsystem ID	1043-1BDD
		Device Class	0300 (VGA Display Controller)
		Revision	20
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

	Video Adapter Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

[ Intel Cherry Trail / Braswell SoC - Platform Controller Unit - LPC ]

	Device Properties:
		Device Description	Intel Cherry Trail / Braswell SoC - Platform Controller Unit - LPC
		Bus Type	PCI
		Bus / Device / Function	0 / 31 / 0
		Device ID	8086-229C
		Subsystem ID	1043-1BDD
		Device Class	0601 (PCI/ISA Bridge)
		Revision	20
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Cherry Trail / Braswell SoC - P-Unit ]

	Device Properties:
		Device Description	Intel Cherry Trail / Braswell SoC - P-Unit
		Bus Type	PCI
		Bus / Device / Function	0 / 11 / 0
		Device ID	8086-22DC
		Subsystem ID	1043-1BDD
		Device Class	1180 (Data Acquisition / Signal Processing Controller)
		Revision	20
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Cherry Trail / Braswell SoC - Transaction Router ]

	Device Properties:
		Device Description	Intel Cherry Trail / Braswell SoC - Transaction Router
		Bus Type	PCI
		Bus / Device / Function	0 / 0 / 0
		Device ID	8086-2280
		Subsystem ID	1043-1BDD
		Device Class	0600 (Host/PCI Bridge)
		Revision	20
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Cherry Trail / Braswell SoC - Trusted Execution Engine ]

	Device Properties:
		Device Description	Intel Cherry Trail / Braswell SoC - Trusted Execution Engine
		Bus Type	PCI
		Bus / Device / Function	0 / 26 / 0
		Device ID	8086-2298
		Subsystem ID	1043-1BDD
		Device Class	1080 (En/decryption Controller)
		Revision	20
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Disabled

[ Intel Cherry Trail / Braswell SoC - USB 3.0 xHCI Controller ]

	Device Properties:
		Device Description	Intel Cherry Trail / Braswell SoC - USB 3.0 xHCI Controller
		Bus Type	PCI
		Bus / Device / Function	0 / 20 / 0
		Device ID	8086-22B5
		Subsystem ID	1043-1BDD
		Device Class	0C03 (USB Controller)
		Revision	20
		Fast Back-to-Back Transactions	Supported, Disabled

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel(R) Integrated Sensor Solution [8086-22D8] [NoDB] ]

	Device Properties:
		Device Description	Intel(R) Integrated Sensor Solution [8086-22D8] [NoDB]
		Bus Type	PCI
		Bus / Device / Function	0 / 10 / 0
		Device ID	8086-22D8
		Subsystem ID	1043-1BDD
		Revision	20
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

USB Devices


[ Generic USB Hub (USB2.0 Hub) ]

	Device Properties:
		Device Description	Generic USB Hub
		Device ID	05E3-0610
		Device Class	09 / 00 (Hi-Speed Hub with multiple TTs)
		Device Protocol	02
		Product	USB2.0 Hub
		Supported USB Version	2.00
		Current Speed	High (USB 2.0)

[ USB Input Device (Optical Mouse) ]

	Device Properties:
		Device Description	USB Input Device
		Device ID	0458-003A
		Device Class	03 / 01 (Human Interface Device)
		Device Protocol	02
		Manufacturer	Genius
		Product	Optical Mouse
		Supported USB Version	1.10
		Current Speed	Low (USB 1.1)

[ USB Composite Device ]

	Device Properties:
		Device Description	USB Composite Device
		Device ID	0B05-1807
		Device Class	03 / 01 (Human Interface Device)
		Device Protocol	01
		Supported USB Version	2.00
		Current Speed	Full (USB 1.1)

Device Resources


Resource	Share	Device Description
DMA 00	Exclusive	Intel(R) Serial IO I2C ES Controller
DMA 00	Exclusive	Intel(R) Serial IO I2C ES Controller
DMA 00	Exclusive	Intel(R) Serial IO SPI Controller
DMA 01	Exclusive	Intel(R) Serial IO I2C ES Controller
DMA 01	Exclusive	Intel(R) Serial IO I2C ES Controller
DMA 01	Exclusive	Intel(R) Serial IO SPI Controller
DMA 02	Exclusive	Intel(R) Serial IO I2C ES Controller
DMA 02	Exclusive	Intel(R) Serial IO I2C ES Controller
DMA 02	Exclusive	Intel(R) Serial IO UART Controller
DMA 03	Exclusive	Intel(R) Serial IO I2C ES Controller
DMA 03	Exclusive	Intel(R) Serial IO I2C ES Controller
DMA 03	Exclusive	Intel(R) Serial IO UART Controller
DMA 04	Exclusive	Intel(R) Serial IO I2C ES Controller
DMA 04	Exclusive	Intel(R) Serial IO I2C ES Controller
DMA 04	Exclusive	Intel(R) Serial IO UART Controller
DMA 05	Exclusive	Intel(R) Serial IO I2C ES Controller
DMA 05	Exclusive	Intel(R) Serial IO I2C ES Controller
DMA 05	Exclusive	Intel(R) Serial IO UART Controller
DMA 06	Exclusive	Intel(R) Serial IO I2C ES Controller
DMA 06	Exclusive	Intel(R) Serial IO SPI Controller
DMA 07	Exclusive	Intel(R) Serial IO I2C ES Controller
DMA 07	Exclusive	Intel(R) Serial IO SPI Controller
DMA 08	Exclusive	Intel(R) Serial IO SPI Controller
DMA 09	Exclusive	Intel(R) Serial IO SPI Controller
IRQ 04	Exclusive	Communications Port (COM1)
IRQ 100	Exclusive	Microsoft ACPI-Compliant System
IRQ 101	Exclusive	Microsoft ACPI-Compliant System
IRQ 102	Exclusive	Microsoft ACPI-Compliant System
IRQ 1024	Exclusive	Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
IRQ 1025	Exclusive	Intel SST Audio Device (WDM)
IRQ 1028	Exclusive	Broadcom Serial Bus Driver over UART Bus Enumerator
IRQ 1029	Exclusive	Realtek I2S Audio Codec
IRQ 103	Exclusive	Microsoft ACPI-Compliant System
IRQ 1030	Shared	Intel(R) Power Management IC Device
IRQ 1031	Exclusive	HID Button over Interrupt Driver
IRQ 1032	Exclusive	HID Button over Interrupt Driver
IRQ 1033	Exclusive	HID Button over Interrupt Driver
IRQ 1034	Exclusive	HID Button over Interrupt Driver
IRQ 1035	Exclusive	HID Button over Interrupt Driver
IRQ 1036	Exclusive	Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
IRQ 1037	Exclusive	Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
IRQ 1038	Shared	Intel SD Host Controller
IRQ 1039	Shared	I2C HID Device
IRQ 104	Exclusive	Microsoft ACPI-Compliant System
IRQ 1040	Exclusive	Broadcom 802.11abgn Wireless SDIO Adapter
IRQ 105	Exclusive	Microsoft ACPI-Compliant System
IRQ 106	Exclusive	Microsoft ACPI-Compliant System
IRQ 107	Exclusive	Microsoft ACPI-Compliant System
IRQ 108	Exclusive	Microsoft ACPI-Compliant System
IRQ 108	Shared	Intel Serial IO GPIO Controller
IRQ 109	Exclusive	Microsoft ACPI-Compliant System
IRQ 110	Exclusive	Microsoft ACPI-Compliant System
IRQ 111	Exclusive	Microsoft ACPI-Compliant System
IRQ 112	Exclusive	Microsoft ACPI-Compliant System
IRQ 113	Exclusive	Microsoft ACPI-Compliant System
IRQ 114	Exclusive	Microsoft ACPI-Compliant System
IRQ 115	Exclusive	Microsoft ACPI-Compliant System
IRQ 116	Exclusive	Microsoft ACPI-Compliant System
IRQ 117	Exclusive	Microsoft ACPI-Compliant System
IRQ 118	Exclusive	Microsoft ACPI-Compliant System
IRQ 119	Exclusive	Microsoft ACPI-Compliant System
IRQ 120	Exclusive	Microsoft ACPI-Compliant System
IRQ 121	Exclusive	Microsoft ACPI-Compliant System
IRQ 122	Exclusive	Microsoft ACPI-Compliant System
IRQ 123	Exclusive	Microsoft ACPI-Compliant System
IRQ 124	Exclusive	Microsoft ACPI-Compliant System
IRQ 125	Exclusive	Microsoft ACPI-Compliant System
IRQ 126	Exclusive	Microsoft ACPI-Compliant System
IRQ 127	Exclusive	Microsoft ACPI-Compliant System
IRQ 128	Exclusive	Microsoft ACPI-Compliant System
IRQ 129	Exclusive	Microsoft ACPI-Compliant System
IRQ 130	Exclusive	Microsoft ACPI-Compliant System
IRQ 131	Exclusive	Microsoft ACPI-Compliant System
IRQ 132	Exclusive	Microsoft ACPI-Compliant System
IRQ 133	Exclusive	Microsoft ACPI-Compliant System
IRQ 134	Exclusive	Microsoft ACPI-Compliant System
IRQ 135	Exclusive	Microsoft ACPI-Compliant System
IRQ 136	Exclusive	Microsoft ACPI-Compliant System
IRQ 137	Exclusive	Microsoft ACPI-Compliant System
IRQ 138	Exclusive	Microsoft ACPI-Compliant System
IRQ 139	Exclusive	Microsoft ACPI-Compliant System
IRQ 140	Exclusive	Microsoft ACPI-Compliant System
IRQ 141	Exclusive	Microsoft ACPI-Compliant System
IRQ 142	Exclusive	Microsoft ACPI-Compliant System
IRQ 143	Exclusive	Microsoft ACPI-Compliant System
IRQ 144	Exclusive	Microsoft ACPI-Compliant System
IRQ 145	Exclusive	Microsoft ACPI-Compliant System
IRQ 146	Exclusive	Microsoft ACPI-Compliant System
IRQ 147	Exclusive	Microsoft ACPI-Compliant System
IRQ 148	Exclusive	Microsoft ACPI-Compliant System
IRQ 149	Exclusive	Microsoft ACPI-Compliant System
IRQ 150	Exclusive	Microsoft ACPI-Compliant System
IRQ 151	Exclusive	Microsoft ACPI-Compliant System
IRQ 152	Exclusive	Microsoft ACPI-Compliant System
IRQ 153	Exclusive	Microsoft ACPI-Compliant System
IRQ 154	Exclusive	Microsoft ACPI-Compliant System
IRQ 155	Exclusive	Microsoft ACPI-Compliant System
IRQ 156	Exclusive	Microsoft ACPI-Compliant System
IRQ 157	Exclusive	Microsoft ACPI-Compliant System
IRQ 158	Exclusive	Microsoft ACPI-Compliant System
IRQ 159	Exclusive	Microsoft ACPI-Compliant System
IRQ 160	Exclusive	Microsoft ACPI-Compliant System
IRQ 161	Exclusive	Microsoft ACPI-Compliant System
IRQ 162	Exclusive	Microsoft ACPI-Compliant System
IRQ 163	Exclusive	Microsoft ACPI-Compliant System
IRQ 164	Exclusive	Microsoft ACPI-Compliant System
IRQ 165	Exclusive	Microsoft ACPI-Compliant System
IRQ 166	Exclusive	Microsoft ACPI-Compliant System
IRQ 167	Exclusive	Microsoft ACPI-Compliant System
IRQ 168	Exclusive	Microsoft ACPI-Compliant System
IRQ 169	Exclusive	Microsoft ACPI-Compliant System
IRQ 170	Exclusive	Microsoft ACPI-Compliant System
IRQ 171	Exclusive	Microsoft ACPI-Compliant System
IRQ 172	Exclusive	Microsoft ACPI-Compliant System
IRQ 173	Exclusive	Microsoft ACPI-Compliant System
IRQ 174	Exclusive	Microsoft ACPI-Compliant System
IRQ 175	Exclusive	Microsoft ACPI-Compliant System
IRQ 176	Exclusive	Microsoft ACPI-Compliant System
IRQ 177	Exclusive	Microsoft ACPI-Compliant System
IRQ 178	Exclusive	Microsoft ACPI-Compliant System
IRQ 179	Exclusive	Microsoft ACPI-Compliant System
IRQ 180	Exclusive	Microsoft ACPI-Compliant System
IRQ 181	Exclusive	Microsoft ACPI-Compliant System
IRQ 182	Exclusive	Microsoft ACPI-Compliant System
IRQ 183	Exclusive	Microsoft ACPI-Compliant System
IRQ 184	Exclusive	Microsoft ACPI-Compliant System
IRQ 185	Exclusive	Microsoft ACPI-Compliant System
IRQ -1853816794	Exclusive	Intel(R) Serial IO I2C ES Controller
IRQ -1853816798	Exclusive	Intel(R) Serial IO I2C ES Controller
IRQ -1853816800	Exclusive	Intel(R) Serial IO I2C ES Controller
IRQ 186	Exclusive	Microsoft ACPI-Compliant System
IRQ 187	Exclusive	Microsoft ACPI-Compliant System
IRQ 188	Exclusive	Microsoft ACPI-Compliant System
IRQ 189	Exclusive	Microsoft ACPI-Compliant System
IRQ 190	Exclusive	Microsoft ACPI-Compliant System
IRQ 191	Exclusive	Microsoft ACPI-Compliant System
IRQ 192	Exclusive	Microsoft ACPI-Compliant System
IRQ 193	Exclusive	Microsoft ACPI-Compliant System
IRQ 194	Exclusive	Microsoft ACPI-Compliant System
IRQ 195	Exclusive	Microsoft ACPI-Compliant System
IRQ 196	Exclusive	Microsoft ACPI-Compliant System
IRQ 197	Exclusive	Microsoft ACPI-Compliant System
IRQ 198	Exclusive	Microsoft ACPI-Compliant System
IRQ 199	Exclusive	Microsoft ACPI-Compliant System
IRQ 20	Shared	Intel(R) Integrated Sensor Solution
IRQ 200	Exclusive	Microsoft ACPI-Compliant System
IRQ 201	Exclusive	Microsoft ACPI-Compliant System
IRQ 202	Exclusive	Microsoft ACPI-Compliant System
IRQ 203	Exclusive	Microsoft ACPI-Compliant System
IRQ 204	Exclusive	Microsoft ACPI-Compliant System
IRQ 24	Exclusive	Intel SST Audio Device (WDM)
IRQ 25	Exclusive	Intel SST Audio Device (WDM)
IRQ 256	Exclusive	Microsoft ACPI-Compliant System
IRQ 257	Exclusive	Microsoft ACPI-Compliant System
IRQ 258	Exclusive	Microsoft ACPI-Compliant System
IRQ 259	Exclusive	Microsoft ACPI-Compliant System
IRQ 26	Exclusive	Intel SST Audio Device (WDM)
IRQ 260	Exclusive	Microsoft ACPI-Compliant System
IRQ 261	Exclusive	Microsoft ACPI-Compliant System
IRQ 262	Exclusive	Microsoft ACPI-Compliant System
IRQ 263	Exclusive	Microsoft ACPI-Compliant System
IRQ 264	Exclusive	Microsoft ACPI-Compliant System
IRQ 265	Exclusive	Microsoft ACPI-Compliant System
IRQ 266	Exclusive	Microsoft ACPI-Compliant System
IRQ 267	Exclusive	Microsoft ACPI-Compliant System
IRQ 268	Exclusive	Microsoft ACPI-Compliant System
IRQ 269	Exclusive	Microsoft ACPI-Compliant System
IRQ 27	Exclusive	Intel SST Audio Device (WDM)
IRQ 270	Exclusive	Microsoft ACPI-Compliant System
IRQ 271	Exclusive	Microsoft ACPI-Compliant System
IRQ 272	Exclusive	Microsoft ACPI-Compliant System
IRQ 273	Exclusive	Microsoft ACPI-Compliant System
IRQ 274	Exclusive	Microsoft ACPI-Compliant System
IRQ 275	Exclusive	Microsoft ACPI-Compliant System
IRQ 276	Exclusive	Microsoft ACPI-Compliant System
IRQ 277	Exclusive	Microsoft ACPI-Compliant System
IRQ 278	Exclusive	Microsoft ACPI-Compliant System
IRQ 279	Exclusive	Microsoft ACPI-Compliant System
IRQ 28	Exclusive	Intel SST Audio Device (WDM)
IRQ 280	Exclusive	Microsoft ACPI-Compliant System
IRQ 281	Exclusive	Microsoft ACPI-Compliant System
IRQ 282	Exclusive	Microsoft ACPI-Compliant System
IRQ 283	Exclusive	Microsoft ACPI-Compliant System
IRQ 284	Exclusive	Microsoft ACPI-Compliant System
IRQ 285	Exclusive	Microsoft ACPI-Compliant System
IRQ 286	Exclusive	Microsoft ACPI-Compliant System
IRQ 287	Exclusive	Microsoft ACPI-Compliant System
IRQ 288	Exclusive	Microsoft ACPI-Compliant System
IRQ 289	Exclusive	Microsoft ACPI-Compliant System
IRQ 29	Exclusive	Intel SST Audio Device (WDM)
IRQ 290	Exclusive	Microsoft ACPI-Compliant System
IRQ 291	Exclusive	Microsoft ACPI-Compliant System
IRQ 292	Exclusive	Microsoft ACPI-Compliant System
IRQ 293	Exclusive	Microsoft ACPI-Compliant System
IRQ 294	Exclusive	Microsoft ACPI-Compliant System
IRQ 295	Exclusive	Microsoft ACPI-Compliant System
IRQ 296	Exclusive	Microsoft ACPI-Compliant System
IRQ 297	Exclusive	Microsoft ACPI-Compliant System
IRQ 298	Exclusive	Microsoft ACPI-Compliant System
IRQ 299	Exclusive	Microsoft ACPI-Compliant System
IRQ 300	Exclusive	Microsoft ACPI-Compliant System
IRQ 301	Exclusive	Microsoft ACPI-Compliant System
IRQ 302	Exclusive	Microsoft ACPI-Compliant System
IRQ 303	Exclusive	Microsoft ACPI-Compliant System
IRQ 304	Exclusive	Microsoft ACPI-Compliant System
IRQ 305	Exclusive	Microsoft ACPI-Compliant System
IRQ 306	Exclusive	Microsoft ACPI-Compliant System
IRQ 307	Exclusive	Microsoft ACPI-Compliant System
IRQ 308	Exclusive	Microsoft ACPI-Compliant System
IRQ 309	Exclusive	Microsoft ACPI-Compliant System
IRQ 310	Exclusive	Microsoft ACPI-Compliant System
IRQ 311	Exclusive	Microsoft ACPI-Compliant System
IRQ 312	Exclusive	Microsoft ACPI-Compliant System
IRQ 313	Exclusive	Microsoft ACPI-Compliant System
IRQ 314	Exclusive	Microsoft ACPI-Compliant System
IRQ 315	Exclusive	Microsoft ACPI-Compliant System
IRQ 316	Exclusive	Microsoft ACPI-Compliant System
IRQ 317	Exclusive	Microsoft ACPI-Compliant System
IRQ 318	Exclusive	Microsoft ACPI-Compliant System
IRQ 319	Exclusive	Microsoft ACPI-Compliant System
IRQ 320	Exclusive	Microsoft ACPI-Compliant System
IRQ 321	Exclusive	Microsoft ACPI-Compliant System
IRQ 322	Exclusive	Microsoft ACPI-Compliant System
IRQ 323	Exclusive	Microsoft ACPI-Compliant System
IRQ 324	Exclusive	Microsoft ACPI-Compliant System
IRQ 325	Exclusive	Microsoft ACPI-Compliant System
IRQ 326	Exclusive	Microsoft ACPI-Compliant System
IRQ 327	Exclusive	Microsoft ACPI-Compliant System
IRQ 328	Exclusive	Microsoft ACPI-Compliant System
IRQ 329	Exclusive	Microsoft ACPI-Compliant System
IRQ 330	Exclusive	Microsoft ACPI-Compliant System
IRQ 331	Exclusive	Microsoft ACPI-Compliant System
IRQ 332	Exclusive	Microsoft ACPI-Compliant System
IRQ 333	Exclusive	Microsoft ACPI-Compliant System
IRQ 334	Exclusive	Microsoft ACPI-Compliant System
IRQ 335	Exclusive	Microsoft ACPI-Compliant System
IRQ 336	Exclusive	Microsoft ACPI-Compliant System
IRQ 337	Exclusive	Microsoft ACPI-Compliant System
IRQ 338	Exclusive	Microsoft ACPI-Compliant System
IRQ 339	Exclusive	Microsoft ACPI-Compliant System
IRQ 340	Exclusive	Microsoft ACPI-Compliant System
IRQ 341	Exclusive	Microsoft ACPI-Compliant System
IRQ 342	Exclusive	Microsoft ACPI-Compliant System
IRQ 343	Exclusive	Microsoft ACPI-Compliant System
IRQ 344	Exclusive	Microsoft ACPI-Compliant System
IRQ 345	Exclusive	Microsoft ACPI-Compliant System
IRQ 346	Exclusive	Microsoft ACPI-Compliant System
IRQ 347	Exclusive	Microsoft ACPI-Compliant System
IRQ 348	Exclusive	Microsoft ACPI-Compliant System
IRQ 349	Exclusive	Microsoft ACPI-Compliant System
IRQ 350	Exclusive	Microsoft ACPI-Compliant System
IRQ 351	Exclusive	Microsoft ACPI-Compliant System
IRQ 352	Exclusive	Microsoft ACPI-Compliant System
IRQ 353	Exclusive	Microsoft ACPI-Compliant System
IRQ 354	Exclusive	Microsoft ACPI-Compliant System
IRQ 355	Exclusive	Microsoft ACPI-Compliant System
IRQ 356	Exclusive	Microsoft ACPI-Compliant System
IRQ 357	Exclusive	Microsoft ACPI-Compliant System
IRQ 358	Exclusive	Microsoft ACPI-Compliant System
IRQ 359	Exclusive	Microsoft ACPI-Compliant System
IRQ 360	Exclusive	Microsoft ACPI-Compliant System
IRQ 361	Exclusive	Microsoft ACPI-Compliant System
IRQ 362	Exclusive	Microsoft ACPI-Compliant System
IRQ 363	Exclusive	Microsoft ACPI-Compliant System
IRQ 364	Exclusive	Microsoft ACPI-Compliant System
IRQ 365	Exclusive	Microsoft ACPI-Compliant System
IRQ 366	Exclusive	Microsoft ACPI-Compliant System
IRQ 367	Exclusive	Microsoft ACPI-Compliant System
IRQ 368	Exclusive	Microsoft ACPI-Compliant System
IRQ 369	Exclusive	Microsoft ACPI-Compliant System
IRQ 37	Exclusive	Intel(R) Serial IO I2C ES Controller
IRQ 370	Exclusive	Microsoft ACPI-Compliant System
IRQ 371	Exclusive	Microsoft ACPI-Compliant System
IRQ 372	Exclusive	Microsoft ACPI-Compliant System
IRQ 373	Exclusive	Microsoft ACPI-Compliant System
IRQ 374	Exclusive	Microsoft ACPI-Compliant System
IRQ 375	Exclusive	Microsoft ACPI-Compliant System
IRQ 376	Exclusive	Microsoft ACPI-Compliant System
IRQ 377	Exclusive	Microsoft ACPI-Compliant System
IRQ 378	Exclusive	Microsoft ACPI-Compliant System
IRQ 379	Exclusive	Microsoft ACPI-Compliant System
IRQ 380	Exclusive	Microsoft ACPI-Compliant System
IRQ 381	Exclusive	Microsoft ACPI-Compliant System
IRQ 382	Exclusive	Microsoft ACPI-Compliant System
IRQ 383	Exclusive	Microsoft ACPI-Compliant System
IRQ 384	Exclusive	Microsoft ACPI-Compliant System
IRQ 385	Exclusive	Microsoft ACPI-Compliant System
IRQ 386	Exclusive	Microsoft ACPI-Compliant System
IRQ 387	Exclusive	Microsoft ACPI-Compliant System
IRQ 388	Exclusive	Microsoft ACPI-Compliant System
IRQ 389	Exclusive	Microsoft ACPI-Compliant System
IRQ 39	Exclusive	Intel(R) Serial IO UART Controller
IRQ 390	Exclusive	Microsoft ACPI-Compliant System
IRQ 391	Exclusive	Microsoft ACPI-Compliant System
IRQ 392	Exclusive	Microsoft ACPI-Compliant System
IRQ 393	Exclusive	Microsoft ACPI-Compliant System
IRQ 394	Exclusive	Microsoft ACPI-Compliant System
IRQ 395	Exclusive	Microsoft ACPI-Compliant System
IRQ 396	Exclusive	Microsoft ACPI-Compliant System
IRQ 397	Exclusive	Microsoft ACPI-Compliant System
IRQ 398	Exclusive	Microsoft ACPI-Compliant System
IRQ 399	Exclusive	Microsoft ACPI-Compliant System
IRQ 40	Exclusive	Intel(R) Serial IO UART Controller
IRQ 400	Exclusive	Microsoft ACPI-Compliant System
IRQ 401	Exclusive	Microsoft ACPI-Compliant System
IRQ 402	Exclusive	Microsoft ACPI-Compliant System
IRQ 403	Exclusive	Microsoft ACPI-Compliant System
IRQ 404	Exclusive	Microsoft ACPI-Compliant System
IRQ 405	Exclusive	Microsoft ACPI-Compliant System
IRQ 406	Exclusive	Microsoft ACPI-Compliant System
IRQ 407	Exclusive	Microsoft ACPI-Compliant System
IRQ 408	Exclusive	Microsoft ACPI-Compliant System
IRQ 409	Exclusive	Microsoft ACPI-Compliant System
IRQ 41	Exclusive	Intel(R) Serial IO SPI Controller
IRQ 410	Exclusive	Microsoft ACPI-Compliant System
IRQ 411	Exclusive	Microsoft ACPI-Compliant System
IRQ 412	Exclusive	Microsoft ACPI-Compliant System
IRQ 413	Exclusive	Microsoft ACPI-Compliant System
IRQ 414	Exclusive	Microsoft ACPI-Compliant System
IRQ 415	Exclusive	Microsoft ACPI-Compliant System
IRQ 416	Exclusive	Microsoft ACPI-Compliant System
IRQ 417	Exclusive	Microsoft ACPI-Compliant System
IRQ 418	Exclusive	Microsoft ACPI-Compliant System
IRQ 419	Exclusive	Microsoft ACPI-Compliant System
IRQ 420	Exclusive	Microsoft ACPI-Compliant System
IRQ 421	Exclusive	Microsoft ACPI-Compliant System
IRQ 422	Exclusive	Microsoft ACPI-Compliant System
IRQ 423	Exclusive	Microsoft ACPI-Compliant System
IRQ 424	Exclusive	Microsoft ACPI-Compliant System
IRQ 425	Exclusive	Microsoft ACPI-Compliant System
IRQ 426	Exclusive	Microsoft ACPI-Compliant System
IRQ 427	Exclusive	Microsoft ACPI-Compliant System
IRQ 428	Exclusive	Microsoft ACPI-Compliant System
IRQ 429	Exclusive	Microsoft ACPI-Compliant System
IRQ 430	Exclusive	Microsoft ACPI-Compliant System
IRQ 431	Exclusive	Microsoft ACPI-Compliant System
IRQ 432	Exclusive	Microsoft ACPI-Compliant System
IRQ 433	Exclusive	Microsoft ACPI-Compliant System
IRQ 434	Exclusive	Microsoft ACPI-Compliant System
IRQ 435	Exclusive	Microsoft ACPI-Compliant System
IRQ 436	Exclusive	Microsoft ACPI-Compliant System
IRQ 437	Exclusive	Microsoft ACPI-Compliant System
IRQ 438	Exclusive	Microsoft ACPI-Compliant System
IRQ 439	Exclusive	Microsoft ACPI-Compliant System
IRQ 440	Exclusive	Microsoft ACPI-Compliant System
IRQ 441	Exclusive	Microsoft ACPI-Compliant System
IRQ 442	Exclusive	Microsoft ACPI-Compliant System
IRQ 443	Exclusive	Microsoft ACPI-Compliant System
IRQ 444	Exclusive	Microsoft ACPI-Compliant System
IRQ 445	Exclusive	Microsoft ACPI-Compliant System
IRQ 4456481	Exclusive	Intel(R) Serial IO I2C ES Controller
IRQ 4456484	Exclusive	Intel(R) Serial IO I2C ES Controller
IRQ 446	Exclusive	Microsoft ACPI-Compliant System
IRQ 447	Exclusive	Microsoft ACPI-Compliant System
IRQ 448	Exclusive	Microsoft ACPI-Compliant System
IRQ 449	Exclusive	Microsoft ACPI-Compliant System
IRQ 45	Exclusive	Intel SD Host Controller
IRQ 450	Exclusive	Microsoft ACPI-Compliant System
IRQ 451	Exclusive	Microsoft ACPI-Compliant System
IRQ 452	Exclusive	Microsoft ACPI-Compliant System
IRQ 453	Exclusive	Microsoft ACPI-Compliant System
IRQ 454	Exclusive	Microsoft ACPI-Compliant System
IRQ 455	Exclusive	Microsoft ACPI-Compliant System
IRQ 456	Exclusive	Microsoft ACPI-Compliant System
IRQ 457	Exclusive	Microsoft ACPI-Compliant System
IRQ 458	Exclusive	Microsoft ACPI-Compliant System
IRQ 459	Exclusive	Microsoft ACPI-Compliant System
IRQ 46	Exclusive	Intel SD Host Controller
IRQ 460	Exclusive	Microsoft ACPI-Compliant System
IRQ 461	Exclusive	Microsoft ACPI-Compliant System
IRQ 462	Exclusive	Microsoft ACPI-Compliant System
IRQ 463	Exclusive	Microsoft ACPI-Compliant System
IRQ 464	Exclusive	Microsoft ACPI-Compliant System
IRQ 465	Exclusive	Microsoft ACPI-Compliant System
IRQ 466	Exclusive	Microsoft ACPI-Compliant System
IRQ 467	Exclusive	Microsoft ACPI-Compliant System
IRQ 468	Exclusive	Microsoft ACPI-Compliant System
IRQ 469	Exclusive	Microsoft ACPI-Compliant System
IRQ 47	Exclusive	Intel SD Host Controller
IRQ 470	Exclusive	Microsoft ACPI-Compliant System
IRQ 471	Exclusive	Microsoft ACPI-Compliant System
IRQ 472	Exclusive	Microsoft ACPI-Compliant System
IRQ 473	Exclusive	Microsoft ACPI-Compliant System
IRQ 474	Exclusive	Microsoft ACPI-Compliant System
IRQ 475	Exclusive	Microsoft ACPI-Compliant System
IRQ 476	Exclusive	Microsoft ACPI-Compliant System
IRQ 477	Exclusive	Microsoft ACPI-Compliant System
IRQ 478	Exclusive	Microsoft ACPI-Compliant System
IRQ 479	Exclusive	Microsoft ACPI-Compliant System
IRQ 48	Shared	Intel Serial IO GPIO Controller
IRQ 480	Exclusive	Microsoft ACPI-Compliant System
IRQ 481	Exclusive	Microsoft ACPI-Compliant System
IRQ 482	Exclusive	Microsoft ACPI-Compliant System
IRQ 483	Exclusive	Microsoft ACPI-Compliant System
IRQ 484	Exclusive	Microsoft ACPI-Compliant System
IRQ 485	Exclusive	Microsoft ACPI-Compliant System
IRQ 486	Exclusive	Microsoft ACPI-Compliant System
IRQ 487	Exclusive	Microsoft ACPI-Compliant System
IRQ 488	Exclusive	Microsoft ACPI-Compliant System
IRQ 489	Exclusive	Microsoft ACPI-Compliant System
IRQ 49	Shared	Intel Serial IO GPIO Controller
IRQ 490	Exclusive	Microsoft ACPI-Compliant System
IRQ 491	Exclusive	Microsoft ACPI-Compliant System
IRQ 492	Exclusive	Microsoft ACPI-Compliant System
IRQ 493	Exclusive	Microsoft ACPI-Compliant System
IRQ 494	Exclusive	Microsoft ACPI-Compliant System
IRQ 495	Exclusive	Microsoft ACPI-Compliant System
IRQ 496	Exclusive	Microsoft ACPI-Compliant System
IRQ 497	Exclusive	Microsoft ACPI-Compliant System
IRQ 498	Exclusive	Microsoft ACPI-Compliant System
IRQ 499	Exclusive	Microsoft ACPI-Compliant System
IRQ 50	Shared	Intel Serial IO GPIO Controller
IRQ 500	Exclusive	Microsoft ACPI-Compliant System
IRQ 501	Exclusive	Microsoft ACPI-Compliant System
IRQ 502	Exclusive	Microsoft ACPI-Compliant System
IRQ 503	Exclusive	Microsoft ACPI-Compliant System
IRQ 504	Exclusive	Microsoft ACPI-Compliant System
IRQ 505	Exclusive	Microsoft ACPI-Compliant System
IRQ 506	Exclusive	Microsoft ACPI-Compliant System
IRQ 507	Exclusive	Microsoft ACPI-Compliant System
IRQ 508	Exclusive	Microsoft ACPI-Compliant System
IRQ 509	Exclusive	Microsoft ACPI-Compliant System
IRQ 510	Exclusive	Microsoft ACPI-Compliant System
IRQ 511	Exclusive	Microsoft ACPI-Compliant System
IRQ 54	Exclusive	Microsoft ACPI-Compliant System
IRQ 55	Exclusive	Microsoft ACPI-Compliant System
IRQ 56	Exclusive	Microsoft ACPI-Compliant System
IRQ 57	Exclusive	Microsoft ACPI-Compliant System
IRQ 58	Exclusive	Microsoft ACPI-Compliant System
IRQ 59	Exclusive	Microsoft ACPI-Compliant System
IRQ 60	Exclusive	Microsoft ACPI-Compliant System
IRQ 61	Exclusive	Microsoft ACPI-Compliant System
IRQ 62	Exclusive	Microsoft ACPI-Compliant System
IRQ 63	Exclusive	Microsoft ACPI-Compliant System
IRQ 64	Exclusive	Microsoft ACPI-Compliant System
IRQ 65	Exclusive	Microsoft ACPI-Compliant System
IRQ 65536	Exclusive	Intel(R) HD Graphics
IRQ 65536	Exclusive	Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)
IRQ 65536	Exclusive	Intel(R) Dynamic Platform & Thermal Framework Processor Participant Driver
IRQ 65536	Exclusive	Intel(R) Imaging Signal Processor 2401
IRQ 65536	Exclusive	Intel(R) Trusted Execution Engine Interface
IRQ 66	Exclusive	Microsoft ACPI-Compliant System
IRQ 67	Exclusive	Microsoft ACPI-Compliant System
IRQ 68	Exclusive	Microsoft ACPI-Compliant System
IRQ 69	Exclusive	Microsoft ACPI-Compliant System
IRQ 70	Exclusive	Microsoft ACPI-Compliant System
IRQ 71	Exclusive	Microsoft ACPI-Compliant System
IRQ 72	Exclusive	Microsoft ACPI-Compliant System
IRQ 7274531	Exclusive	Intel(R) Serial IO I2C ES Controller
IRQ 73	Exclusive	Microsoft ACPI-Compliant System
IRQ 74	Exclusive	Microsoft ACPI-Compliant System
IRQ 75	Exclusive	Microsoft ACPI-Compliant System
IRQ 76	Exclusive	Microsoft ACPI-Compliant System
IRQ 77	Exclusive	Microsoft ACPI-Compliant System
IRQ 78	Exclusive	Microsoft ACPI-Compliant System
IRQ 79	Exclusive	Microsoft ACPI-Compliant System
IRQ 80	Exclusive	Microsoft ACPI-Compliant System
IRQ 81	Exclusive	Microsoft ACPI-Compliant System
IRQ 82	Exclusive	Microsoft ACPI-Compliant System
IRQ 83	Exclusive	Microsoft ACPI-Compliant System
IRQ 84	Exclusive	Microsoft ACPI-Compliant System
IRQ 85	Exclusive	Microsoft ACPI-Compliant System
IRQ 86	Exclusive	Microsoft ACPI-Compliant System
IRQ 87	Exclusive	Microsoft ACPI-Compliant System
IRQ 88	Exclusive	Microsoft ACPI-Compliant System
IRQ 89	Exclusive	Intel(R) Serial IO SPI Controller
IRQ 89	Exclusive	Microsoft ACPI-Compliant System
IRQ 90	Exclusive	Intel(R) Serial IO SPI Controller
IRQ 90	Exclusive	Microsoft ACPI-Compliant System
IRQ 91	Exclusive	Microsoft ACPI-Compliant System
IRQ 91	Shared	Intel Serial IO GPIO Controller
IRQ 92	Exclusive	Microsoft ACPI-Compliant System
IRQ 93	Exclusive	Microsoft ACPI-Compliant System
IRQ 94	Exclusive	Microsoft ACPI-Compliant System
IRQ 95	Exclusive	Microsoft ACPI-Compliant System
IRQ 96	Exclusive	Microsoft ACPI-Compliant System
IRQ 97	Exclusive	Microsoft ACPI-Compliant System
IRQ 98	Exclusive	Microsoft ACPI-Compliant System
IRQ 99	Exclusive	Microsoft ACPI-Compliant System
Memory 000A0000-000BFFFF	Shared	PCI Express Root Complex
Memory 000C0000-000DFFFF	Shared	PCI Express Root Complex
Memory 000E0000-000FFFFF	Shared	PCI Express Root Complex
Memory 20000000-201FFFFF	Exclusive	Intel SST Audio Device (WDM)
Memory 20000000-201FFFFF	Shared	PCI Express Root Complex
Memory 7CC00001-7EC00000	Shared	PCI Express Root Complex
Memory 7FF00000-7FF00FFF	Exclusive	Trusted Platform Module 2.0
Memory 80000000-8FFFFFFF	Exclusive	Intel(R) HD Graphics
Memory 80000000-DFFFFFFF	Shared	PCI Express Root Complex
Memory 90000000-90FFFFFF	Exclusive	Intel(R) HD Graphics
Memory 91400000-915FFFFF	Exclusive	Intel SST Audio Device (WDM)
Memory 91600000-916FFFFF	Exclusive	Intel(R) Trusted Execution Engine Interface
Memory 91700000-917FFFFF	Exclusive	Intel(R) Trusted Execution Engine Interface
Memory 91800000-9180FFFF	Exclusive	Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)
Memory 91819000-91819FFF	Exclusive	Intel(R) Serial IO SPI Controller
Memory 9181B000-9181BFFF	Exclusive	Intel(R) Serial IO SPI Controller
Memory 9181D000-9181DFFF	Exclusive	Intel(R) Serial IO SPI Controller
Memory 9181F000-9181FFFF	Exclusive	Intel(R) Serial IO UART Controller
Memory 91821000-91821FFF	Exclusive	Intel(R) Serial IO UART Controller
Memory 91824000-91824FFF	Exclusive	Intel(R) Serial IO I2C ES Controller
Memory 91826000-91826FFF	Exclusive	Intel(R) Serial IO I2C ES Controller
Memory 91828000-91828FFF	Exclusive	Intel(R) Serial IO I2C ES Controller
Memory 9182A000-9182AFFF	Exclusive	Intel(R) Serial IO I2C ES Controller
Memory 9182C000-9182CFFF	Exclusive	Intel(R) Serial IO I2C ES Controller
Memory 9182E000-9182EFFF	Exclusive	Intel(R) Serial IO I2C ES Controller
Memory 91830000-91830FFF	Exclusive	Intel(R) Serial IO I2C ES Controller
Memory 91832000-91832FFF	Exclusive	Intel SST Audio Device (WDM)
Memory 91834000-91834FFF	Exclusive	Intel SD Host Controller
Memory 91836000-91836FFF	Exclusive	Intel SD Host Controller
Memory 91838000-91838FFF	Exclusive	Intel SD Host Controller
Memory DFBFE000-DFBFEFFF	Exclusive	Intel(R) Dynamic Platform & Thermal Framework Processor Participant Driver
Memory DFBFF000-DFBFFFFF	Exclusive	Intel(R) Integrated Sensor Solution
Memory DFC00000-DFFFFFFF	Exclusive	Intel(R) Imaging Signal Processor 2401
Memory E00000D0-E00000DF	Exclusive	Intel(R) Sideband Fabric Device
Memory FED80000-FED87FFF	Exclusive	Intel Serial IO GPIO Controller
Memory FED88000-FED8FFFF	Exclusive	Intel Serial IO GPIO Controller
Memory FED90000-FED97FFF	Exclusive	Intel Serial IO GPIO Controller
Memory FED98000-FED9FFFF	Exclusive	Intel Serial IO GPIO Controller
Memory FEDA0000-FEDA7FFF	Exclusive	Intel Serial IO GPIO Controller
Port 0000-006F	Shared	PCI Express Root Complex
Port 0070-0077	Exclusive	System CMOS/real time clock
Port 0078-0CF7	Shared	PCI Express Root Complex
Port 03F8-03FF	Exclusive	Communications Port (COM1)
Port 0D00-FFFF	Shared	PCI Express Root Complex
Port F000-F03F	Exclusive	Intel(R) HD Graphics

Input


[ HID Keyboard Device ]

	Keyboard Properties:
		Keyboard Name	HID Keyboard Device
		Keyboard Type	IBM enhanced (101- or 102-key) keyboard
		Keyboard Layout	Hungarian
		ANSI Code Page	1252 - Western European (Windows)
		OEM Code Page	850
		Repeat Delay	1
		Repeat Rate	31

[ ASUS Touchpad ]

	Mouse Properties:
		Mouse Name	ASUS Touchpad
		Mouse Buttons	3
		Mouse Hand	Right
		Pointer Speed	1
		Double-Click Time	520 msec
		X/Y Threshold	6 / 10
		Wheel Scroll Lines	3

	Mouse Features:
		Active Window Tracking	Disabled
		ClickLock	Disabled
		Hide Pointer While Typing	Enabled
		Mouse Wheel	Present
		Move Pointer To Default Button	Disabled
		Pointer Trails	Disabled
		Sonar	Disabled

Printers


[ Fax ]

	Printer Properties:
		Printer Name	Fax
		Default Printer	No
		Share Point	Not shared
		Printer Port	SHRFAX:
		Printer Driver	Microsoft Shared Fax Driver (v4.00)
		Device Name	Fax
		Print Processor	winprint
		Separator Page	None
		Availability	Always
		Priority	1
		Print Jobs Queued	0
		Status	Unknown

	Paper Properties:
		Paper Size	Letter, 8.5 x 11 in
		Orientation	Portrait
		Print Quality	200 x 200 dpi Mono

[ Microsoft Print to PDF (Default) ]

	Printer Properties:
		Printer Name	Microsoft Print to PDF
		Default Printer	Yes
		Share Point	Not shared
		Printer Port	PORTPROMPT:
		Printer Driver	Microsoft Print To PDF (v6.03)
		Device Name	Microsoft Print to PDF
		Print Processor	winprint
		Separator Page	None
		Availability	Always
		Priority	1
		Print Jobs Queued	0
		Status	Unknown

	Paper Properties:
		Paper Size	Letter, 8.5 x 11 in
		Orientation	Portrait
		Print Quality	600 x 600 dpi Color

[ Microsoft XPS Document Writer ]

	Printer Properties:
		Printer Name	Microsoft XPS Document Writer
		Default Printer	No
		Share Point	Not shared
		Printer Port	PORTPROMPT:
		Printer Driver	Microsoft XPS Document Writer v4 (v6.03)
		Device Name	Microsoft XPS Document Writer
		Print Processor	winprint
		Separator Page	None
		Availability	Always
		Priority	1
		Print Jobs Queued	0
		Status	Unknown

	Paper Properties:
		Paper Size	Letter, 8.5 x 11 in
		Orientation	Portrait
		Print Quality	600 x 600 dpi Color

Auto Start


Application Description	Start From	Application Command
DptfPolicyLpmServiceHelper	Registry\Common\Run	C:\Windows\system32\DptfPolicyLpmServiceHelper.exe
isa	Registry\Common\Run	C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
OneDrive	Registry\User\Run	C:\Users\galff\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background
RtkNGUI	Registry\Common\Run	C:\Program Files\Realtek\Audio\AP\RtkNGUI64.exe /s

Scheduled


[ ASUS Live Update1 ]

	Task Properties:
		Task Name	ASUS Live Update1
		Status	Enabled
		Application Name	C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
		Application Parameters	-critical
		Working Folder
		Comment
		Account Name
		Creator	ASUSTek Computer Inc
		Last Run	30/11/1999
		Next Run	28/08/2015 12:00:00

	Task Triggers:
		Daily	At 12:00:00 every day

[ ASUS Live Update2 ]

	Task Properties:
		Task Name	ASUS Live Update2
		Status	Enabled
		Application Name	C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
		Application Parameters	-check
		Working Folder
		Comment
		Account Name
		Creator	ASUSTek Computer Inc
		Last Run	30/11/1999
		Next Run	10/09/2015 16:46:25

	Task Triggers:
		Daily	At 16:46:25 every 14 days

[ ASUS Patch for Touch Panel ]

	Task Properties:
		Task Name	ASUS Patch for Touch Panel
		Status	Running
		Application Name	C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
		Application Parameters
		Working Folder
		Comment
		Account Name
		Creator	ASUSTek Computer INC.
		Last Run	27/08/2015 16:43:07
		Next Run	Unknown

	Task Triggers:
		At log on	At log on of any user

[ ASUS Smart Gesture Launcher ]

	Task Properties:
		Task Name	ASUS Smart Gesture Launcher
		Status	Enabled
		Application Name	C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
		Application Parameters
		Working Folder
		Comment	ASUS Smart Gesture Launcher
		Account Name
		Creator	ASUS
		Last Run	27/08/2015 16:43:11
		Next Run	Unknown

	Task Triggers:
		At log on	At log on of any user

[ ASUS Splendid ACMON ]

	Task Properties:
		Task Name	ASUS Splendid ACMON
		Status	Running
		Application Name	C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
		Application Parameters
		Working Folder
		Comment
		Account Name
		Creator	ASUSTek Computer INC.
		Last Run	27/08/2015 16:43:07
		Next Run	Unknown

	Task Triggers:
		At log on	At log on of any user

[ ATK Package 36D18D69AFC3 ]

	Task Properties:
		Task Name	ATK Package 36D18D69AFC3
		Status	Enabled
		Application Name	"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe"
		Application Parameters	-CancelShutdown
		Working Folder
		Comment
		Account Name	SYSTEM
		Creator	ASUSTek Computer Inc.
		Last Run	30/11/1999
		Next Run	Unknown

[ ATK Package A22126881260 ]

	Task Properties:
		Task Name	ATK Package A22126881260
		Status	Enabled
		Application Name	"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe"
		Application Parameters
		Working Folder
		Comment
		Account Name
		Creator	ASUSTek Computer Inc.
		Last Run	30/11/1999
		Next Run	Unknown

[ Update Checker ]

	Task Properties:
		Task Name	Update Checker
		Status	Enabled
		Application Name	C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
		Application Parameters
		Working Folder
		Comment
		Account Name
		Creator	ASUSTek Computer Inc
		Last Run	27/08/2015 17:48:09
		Next Run	Unknown

	Task Triggers:
		At log on	At log on of any user - After triggered, repeat every 1 hour indefinitely

Installed Programs


Program	Version	Inst. Size	GUID	Publisher	Inst. Date
AIDA64 Engineer v5.30	5.30	Unknown	AIDA64 Engineer_is1	FinalWire Ltd.	2015-08-27
ASUS Live Update	3.3.4	Unknown	{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}	ASUS	2015-07-22
ASUS Smart Gesture	4.0.5	Unknown	{4D3286A6-F6AB-498A-82A4-E4F040529F3D}	ASUS	2015-08-20
ASUS Splendid Video Enhancement Technology	3.11.0001	Unknown	{0969AF05-4FF6-4C00-9406-43599238DE0D}	ASUS	2015-07-22
ASUS T100HAN DisplayControl	1.0.3	Unknown	{674F5569-9F39-4597-BC5C-6D4012392147}	ASUS	2015-07-22
ATK Package	1.0.0040	Unknown	{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}	ASUS	2015-07-22
AudioWizard	1.0.0.83	Unknown	{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}	ICEpower a/s	2015-07-22
Broadcom 802.11 Network Adapter	5.93.103.16	Unknown	Broadcom 802.11 Network Adapter	Broadcom Corporation
Intel(R) Processor Graphics	10.18.15.4248	Unknown	{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}	Intel Corporation
Intel(R) Trusted Execution Engine Driver	2.0.0.1067	Unknown	{2EDD6E80-B205-4F86-BAE7-A50AF4355221}	Intel Corporation	2015-07-22
Intel(R) Trusted Execution Engine	1.1.1.1	Unknown	{FF4664C6-6BAF-4C05-9308-86705B2219EF}	Intel Corporation	2015-07-22
Intel(R) Trusted Execution Engine	2.0.0.1067	Unknown	{176E2755-0A17-42C6-88E2-192AB2131278}	Intel Corporation
Intel� Security Assist	1.0.0.523	Unknown	{84DB01CB-7EB7-4261-9249-99A32768D991}	Intel Corporation	2015-07-22
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219	10.0.40219	Unknown	{1D8E6291-B0D5-35EC-8441-6616F567A0F7}	Microsoft Corporation	2015-07-22
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617	12.0.20617.1	Unknown	{448652c1-f5f3-4230-98c6-68c10c88b1fb}	Microsoft Corporation
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.20617	12.0.20617	Unknown	{34FE5428-54F4-3883-9372-AD81FFD14F69}	Microsoft Corporation	2015-07-22
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.20617	12.0.20617	Unknown	{8DCF8C8F-4ADA-3395-BF10-A3437F9929D4}	Microsoft Corporation	2015-07-22
Realtek I2S Audio	6.4.10147.4290	Unknown	{89A448AA-3301-46AA-AFC3-34F2D7C670E8}	Realtek Semiconductor Corp.	2015-07-22
Windows Driver Package - ASUS (AsusSGDrv) Mouse (06/18/2015 8.1.0.16)	06/18/2015 8.1.0.16	Unknown	12B91B4BAB23274B49022AAB62465B3556864171	ASUS
Windows Driver Package - ASUS (AsusSGDrv) Mouse (07/07/2015 8.1.0.17)	07/07/2015 8.1.0.17	Unknown	EF7CD97155A7AF17485F0D87CA84AF5E33EA9386	ASUS
WinFlash	3.0.1	Unknown	{8F21291E-0444-4B1D-B9F9-4370A73E346D}	ASUS	2015-07-22

Licenses


		Software	Product Key
		Microsoft Internet Explorer 9.11.10240.16384	D6RD9-D4N8T-RT9QX-YW6YT-FCWWJ
		Microsoft Windows 10	37GNV-YCQVD-38XP9-T848R-FC2HD

File Types


Extension	File Type Description	Content Type
386	Virtual Device Driver
3G2	3GPP2 Audio/Video	video/3gpp2
3GP	3GPP Audio/Video	video/3gpp
3GP2	3GPP2 Audio/Video	video/3gpp2
3GPP	3GPP Audio/Video	video/3gpp
AAC	ADTS Audio	audio/vnd.dlna.adts
ACCOUNTPICTURE-MS	Account Picture File	application/windows-accountpicture
ADT	ADTS Audio	audio/vnd.dlna.adts
ADTS	ADTS Audio	audio/vnd.dlna.adts
AIF	AIFF Format Sound	audio/aiff
AIFC	AIFF Format Sound	audio/aiff
AIFF	AIFF Format Sound	audio/aiff
ANI	Animated Cursor
APPCONTENT-MS	Application Content	application/windows-appcontent+xml
APPLICATION	Application Manifest	application/x-ms-application
APPREF-MS	Application Reference
ASA	ASA File
ASF	Windows Media Audio/Video file	video/x-ms-asf
ASP	ASP File
ASX	Windows Media Audio/Video playlist	video/x-ms-asf
AU	AU Format Sound	audio/basic
AVI	Video Clip	video/avi
BAT	Windows Batch File
BLG	Performance Monitor File
BMP	Bitmap Image	image/bmp
CAB	Cabinet File
CAMP	WCS Viewing Condition Profile
CAT	Security Catalog	application/vnd.ms-pki.seccat
CDA	CD Audio Track
CDMP	WCS Device Profile
CDX	CDX File
CDXML	CDXML File
CER	Security Certificate	application/x-x509-ca-cert
CHK	Recovered File Fragments
CHM	Compiled HTML Help file
CMD	Windows Command Script
COM	MS-DOS Application
COMPOSITEFONT	Composite Font File
CONTACT	Contact File	text/x-ms-contact
CPL	Control Panel Item
CRL	Certificate Revocation List	application/pkix-crl
CRT	Security Certificate	application/x-x509-ca-cert
CSS	Cascading Style Sheet Document	text/css
CUR	Cursor
DB	Data Base File
DCTX	Open Extended Dictionary
DCTXC	Open Extended Dictionary
DDS	DDS Image	image/vnd.ms-dds
DER	Security Certificate	application/x-x509-ca-cert
DESKLINK	Desktop Shortcut
DESKTHEMEPACK	Windows Desktop Theme Pack
DIAGCAB	Diagnostic Cabinet
DIAGCFG	Diagnostic Configuration
DIAGPKG	Diagnostic Document
DIB	Bitmap Image	image/bmp
DLL	Application Extension	application/x-msdownload
DOCX	OOXML Text Document
DRV	Device Driver
DSN	Microsoft OLE DB Provider for ODBC Drivers
DWFX	XPS Document	model/vnd.dwfx+xps
EASMX	XPS Document	model/vnd.easmx+xps
EDRWX	XPS Document	model/vnd.edrwx+xps
EMF	EMF File	image/x-emf
EML	EML File
EPRTX	XPS Document	model/vnd.eprtx+xps
EVT	EVT File
EVTX	EVTX File
EXE	Application	application/x-msdownload
FLAC	FLAC Audio	audio/x-flac
FON	Font file
GIF	GIF Image	image/gif
GMMP	WCS Gamut Mapping Profile
GROUP	Contact Group File	text/x-ms-group
GRP	Microsoft Program Group
HLP	Help File
HTA	HTML Application	application/hta
HTM	HTML Document	text/html
HTML	HTML Document	text/html
ICC	ICC Profile
ICL	Icon Library
ICM	ICC Profile
ICO	Icon	image/x-icon
IGP	Intel Graphics Profiles
IMESX	IME Search provider definition
IMG	Disc Image File
INF	Setup Information
INI	Configuration Settings
ISO	Disc Image File
JFIF	JPEG Image	image/jpeg
JNT	Journal Document
JOB	Task Scheduler Task Object
JOD	Microsoft.Jet.OLEDB.4.0
JPE	JPEG Image	image/jpeg
JPEG	JPEG Image	image/jpeg
JPG	JPEG Image	image/jpeg
JS	JavaScript File
JSE	JScript Encoded File
JTP	Journal Template
JTX	XPS Document	application/x-jtx+xps
JXR	Windows Media Photo	image/vnd.ms-photo
LABEL	Property List
LIBRARY-MS	Library Folder	application/windows-library+xml
LNK	Shortcut
LOG	Text Document
M1V	Movie Clip	video/mpeg
M2T	AVCHD Video	video/vnd.dlna.mpeg-tts
M2TS	AVCHD Video	video/vnd.dlna.mpeg-tts
M2V	Movie Clip	video/mpeg
M3U	M3U file	audio/x-mpegurl
M4A	MPEG-4 Audio	audio/mp4
M4V	MP4 Video	video/mp4
MAPIMAIL	Mail Service
MHT	MHTML Document	message/rfc822
MHTML	MHTML Document	message/rfc822
MID	MIDI Sequence	audio/mid
MIDI	MIDI Sequence	audio/mid
MK3D	MK3D Video
MKA	MKA Audio	audio/x-matroska
MKV	MKV Video	video/x-matroska
MLC	Language Pack File_
MOD	Movie Clip	video/mpeg
MOV	QuickTime Movie	video/quicktime
MP2	MP3 Format Sound	audio/mpeg
MP2V	Movie Clip	video/mpeg
MP3	MP3 Format Sound	audio/mpeg
MP4	MP4 Video	video/mp4
MP4V	MP4 Video	video/mp4
MPA	Movie Clip	audio/mpeg
MPE	Movie Clip	video/mpeg
MPEG	Movie Clip	video/mpeg
MPG	Movie Clip	video/mpeg
MPV2	Movie Clip	video/mpeg
MSC	Microsoft Common Console Document
MSI	Windows Installer Package
MSP	Windows Installer Patch
MSRCINCIDENT	Windows Remote Assistance Invitation
MSSTYLES	Windows Visual Style File
MSU	Microsoft Update Standalone Package
MS-WINDOWS-STORE-LICENSE	Windows Store License
MTS	AVCHD Video	video/vnd.dlna.mpeg-tts
MYDOCS	MyDocs Drop Target
NFO	MSInfo Configuration File
OCX	ActiveX control
ODT	ODF Text Document
OSDX	OpenSearch Description File	application/opensearchdescription+xml
OTF	OpenType Font file
OXPS	XPS Document
P10	Certificate Request	application/pkcs10
P12	Personal Information Exchange	application/x-pkcs12
P7B	PKCS #7 Certificates	application/x-pkcs7-certificates
P7C	Digital ID File	application/pkcs7-mime
P7M	PKCS #7 MIME Message	application/pkcs7-mime
P7R	Certificate Request Response	application/x-pkcs7-certreqresp
P7S	PKCS #7 Signature	application/pkcs7-signature
PANO	PANO File	application/vnd.ms-pano
PARTIAL	Partial Download
PBK	Dial-Up Phonebook
PERFMONCFG	Performance Monitor Configuration
PFM	Type 1 Font file
PFX	Personal Information Exchange	application/x-pkcs12
PIF	Shortcut to MS-DOS Program
PKO	Public Key Security Object	application/vnd.ms-pki.pko
PNF	Precompiled Setup Information
PNG	PNG Image	image/png
PPKG	RunTime Provisioning Tool
PRF	PICS Rules File	application/pics-rules
PS1	PS1 File
PS1XML	PS1XML File
PSC1	PSC1 File	application/PowerShell
PSD1	PSD1 File
PSM1	PSM1 File
PSSC	PSSC File
QDS	Directory Query
RAT	Rating System File	application/rat-file
RDP	Remote Desktop Connection
REG	Registration Entries
RESMONCFG	Resource Monitor Configuration
RLE	RLE File
RLL	Application Extension
RMI	MIDI Sequence	audio/mid
RTF	Rich Text Document
SCF	File Explorer Command
SCP	Text Document
SCR	Screen saver
SCT	Windows Script Component	text/scriptlet
SEARCHCONNECTOR-MS	Search Connector Folder	application/windows-search-connector+xml
SEARCH-MS	Saved Search
SETTINGCONTENT-MS	Setting Content
SFCACHE	ReadyBoost Cache File
SND	AU Format Sound	audio/basic
SPC	PKCS #7 Certificates	application/x-pkcs7-certificates
SPL	Shockwave Flash Object	application/futuresplash
SST	Microsoft Serialized Certificate Store	application/vnd.ms-pki.certstore
SVG	SVG Document	image/svg+xml
SWF	Shockwave Flash Object	application/x-shockwave-flash
SYMLINK	.symlink
SYS	System file
THEME	Windows Theme File
THEMEPACK	Windows Theme Pack
TIF	TIF File	image/tiff
TIFF	TIFF File	image/tiff
TS	MPEG-2 TS Video	video/vnd.dlna.mpeg-tts
TTC	TrueType Collection Font file
TTF	TrueType Font file
TTS	MPEG-2 TS Video	video/vnd.dlna.mpeg-tts
TXT	Text Document	text/plain
UDL	Microsoft Data Link
URL	Internet Shortcut
VBE	VBScript Encoded File
VBS	VBScript Script File
VCF	vCard File	text/x-vcard
VHD	Disc Image File
VHDX	Disc Image File
VXD	Virtual Device Driver
WAB	Address Book File
WAV	Wave Sound	audio/wav
WAX	Windows Media Audio shortcut	audio/x-ms-wax
WBCAT	Windows Backup Catalog File
WCX	Workspace Configuration File
WDP	Windows Media Photo	image/vnd.ms-photo
WEBPNP	Web Point And Print File
WEBSITE	Pinned Site Shortcut	application/x-mswebsite
WM	Windows Media Audio/Video file	video/x-ms-wm
WMA	Windows Media Audio file	audio/x-ms-wma
WMD	Windows Media Player Download Package	application/x-ms-wmd
WMDB	Windows Media Library
WMF	WMF File	image/x-wmf
WMS	Windows Media Player Skin File
WMV	Windows Media Audio/Video file	video/x-ms-wmv
WMX	Windows Media Audio/Video playlist	video/x-ms-wmx
WMZ	Windows Media Player Skin Package	application/x-ms-wmz
WPL	Windows Media playlist	application/vnd.ms-wpl
WSC	Windows Script Component	text/scriptlet
WSF	Windows Script File
WSH	Windows Script Host Settings File
WTX	Text Document
WVX	Windows Media Audio/Video playlist	video/x-ms-wvx
XAML	Windows Markup File	application/xaml+xml
XBAP	XAML Browser Application	application/x-ms-xbap
XHT	XHTML Document	application/xhtml+xml
XHTML	XHTML Document	application/xhtml+xml
XML	XML Document	text/xml
XPS	XPS Document	application/vnd.ms-xpsdocument
XRM-MS	XrML Digital License	text/xml
XSL	XSL Stylesheet	text/xml
ZFSENDTOTARGET	Compressed (zipped) Folder SendTo Target
ZIP	Compressed (zipped) Folder	application/x-zip-compressed

Windows Security


Operating System Properties:
	OS Name	Microsoft Windows 10
	OS Service Pack	-
	Winlogon Shell	explorer.exe
	User Account Control (UAC)	Enabled
	UAC Remote Restrictions	Enabled
	System Restore	Enabled

Data Execution Prevention (DEP, NX, EDB):
	Supported by Operating System	Yes
	Supported by CPU	Yes
	Active (To Protect Applications)	Yes
	Active (To Protect Drivers)	Yes

Windows Update


Update Description	Update Type	Inst. Date
(Automatic Update)	Unknown
Cumulative Update for Windows 10 for x64-based Systems (KB3081444)	Update	20/08/2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.2809.0)	Update	20/08/2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.102.0)	Update	22/08/2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.681.0)	Update	27/08/2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.681.0)	Update	27/08/2015
Intel Corporation driver update for Intel(R) HD Graphics	Update	20/08/2015
Security Update for Internet Explorer Flash Player for Windows 10 for x64-based Systems (KB3087916)	Update	20/08/2015
Update for Windows 10 for x64-based Systems (KB3074678)	Update	20/08/2015
Update for Windows 10 for x64-based Systems (KB3074686)	Update	20/08/2015
Update for Windows 10 for x64-based Systems (KB3081441)	Update	20/08/2015
Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - August 2015 (KB890830)	Update	20/08/2015

Anti-Virus


Software Description	Software Version	Virus Database Date	Known Viruses
Windows Defender	4.8.10240.16384(th1.150709-1700)	27/08/2015	?

Firewall


Software Description	Software Version	Status
Windows Firewall	6.2.10240.16384	Enabled

Regional


Time Zone:
	Current Time Zone	GTB Daylight Time
	Current Time Zone Description	(UTC+02:00) Athens, Bucharest
	Change To Standard Time	Last Sunday of October 04:00:00
	Change To Daylight Saving Time	Last Sunday of March 03:00:00

Language:
	Language Name (Native)	English
	Language Name (English)	English
	Language Name (ISO 639)	en

Country/Region:
	Country Name (Native)	United Kingdom
	Country Name (English)	United Kingdom
	Country Name (ISO 3166)	GB
	Country Code	44

Currency:
	Currency Name (Native)	Pound Sterling
	Currency Name (English)	UK Pound Sterling
	Currency Symbol (Native)	�
	Currency Symbol (ISO 4217)	GBP
	Currency Format	�123,456,789.00
	Negative Currency Format	-�123,456,789.00

Formatting:
	Time Format	HH:mm:ss
	Short Date Format	dd/MM/yyyy
	Long Date Format	dd MMMM yyyy
	Number Format	123,456,789.00
	Negative Number Format	-123,456,789.00
	List Format	first, second, third
	Native Digits	0123456789

Days of Week:
	Native Name for Monday	Monday / Mon
	Native Name for Tuesday	Tuesday / Tue
	Native Name for Wednesday	Wednesday / Wed
	Native Name for Thursday	Thursday / Thu
	Native Name for Friday	Friday / Fri
	Native Name for Saturday	Saturday / Sat
	Native Name for Sunday	Sunday / Sun

Months:
	Native Name for January	January / Jan
	Native Name for February	February / Feb
	Native Name for March	March / Mar
	Native Name for April	April / Apr
	Native Name for May	May / May
	Native Name for June	June / Jun
	Native Name for July	July / Jul
	Native Name for August	August / Aug
	Native Name for September	September / Sep
	Native Name for October	October / Oct
	Native Name for November	November / Nov
	Native Name for December	December / Dec

Miscellaneous:
	Calendar Type	Gregorian (localized)
	Default Paper Size	A4
	Measurement System	Metric

Display Languages:
	LCID 0409h (Active)	English (United States)

Environment


		Variable	Value
		__COMPAT_LAYER	DetectorsWin8
		ALLUSERSPROFILE	C:\ProgramData
		APPDATA	C:\Users\galff\AppData\Roaming
		CommonProgramFiles(x86)	C:\Program Files (x86)\Common Files
		CommonProgramFiles	C:\Program Files (x86)\Common Files
		CommonProgramW6432	C:\Program Files\Common Files
		COMPUTERNAME	LAPTOP-5DNN8R19
		ComSpec	C:\Windows\system32\cmd.exe
		FPS_BROWSER_APP_PROFILE_STRING	Internet Explorer
		FPS_BROWSER_USER_PROFILE_STRING	Default
		HOMEDRIVE	C:
		HOMEPATH	\Users\galff
		LOCALAPPDATA	C:\Users\galff\AppData\Local
		LOGONSERVER	\\MicrosoftAccount
		NUMBER_OF_PROCESSORS	4
		OS	Windows_NT
		Path	C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;;C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\TXE Components\DAL\;C:\Program Files (x86)\Intel\TXE Components\DAL\;C:\Program Files\Intel\TXE Components\IPT\;C:\Program Files (x86)\Intel\TXE Components\IPT\
		PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
		PROCESSOR_ARCHITECTURE	x86
		PROCESSOR_ARCHITEW6432	AMD64
		PROCESSOR_IDENTIFIER	Intel64 Family 6 Model 76 Stepping 3, GenuineIntel
		PROCESSOR_LEVEL	6
		PROCESSOR_REVISION	4c03
		ProgramData	C:\ProgramData
		ProgramFiles(x86)	C:\Program Files (x86)
		ProgramFiles	C:\Program Files (x86)
		ProgramW6432	C:\Program Files
		PSModulePath	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
		PUBLIC	C:\Users\Public
		SystemDrive	C:
		SystemRoot	C:\Windows
		TEMP	C:\Users\galff\AppData\Local\Temp
		TMP	C:\Users\galff\AppData\Local\Temp
		USERDOMAIN_ROAMINGPROFILE	LAPTOP-5DNN8R19
		USERDOMAIN	LAPTOP-5DNN8R19
		USERNAME	galff
		USERPROFILE	C:\Users\galff
		windir	C:\Windows

Control Panel


		Name	Comment
		Flash Player	Manage Flash Player Settings

Recycle Bin


Drive	Items Size	Items Count	Space %	Recycle Bin
C:	0	0	?	?

System Files


	[ system.ini ]

		; for 16-bit app support
		[386Enh]
		woafont=dosapp.fon
		EGA80WOA.FON=EGA80WOA.FON
		EGA40WOA.FON=EGA40WOA.FON
		CGA80WOA.FON=CGA80WOA.FON
		CGA40WOA.FON=CGA40WOA.FON

		[drivers]
		wave=mmdrv.dll
		timer=timer.drv

		[mci]

	[ win.ini ]

		; for 16-bit app support
		[fonts]
		[extensions]
		[mci extensions]
		[files]
		[Mail]
		MAPI=1

	[ hosts ]



	[ lmhosts.sam ]

System Folders


		System Folder	Path
		Administrative Tools	C:\Users\galff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
		AppData	C:\Users\galff\AppData\Roaming
		Cache	C:\Users\galff\AppData\Local\Microsoft\Windows\INetCache
		CD Burning	C:\Users\galff\AppData\Local\Microsoft\Windows\Burn\Burn
		Common Administrative Tools	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
		Common AppData	C:\ProgramData
		Common Desktop	C:\Users\Public\Desktop
		Common Documents	C:\Users\Public\Documents
		Common Favorites	C:\Users\galff\Favorites
		Common Files (x86)	C:\Program Files (x86)\Common Files
		Common Files	C:\Program Files (x86)\Common Files
		Common Music	C:\Users\Public\Music
		Common Pictures	C:\Users\Public\Pictures
		Common Programs	C:\ProgramData\Microsoft\Windows\Start Menu\Programs
		Common Start Menu	C:\ProgramData\Microsoft\Windows\Start Menu
		Common Startup	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
		Common Templates	C:\ProgramData\Microsoft\Windows\Templates
		Common Video	C:\Users\Public\Videos
		Cookies	C:\Users\galff\AppData\Local\Microsoft\Windows\INetCookies
		Desktop	C:\Users\galff\Desktop
		Device	C:\Windows\inf
		Favorites	C:\Users\galff\Favorites
		Fonts	C:\Windows\Fonts
		History	C:\Users\galff\AppData\Local\Microsoft\Windows\History
		Local AppData	C:\Users\galff\AppData\Local
		My Documents	C:\Users\galff\Documents
		My Music	C:\Users\galff\Music
		My Pictures	C:\Users\galff\Pictures
		My Video	C:\Users\galff\Videos
		NetHood	C:\Users\galff\AppData\Roaming\Microsoft\Windows\Network Shortcuts
		PrintHood	C:\Users\galff\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
		Profile	C:\Users\galff
		Program Files (x86)	C:\Program Files (x86)
		Program Files	C:\Program Files (x86)
		Programs	C:\Users\galff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
		Recent	C:\Users\galff\AppData\Roaming\Microsoft\Windows\Recent
		Resources	C:\Windows\resources
		SendTo	C:\Users\galff\AppData\Roaming\Microsoft\Windows\SendTo
		Start Menu	C:\Users\galff\AppData\Roaming\Microsoft\Windows\Start Menu
		Startup	C:\Users\galff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
		System (x86)	C:\Windows\SysWOW64
		System	C:\Windows\system32
		Temp	C:\Users\galff\AppData\Local\Temp\
		Templates	C:\Users\galff\AppData\Roaming\Microsoft\Windows\Templates
		Windows	C:\Windows

Event Logs


Log Name	Event Type	Category	Generated On	User	Source	Description
Application	Warning	3	2015-08-20 20:03:33		Windows Search Service	3036: Crawl could not be completed on content source <winrt://{S-1-5-21-1877548631-935440309-1602752157-1001}/>. Context: Application, SystemIndex Catalog Details: The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)
Application	Warning	3	2015-08-20 23:55:44		Windows Search Service	10023: The protocol host process 7420 did not respond and is being forcibly terminated {filter host process 6760}.
Application	Warning	None	2015-08-21 00:25:19		Software Protection Platform Service	1058: Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004E016
Application	Error	None	2015-08-21 00:25:25		DptfParticipantWirelessService	2:
Application	Error	None	2015-08-21 00:25:25		DptfParticipantWirelessService	1:
Application	Error	None	2015-08-21 00:25:25		DptfParticipantWirelessService	1:
Application	Warning	3	2015-08-21 01:26:13		Windows Search Service	3036: Crawl could not be completed on content source <winrt://{S-1-5-21-1877548631-935440309-1602752157-1001}/>. Context: Application, SystemIndex Catalog Details: The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)
Application	Warning	None	2015-08-21 01:27:12		Wlclntfy	6001: The winlogon notification subscriber <Sens> failed a notification event.
Application	Error	None	2015-08-21 01:28:58		DptfParticipantWirelessService	2:
Application	Error	None	2015-08-21 01:28:58		DptfParticipantWirelessService	1:
Application	Error	None	2015-08-21 01:28:58		DptfParticipantWirelessService	1:
Application	Warning	None	2015-08-21 01:29:01		Software Protection Platform Service	1058: Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004E016
Application	Error	None	2015-08-21 01:29:25		Software Protection Platform Service	8200: License acquisition failure details. hr=0xC004C003
Application	Error	None	2015-08-21 01:29:25		Software Protection Platform Service	1014: Acquisition of End User License failed. hr=0xC004C003 Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d
Application	Error	None	2015-08-21 01:29:25		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=NetworkAvailable
Application	Error	None	2015-08-21 01:29:42		Software Protection Platform Service	8200: License acquisition failure details. hr=0xC004C003
Application	Error	None	2015-08-21 01:29:42		Software Protection Platform Service	1014: Acquisition of End User License failed. hr=0xC004C003 Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d
Application	Error	None	2015-08-21 01:29:42		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0xC004C003 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Application	Warning	None	2015-08-21 01:31:04		Software Protection Platform Service	1058: Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004E016
Application	Error	5973	2015-08-21 02:19:59	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:19:59	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:19:59	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:19:59	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:01	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:03	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:03	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:03	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:04	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:05	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:05	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:05	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:05	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:05	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:06	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:08	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:08	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:09	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:09	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:09	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:09	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:10	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:10	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:10	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:10	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:10	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:11	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:11	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:11	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:11	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:12	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:12	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:12	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:12	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:13	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:13	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:13	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:13	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:13	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:14	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:14	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:14	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:14	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:15	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:15	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:15	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:15	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:15	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:16	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:16	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:16	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:16	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:17	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:17	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:17	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:17	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:18	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:18	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:18	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:18	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:38	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:38	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:38	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:38	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:39	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:39	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:39	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:39	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:40	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:40	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:43	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:43	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:43	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:43	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:43	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:44	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:44	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:44	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:44	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:45	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:45	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:45	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:45	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:46	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:46	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:46	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:46	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:47	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:47	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:47	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:47	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:48	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:48	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:48	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:48	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:48	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:49	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:49	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:49	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:49	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:50	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:50	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:50	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:50	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:51	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:51	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:51	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:51	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:52	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:52	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:52	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:52	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:52	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:53	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:53	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:53	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:53	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:54	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:54	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:54	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:54	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:55	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:55	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:55	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:55	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:55	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:56	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:56	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:56	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:56	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:57	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:57	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:57	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:58	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:58	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:58	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:59	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:59	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:20:59	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:21:00	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:21:00	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:21:00	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:21:03	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:21:03	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:21:03	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:21:03	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:21:04	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:21:04	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:21:04	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:21:04	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:21:05	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:21:05	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:21:05	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:21:05	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:21:05	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:21:06	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:21:06	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:21:06	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:21:06	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:21:07	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:21:07	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:21:07	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:21:07	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 02:24:11	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:48	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:48	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:48	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:48	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:49	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:49	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:49	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:49	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:49	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:50	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:50	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:50	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:50	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:51	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:51	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:51	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:51	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:51	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:52	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:52	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:52	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:52	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:53	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:53	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:53	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:53	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:54	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:54	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:54	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:54	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:54	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:55	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:55	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:55	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:55	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:56	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:56	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:56	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:56	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:57	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:57	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:57	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:57	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:57	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:58	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:58	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:58	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:58	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:59	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:59	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:59	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:09:59	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:00	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:00	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:00	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:00	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:00	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:01	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:01	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:01	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:01	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:02	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:02	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:02	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:02	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:03	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:03	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:03	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:03	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:04	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:04	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:04	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:04	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:05	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:05	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:05	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:05	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:05	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:06	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:06	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:06	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-21 12:10:06	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Warning	None	2015-08-21 17:17:42		Software Protection Platform Service	1058: Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004E016
Application	Warning	3	2015-08-22 00:25:37		Windows Search Service	3036: Crawl could not be completed on content source <winrt://{S-1-5-21-1877548631-935440309-1602752157-1001}/>. Context: Application, SystemIndex Catalog Details: The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)
Application	Warning	None	2015-08-22 00:25:43		Software Protection Platform Service	1058: Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004E016
Application	Warning	2	2015-08-22 00:26:47	galff	Handwriting Recognition	110:
Application	Warning	None	2015-08-22 01:28:44		Software Protection Platform Service	1058: Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004E016
Application	Error	None	2015-08-22 01:29:42		Software Protection Platform Service	8200: License acquisition failure details. hr=0xC004C003
Application	Error	None	2015-08-22 01:29:42		Software Protection Platform Service	1014: Acquisition of End User License failed. hr=0xC004C003 Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d
Application	Error	None	2015-08-22 01:29:44		Software Protection Platform Service	8200: License acquisition failure details. hr=0xC004C003
Application	Error	None	2015-08-22 01:29:44		Software Protection Platform Service	1014: Acquisition of End User License failed. hr=0xC004C003 Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d
Application	Error	None	2015-08-22 01:29:45		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0xC004C003 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=TimerEvent
Application	Error	5973	2015-08-22 01:44:51	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-22 01:44:52	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-22 01:44:59	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-22 01:44:59	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-22 01:44:59	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-22 01:44:59	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-22 01:45:00	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-22 01:45:00	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-22 01:45:02	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-22 01:45:02	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-22 01:45:03	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-22 01:45:03	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-22 01:45:03	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-22 01:45:03	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-22 01:45:04	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-22 01:45:04	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-22 01:45:06	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	5973	2015-08-22 01:45:08	galff	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Warning	None	2015-08-23 13:21:57		Software Protection Platform Service	1058: Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004E016
Application	Warning	3	2015-08-23 13:21:58		Windows Search Service	3036: Crawl could not be completed on content source <winrt://{S-1-5-21-1877548631-935440309-1602752157-1001}/>. Context: Application, SystemIndex Catalog Details: The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)
Application	Error	None	2015-08-23 13:22:01		Software Protection Platform Service	8200: License acquisition failure details. hr=0xC004C003
Application	Error	None	2015-08-23 13:22:01		Software Protection Platform Service	1014: Acquisition of End User License failed. hr=0xC004C003 Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d
Application	Warning	3	2015-08-23 15:21:54		Windows Search Service	10023: The protocol host process 8528 did not respond and is being forcibly terminated {filter host process 6052}.
Application	Error	None	2015-08-27 16:42:44		DptfParticipantWirelessService	2:
Application	Error	None	2015-08-27 16:42:44		DptfParticipantWirelessService	1:
Application	Error	None	2015-08-27 16:42:44		DptfParticipantWirelessService	1:
Application	Warning	None	2015-08-27 16:43:24		Software Protection Platform Service	1058: Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004E016
Application	Error	None	2015-08-27 16:43:34		Software Protection Platform Service	8200: License acquisition failure details. hr=0x80072EE7
Application	Error	None	2015-08-27 16:43:34		Software Protection Platform Service	1014: Acquisition of End User License failed. hr=0x80072EE7 Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d
Application	Error	None	2015-08-27 16:43:37		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0x80072EE7 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Application	Warning	3	2015-08-27 16:43:38		Windows Search Service	3036: Crawl could not be completed on content source <winrt://{S-1-5-21-1877548631-935440309-1602752157-1001}/>. Context: Application, SystemIndex Catalog Details: The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)
Application	Error	100	2015-08-27 16:44:04		Application Error	1000: Faulting application name: svchost.exe_Wcmsvc, version: 10.0.10240.16384, time stamp: 0x559f38cb Faulting module name: SubscriptionMgr.dll, version: 10.0.10240.16425, time stamp: 0x55bec160 Exception code: 0xe0464645 Fault offset: 0x000000000000a7ef Faulting process id: 0x48c Faulting application start time: 0x01d0e0ce3a617286 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\SubscriptionMgr.dll Report Id: d2b8c538-0a4c-445c-a182-61e13f809e7c Faulting package full name: Faulting package-relative application ID:
Application	Error	None	2015-08-27 16:44:07		Software Protection Platform Service	8200: License acquisition failure details. hr=0xC004C003
Application	Error	None	2015-08-27 16:44:07		Software Protection Platform Service	1014: Acquisition of End User License failed. hr=0xC004C003 Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d
Application	Error	None	2015-08-27 16:44:15		Software Protection Platform Service	8200: License acquisition failure details. hr=0xC004C003
Application	Error	None	2015-08-27 16:44:15		Software Protection Platform Service	1014: Acquisition of End User License failed. hr=0xC004C003 Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d
Application	Error	None	2015-08-27 16:44:15		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0xC004E028 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=NetworkAvailable
Application	Error	None	2015-08-27 16:44:18		Software Protection Platform Service	8198: License Activation (slui.exe) failed with the following error code: hr=0xC004C003 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=NetworkAvailable
Application	Error	1	2015-08-27 16:44:39		ESENT	490: SettingSyncHost (6268) {FF293C80-59F1-4839-B025-E2C6199C04F4}: An attempt to open the file "C:\Users\galff\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Application	Error	3	2015-08-27 16:44:39		ESENT	455: SettingSyncHost (6268) {FF293C80-59F1-4839-B025-E2C6199C04F4}: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\galff\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log.
Application	Error	1	2015-08-27 16:44:50		ESENT	488: SettingSyncHost (6268) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Application	Error	3	2015-08-27 16:44:50		ESENT	413: SettingSyncHost (6268) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Application	Error	1	2015-08-27 16:45:00		ESENT	488: SettingSyncHost (6268) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Application	Error	3	2015-08-27 16:45:00		ESENT	413: SettingSyncHost (6268) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Application	Error	1	2015-08-27 16:45:11		ESENT	488: SettingSyncHost (6268) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Application	Error	3	2015-08-27 16:45:11		ESENT	413: SettingSyncHost (6268) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Application	Error	1	2015-08-27 16:45:21		ESENT	488: SettingSyncHost (6268) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Application	Error	3	2015-08-27 16:45:21		ESENT	413: SettingSyncHost (6268) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Application	Error	1	2015-08-27 16:45:31		ESENT	488: SettingSyncHost (6268) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Application	Error	3	2015-08-27 16:45:31		ESENT	413: SettingSyncHost (6268) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Application	Error	1	2015-08-27 16:45:42		ESENT	488: SettingSyncHost (6268) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Application	Error	3	2015-08-27 16:45:42		ESENT	413: SettingSyncHost (6268) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Application	Warning	None	2015-08-27 16:45:44		Software Protection Platform Service	1058: Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004E016
Application	Error	1	2015-08-27 16:45:55		ESENT	488: SettingSyncHost (6268) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Application	Error	3	2015-08-27 16:45:58		ESENT	413: SettingSyncHost (6268) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Application	Error	1	2015-08-27 16:46:10		ESENT	488: SettingSyncHost (6268) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Application	Error	3	2015-08-27 16:46:10		ESENT	413: SettingSyncHost (6268) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Application	Error	1	2015-08-27 16:46:21		ESENT	488: SettingSyncHost (6268) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Application	Error	3	2015-08-27 16:46:21		ESENT	413: SettingSyncHost (6268) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Application	Error	1	2015-08-27 16:46:31		ESENT	488: SettingSyncHost (6268) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Application	Error	3	2015-08-27 16:46:31		ESENT	413: SettingSyncHost (6268) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Application	Warning	None	2015-08-27 17:05:46		Software Protection Platform Service	1058: Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004E016
Application	Warning	None	2015-08-27 17:15:08		Software Protection Platform Service	1058: Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004E016
Application	Warning	None	2015-08-27 17:52:19		Software Protection Platform Service	1058: Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004E016
Security	Audit Success	12544	2015-08-20 20:03:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-20 20:03:35		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13312	2015-08-21 00:25:04		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x150 New Process Name: ??????????????-??6?4?????? ? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????4 Process Command Line: ?????? ? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-08-21 00:25:04		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x15c New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x150 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13573	2015-08-21 00:25:04		Microsoft-Windows-Security-Auditing	4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
Security	Audit Success	13312	2015-08-21 00:25:06		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1c4 New Process Name: ??????????????-??6??0?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x150 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-08-21 00:25:10		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1fc New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1c4 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	12288	2015-08-21 00:25:11		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12544	2015-08-21 00:25:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 00:25:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-21 00:25:11		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13312	2015-08-21 00:25:11		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x240 New Process Name: ??????????????-??6??0?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x150 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-08-21 00:25:11		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x248 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1c4 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-08-21 00:25:11		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x250 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x240 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-08-21 00:25:11		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x29c New Process Name: ????????????????-??6??0?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x240 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-08-21 00:25:11		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2d4 New Process Name: ????????????????-??6??8?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x248 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-08-21 00:25:11		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2e8 New Process Name: ????????????????-??6??8?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x248 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-08-21 00:25:11		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2f8 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x248 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13568	2015-08-21 00:25:11		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x923a
Security	Audit Success	12544	2015-08-21 00:25:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 00:25:12		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-08-21 00:25:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1060e Linked Logon ID: 0x10620 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 00:25:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x10620 Linked Logon ID: 0x1060e Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 00:25:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 00:25:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-21 00:25:12		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-21 00:25:12		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1060e Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-21 00:25:12		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x10620 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12548	2015-08-21 00:25:12		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-21 00:25:12		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-08-21 00:25:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-21 00:25:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	101	2015-08-21 00:25:18		Microsoft-Windows-Eventlog	1101: Audit events have been dropped by the transport. 0
Security	Audit Success	12544	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-544 Account Domain: Builtin Old Account Name: Administrators New Account Name: Administrators Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-545 Account Domain: Builtin Old Account Name: Users New Account Name: Users Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-546 Account Domain: Builtin Old Account Name: Guests New Account Name: Guests Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-558 Account Domain: Builtin Old Account Name: Performance Monitor Users New Account Name: Performance Monitor Users Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-559 Account Domain: Builtin Old Account Name: Performance Log Users New Account Name: Performance Log Users Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-562 Account Domain: Builtin Old Account Name: Distributed COM Users New Account Name: Distributed COM Users Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-568 Account Domain: Builtin Old Account Name: IIS_IUSRS New Account Name: IIS_IUSRS Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-573 Account Domain: Builtin Old Account Name: Event Log Readers New Account Name: Event Log Readers Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-580 Account Domain: Builtin Old Account Name: Remote Management Users New Account Name: Remote Management Users Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-581 Account Domain: Builtin Old Account Name: System Managed Accounts Group New Account Name: System Managed Accounts Group Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: Administrator Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x211 New UAC Value: 0x211 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: Administrator Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x211 New UAC Value: 0x211 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: Guest Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x215 New UAC Value: 0x215 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: Guest Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x215 New UAC Value: 0x215 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: DefaultAccount Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x215 New UAC Value: 0x215 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: DefaultAccount Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x215 New UAC Value: 0x215 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-513 Account Domain: LAPTOP-5DNN8R19 Old Account Name: None New Account Name: None Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Changed Attributes: SAM Account Name: Administrators SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Changed Attributes: SAM Account Name: Users SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Changed Attributes: SAM Account Name: Guests SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-558 Group Name: Performance Monitor Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-558 Group Name: Performance Monitor Users Group Domain: Builtin Changed Attributes: SAM Account Name: Performance Monitor Users SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-559 Group Name: Performance Log Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-559 Group Name: Performance Log Users Group Domain: Builtin Changed Attributes: SAM Account Name: Performance Log Users SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-562 Group Name: Distributed COM Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-562 Group Name: Distributed COM Users Group Domain: Builtin Changed Attributes: SAM Account Name: Distributed COM Users SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-568 Group Name: IIS_IUSRS Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-568 Group Name: IIS_IUSRS Group Domain: Builtin Changed Attributes: SAM Account Name: IIS_IUSRS SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-573 Group Name: Event Log Readers Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-573 Group Name: Event Log Readers Group Domain: Builtin Changed Attributes: SAM Account Name: Event Log Readers SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-580 Group Name: Remote Management Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-580 Group Name: Remote Management Users Group Domain: Builtin Changed Attributes: SAM Account Name: Remote Management Users SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-581 Group Name: System Managed Accounts Group Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-581 Group Name: System Managed Accounts Group Group Domain: Builtin Changed Attributes: SAM Account Name: System Managed Accounts Group SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4737: A security-enabled global group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-21-1877548631-935440309-1602752157-513 Group Name: None Group Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:18		Microsoft-Windows-Security-Auditing	4737: A security-enabled global group was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-21-1877548631-935440309-1602752157-513 Group Name: None Group Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: None SID History: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-08-21 00:25:19		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-21 00:25:19		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-08-21 00:25:19		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x49c Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-08-21 00:25:19		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x530 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12544	2015-08-21 00:25:20		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 00:25:20		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-21 00:25:20		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-21 00:25:20		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12292	2015-08-21 00:25:24		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12544	2015-08-21 00:25:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 00:25:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 00:25:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x31193 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-21 00:25:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-21 00:25:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12292	2015-08-21 00:25:26		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	13568	2015-08-21 00:25:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Temp\winre\ExtractedFromWim Handle ID: 0x978 Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Failure	12290	2015-08-21 00:25:27		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-21 00:25:27		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-21 00:25:28		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-21 00:25:28		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-21 00:25:32		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-21 00:25:43		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-21 00:25:56		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12544	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19 Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x57c2b Linked Logon ID: 0x57c51 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe Network Information: Workstation Name: LAPTOP-OMGARQRN Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x57c51 Linked Logon ID: 0x57c2b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe Network Information: Workstation Name: LAPTOP-OMGARQRN Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x57c51 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x57c2b Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x57c2b Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4720: A user account was created. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 New Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19 Attributes: SAM Account Name: defaultuser0 Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 Allowed To Delegate To: - Old UAC Value: 0x0 New UAC Value: 0x15 User Account Control: %%2080 %%2082 %%2084 User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges -
Security	Audit Success	13824	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4722: A user account was enabled. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19
Security	Audit Success	13824	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: defaultuser0 Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x15 New UAC Value: 0x14 User Account Control: %%2048 User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: defaultuser0 Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: 8/21/2015 12:25:57 AM Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x14 New UAC Value: 0x14 User Account Control: - User Parameters: - SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4724: An attempt was made to reset an account's password. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19
Security	Audit Success	13824	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: defaultuser0 Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: 8/21/2015 12:25:57 AM Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x14 New UAC Value: 0x214 User Account Control: %%2089 User Parameters: - SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4724: An attempt was made to reset an account's password. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: defaultuser0 Account Domain: LAPTOP-5DNN8R19
Security	Audit Success	13826	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4728: A member was added to a security-enabled global group. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: - Group: Security ID: S-1-5-21-1877548631-935440309-1602752157-513 Group Name: None Group Domain: LAPTOP-5DNN8R19 Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4732: A member was added to a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: - Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe
Security	Audit Success	13826	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe
Security	Audit Success	13826	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4732: A member was added to a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: - Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe
Security	Audit Success	13826	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe
Security	Audit Success	13826	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe
Security	Audit Success	13826	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe
Security	Audit Success	13826	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe
Security	Audit Success	13826	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4733: A member was removed from a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-1877548631-935440309-1602752157-1000 Account Name: - Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe
Security	Audit Success	13826	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\oobe\msoobe.exe
Security	Audit Success	13826	2015-08-21 00:25:57		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x530 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Failure	12290	2015-08-21 00:26:04		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-21 00:26:13		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12544	2015-08-21 00:26:15		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-21 00:26:15		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-08-21 00:26:16		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-OMGARQRN$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xc74 Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	12544	2015-08-21 01:26:45		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x150 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-08-21 01:26:45		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0xb63363 Linked Logon ID: 0xb6339d Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x150 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 01:26:45		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0xb6339d Linked Logon ID: 0xb63363 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x150 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 01:26:45		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2f4 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-08-21 01:26:45		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0xb63700 Linked Logon ID: 0xb63868 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 01:26:45		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0xb63868 Linked Logon ID: 0xb63700 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-08-21 01:26:45		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0xb6339d Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-08-21 01:26:45		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0xb63363 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-08-21 01:26:45		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0xb63868 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-08-21 01:26:45		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0xb63700 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-08-21 01:26:45		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0xb63363 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-21 01:26:45		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0xb63700 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-08-21 01:26:45		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - Display Name: G�lffy Csaba User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-21 01:26:45		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - Display Name: G�lffy Csaba User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-08-21 01:27:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-08-21 01:27:12		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x19cbb1 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12548	2015-08-21 01:27:12		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-08-21 01:27:23		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntdll.dll Handle ID: 0x3c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:23		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntoskrnl.exe Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:23		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\storport.sys Handle ID: 0x40 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:23		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\ntdll.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:23		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:23		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:23		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_21ffbdd2a2dd92e0.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:23		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_speech_onecore_common_3ac1627a1b848769.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:23		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_oobe_1bf24c07bb30ce37.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:23		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_en-us_9e576ab077991fe8.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:23		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_dism_1bf2381fbb30eb13.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:23		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_0307ca33e1cd9708.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:23		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsappthreshold_0b97cbddb6bef8ee.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:23		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.logon_ed8ece16fb61b4e6.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:23		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_windowsfeedback_cw5n1h2txyewy_e32424584539397a.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:23		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_shellexperiencehost_cw5n1h2txyewy_e21c90d9487ed242.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:23		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_2d6b8920d3f31e0d.cdf-ms Handle ID: 0x44 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:23		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_views_a56f518aba6f0a4b.cdf-ms Handle ID: 0x44 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:23		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.contentdeliverymanager_cw5n1h2txyewy_6369fdd3e5ab0989.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:23		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_43d095bdcce4e130.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:23		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.lockapp_cw5n1h2txyewy_6f26550558264bb4.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:23		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.bioenrollment_cw5n1h2txyewy_0e6f6a5d1f5a1430.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:23		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.aad.brokerplugin_cw5n1h2txyewy_d48a5fb790740a92.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:23		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_contactsupport_cw5n1h2txyewy_9f20cf1a0d04fca1.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_winbioplugins_071a28c5b510fb6a.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_systemresetplatform_14fecc2716acccef.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_ppdlic_0f09ba294211a24b.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_speech_onecore_common_60bf750299e8ab15.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_oobe_06655c95df2fa06f.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migration_927a21df1acd7c18.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_drivers_dc1b782427b5ee1b.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_drivers_umdf_a531b5dc588477d3.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_drivers_en-us_4bb913fc5eb96bcf.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_dism_066548addf2fbd4b.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_boot_06654401df2fc50e.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_appraiser_59bebec9f06db09b.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_resources_fbee56ab048ab239.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_resources_themes_4d0d4910e83c2273.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_resources_themes_aero_3fd78bf4cb5fa2c4.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_purchasedialog_bf454dd5e78ab123.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_provisioning_cc9458acec1840ff.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_083d4e330e766c5d.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_46321ba736a30085.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v3.0_d97e7188b51e6116.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v3.0_wpf_f80a7f17f38f3771.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_83386eac0379231b.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_c40c7a995ddd757b.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v3.0_wpf_b56a2354fbfa0c31.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_immersivecontrolpanel_1e6ccf0e6a91b570.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_globalization_0fc22903a221b67f.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_globalization_sorting_04883de290c6ef1b.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_devicesflow_a24e4906c4ce494f.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_40104b85a18bfcb2.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_pcat_0f8924c0debe64e4.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_efi_0f890f82be247f42.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_apppatch_apppatch64_e39bab3b20714e20.cdf-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_fe5c6d762edd2110.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_user_account_pictures_eceaafe818cb6141.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86__676bbe2c7241b694.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_reference_assemblies_41115a5fd4566dab.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_reference_assemblies_microsoft_ad470207ad610db1.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_reference_assemblies_microsoft_framework_b81ea2cfde84fb19.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_reference_assemblies_microsoft_framework_v3.0_1dfad1527dc1078c.cdf-ms Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_internet_explorer_cafab575245eacb0.cdf-ms Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_dfa3680ec228c528.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_microsoft_shared_635c287ec97ec0a5.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_microsoft_shared_vgx_9d0cc8bc56d58860.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_reference_assemblies_f89c5a39d351281a.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_reference_assemblies_microsoft_a4ba21b6f468ca9e.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_reference_assemblies_microsoft_framework_61efdd9e2d0263ca.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_reference_assemblies_microsoft_framework_v3.0_44577d982216c291.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_internet_explorer_a421d1bfaf856e2b.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_vgx_3c86fd9f0b3afd9b.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\ProgramData\Microsoft\User Account Pictures\guest.bmp Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\ProgramData\Microsoft\User Account Pictures\user.bmp Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\explorer.exe Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\AppPatch\drvmain.sdb Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\AppPatch\sysmain.sdb Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\AppPatch\apppatch64\sysmain.sdb Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\DevicesFlow\DevicesFlowUI.dll Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:24		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MbaeApiPublic.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MbaeParserTask.exe Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfcore.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MFMediaEngine.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfplat.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfps.dll Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfsvr.dll Handle ID: 0x68 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mshtml.dll Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mssprxy.dll Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mssrch.dll Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetworkMobileSettings.dll Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OneDriveSettingSyncProvider.dll Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdbui.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RDXService.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ReAgent.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RemoteNaturalLanguage.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SearchProtocolHost.exe Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Notifications.dll Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll Handle ID: 0x40 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppXDeploymentClient.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppXDeploymentExtensions.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppXDeploymentServer.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\atmfd.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\atmlib.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Chakra.dll Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cloudAP.dll Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\diagtrack.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\diagtrack_win.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\diagtrack_wininternal.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\directmanipulation.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dwmcore.dll Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\edgehtml.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\enterprisecsps.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fontdrvhost.exe Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GamePanel.exe Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iertutil.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputService.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LocationFramework.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LocationFrameworkInternalPS.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LocationGeofences.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LocationPermissions.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LockAppHost.exe Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:25		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MbaeApi.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\syncutil.dll Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sysmain.dll Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tetheringclient.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tetheringservice.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TextInputFramework.dll Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tquery.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UIAutomationCore.dll Handle ID: 0x78 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UserMgrProxy.dll Handle ID: 0x78 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wcmsvc.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wifinetworkmanager.dll Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\win32kbase.sys Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\win32kfull.sys Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.Store.dll Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll Handle ID: 0x4c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Logon.dll Handle ID: 0x34 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Xaml.dll Handle ID: 0x74 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlidsvc.dll Handle ID: 0x74 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuautoappupdate.dll Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wwansvc.dll Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser\appraiser.sdb Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\ppdlic\explorer-ppdlic.xrm-ms Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceRecognitionEngineAdapter.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceRecognitionSensorAdapter.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AddressBand.xbf Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eModel.dll Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eView.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\F12App2.dll Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\HubPanel.xbf Handle ID: 0x50 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\BingIdentityManagerInternal.dll Handle ID: 0x34 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CGSVCBackgroundTask.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.AppToApp.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.winmd Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.ContactPermissions.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.IntentExtraction.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Reminders.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.SmartExtraction.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Sync.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.UI.winmd Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaSpeechux.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PPIVoiceAgents.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ReactiveAgentsCommon.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SAPIBackgroundTask.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe Handle ID: 0x34 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\tws.dll Handle ID: 0x34 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\VoiceAgentsCommon.dll Handle ID: 0x34 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\BatteryFlyoutExperience.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ClockFlyoutExperience.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\DevicesFlowUI.dll Handle ID: 0x34 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\JumpviewUI.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\NetworkUX.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickConnectUI.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\resources.pri Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\StartUI.dll Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.ActionCenter.dll Handle ID: 0x34 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.Logon\Windows.UI.Logon.pri Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\AppXDeploymentClient.dll Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\atmfd.dll Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:26		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\atmlib.dll Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\Chakra.dll Handle ID: 0x74 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\directmanipulation.dll Handle ID: 0x78 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\dwmcore.dll Handle ID: 0x78 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\edgehtml.dll Handle ID: 0x78 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\explorer.exe Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\fontdrvhost.exe Handle ID: 0x48 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\GamePanel.exe Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\iertutil.dll Handle ID: 0x78 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\InputService.dll Handle ID: 0x78 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\LockAppHost.exe Handle ID: 0x78 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\MbaeApi.dll Handle ID: 0x78 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\MbaeApiPublic.dll Handle ID: 0x78 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\mfcore.dll Handle ID: 0x78 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\MFMediaEngine.dll Handle ID: 0x78 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\mfplat.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\mfsvr.dll Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\mshtml.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\mssrch.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\OneDriveSettingSyncProvider.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\ReAgent.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\ReInfo.dll Handle ID: 0x58 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\RemoteNaturalLanguage.dll Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\SearchProtocolHost.exe Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\tetheringclient.dll Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\TextInputFramework.dll Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\tquery.dll Handle ID: 0x64 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\UIAutomationCore.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\UserMgrProxy.dll Handle ID: 0x5c Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\Windows.ApplicationModel.Store.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\Windows.ApplicationModel.Store.TestingFramework.dll Handle ID: 0x30 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\Windows.UI.Core.TextInput.dll Handle ID: 0x34 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\Windows.UI.Logon.dll Handle ID: 0x34 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-08-21 01:27:27		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\syswow64\Windows.UI.Xaml.dll Handle ID: 0x68 Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	103	2015-08-21 01:28:16		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.
Security	Audit Success	13312	2015-08-21 01:28:34		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x140 New Process Name: ??????????????-??6?4?????? ? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????4 Process Command Line: ?????? ? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-08-21 01:28:34		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x14c New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x140 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13573	2015-08-21 01:28:34		Microsoft-Windows-Security-Auditing	4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
Security	Audit Success	13312	2015-08-21 01:28:35		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1ac New Process Name: ??????????????-??6??0?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x140 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-08-21 01:28:46		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x200 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1ac Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-08-21 01:28:49		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x248 New Process Name: ??????????????-??6??0?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x140 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-08-21 01:28:49		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x250 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1ac Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-08-21 01:28:49		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x258 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x248 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-08-21 01:28:49		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x29c New Process Name: ????????????????-??6??8?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x248 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	12288	2015-08-21 01:28:50		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12544	2015-08-21 01:28:50		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	13312	2015-08-21 01:28:50		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2d0 New Process Name: ????????????????-??6??0?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x250 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-08-21 01:28:50		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2d8 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x250 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13568	2015-08-21 01:28:50		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x8ba9
Security	Audit Success	12544	2015-08-21 01:28:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 01:28:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 01:28:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 01:28:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-21 01:28:51		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-21 01:28:51		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-21 01:28:51		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-21 01:28:51		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-08-21 01:28:52		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-08-21 01:28:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x12f2b Linked Logon ID: 0x12f5b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 01:28:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x12f5b Linked Logon ID: 0x12f2b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 01:28:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 01:28:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-21 01:28:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x12f2b Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-21 01:28:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x12f5b Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12548	2015-08-21 01:28:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-21 01:28:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-08-21 01:28:52		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12544	2015-08-21 01:28:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-21 01:28:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12292	2015-08-21 01:28:57		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12544	2015-08-21 01:28:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 01:28:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 01:28:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 01:28:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x28156 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-21 01:28:58		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-21 01:28:58		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-21 01:28:58		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-08-21 01:28:58		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x61c Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12292	2015-08-21 01:29:00		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2015-08-21 01:29:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-21 01:29:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-08-21 01:29:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-21 01:29:03		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-08-21 01:29:19		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 01:29:19		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-21 01:29:19		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-21 01:29:19		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-08-21 01:29:19		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x370 Process Information: Process ID: 0x534 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16384_none_115fd2f761f7c508\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:29:19		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x4f4 Process Information: Process ID: 0x534 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16384_none_115fd2f761f7c508\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:29:19		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_fc2045b9046cc796.cdf-ms Handle ID: 0x57c Process Information: Process ID: 0x534 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16384_none_115fd2f761f7c508\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-21 01:29:19		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_version_10.0.10240.16445_3c992a32fa8cfc96.cdf-ms Handle ID: 0x4f4 Process Information: Process ID: 0x534 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16384_none_115fd2f761f7c508\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13826	2015-08-21 01:29:19		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xc34 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-08-21 01:29:19		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xc34 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-08-21 01:29:19		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xc34 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-08-21 01:29:19		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xc34 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13824	2015-08-21 01:29:20		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x484 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	12544	2015-08-21 01:29:36		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-08-21 01:29:36		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x781a7 Linked Logon ID: 0x781d7 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 01:29:36		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x781d7 Linked Logon ID: 0x781a7 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 01:29:36		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-08-21 01:29:36		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x7840b Linked Logon ID: 0x78433 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 01:29:36		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x78433 Linked Logon ID: 0x7840b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-08-21 01:29:36		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x78433 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-08-21 01:29:36		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x7840b Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-08-21 01:29:36		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x781a7 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-21 01:29:36		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x7840b Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-08-21 01:29:36		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - Display Name: G�lffy Csaba User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-21 01:29:36		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - Display Name: G�lffy Csaba User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-21 01:29:36		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-08-21 01:29:45		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Failure	12290	2015-08-21 01:29:47		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-21 01:29:47		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12544	2015-08-21 01:29:47		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-21 01:29:47		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-08-21 01:29:47		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1510 Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	12544	2015-08-21 01:31:55		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-21 01:31:55		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-08-21 01:44:00		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12544	2015-08-21 01:51:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 01:51:46		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-08-21 01:51:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1eba84 Linked Logon ID: 0x1ebb3a Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 01:51:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1ebb3a Linked Logon ID: 0x1eba84 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-08-21 01:51:46		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x12f5b Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-08-21 01:51:46		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x12f2b Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-08-21 01:51:46		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-21 01:51:46		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1eba84 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-21 01:51:46		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1ebb3a Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12544	2015-08-21 01:52:20		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-08-21 01:52:20		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1f1fc9 Linked Logon ID: 0x1f20b4 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 01:52:20		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1f20b4 Linked Logon ID: 0x1f1fc9 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-21 01:52:20		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1f1fc9 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-21 01:52:20		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1f20b4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Failure	12290	2015-08-21 01:52:43		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-21 01:52:43		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12544	2015-08-21 02:12:10		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 02:12:10		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-08-21 02:12:10		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x24f97e Linked Logon ID: 0x24fb90 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 02:12:10		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x24fb90 Linked Logon ID: 0x24f97e Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x29c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-08-21 02:12:10		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1f20b4 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-08-21 02:12:10		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1f1fc9 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-08-21 02:12:10		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-21 02:12:10		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x24f97e Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-21 02:12:10		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x24fb90 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	13824	2015-08-21 02:20:37		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xf08 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-08-21 02:21:08		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xf08 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-08-21 02:24:12		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xf08 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-08-21 02:27:58		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xf08 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-08-21 03:41:54		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xf08 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	12544	2015-08-21 11:42:18		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-08-21 11:42:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x2f53ec Linked Logon ID: 0x2f5426 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 11:42:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x2f5426 Linked Logon ID: 0x2f53ec Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 11:42:18		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-08-21 11:42:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x2f5790 Linked Logon ID: 0x2f5812 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-21 11:42:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x2f5812 Linked Logon ID: 0x2f5790 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-08-21 11:42:18		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x2f5426 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-08-21 11:42:18		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x2f53ec Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-08-21 11:42:18		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x2f5812 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-08-21 11:42:18		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x2f5790 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-08-21 11:42:18		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x2f53ec Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-21 11:42:18		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x2f5790 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-08-21 11:42:18		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - Display Name: G�lffy Csaba User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-21 11:42:18		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - Display Name: G�lffy Csaba User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-08-21 11:57:08		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-21 11:57:08		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-08-21 12:10:07		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x138c Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-08-21 12:17:16		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x138c Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-08-21 12:21:16		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x138c Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-08-21 12:25:16		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x138c Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-08-21 12:28:00		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x138c Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-08-21 12:40:23		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x138c Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Failure	12290	2015-08-21 16:08:36		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-21 16:08:36		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-21 19:48:42		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-21 19:48:43		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-21 21:03:51		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-21 21:03:51		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-21 23:47:05		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-21 23:47:05		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-22 00:25:39		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-22 00:25:39		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12544	2015-08-22 00:25:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-22 00:25:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-08-22 00:25:52		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-08-22 00:25:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x468349 Linked Logon ID: 0x468383 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-22 00:25:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x468383 Linked Logon ID: 0x468349 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-22 00:25:52		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-08-22 00:25:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x4688c0 Linked Logon ID: 0x468a7d Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-22 00:25:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x468a7d Linked Logon ID: 0x4688c0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-08-22 00:25:52		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x468383 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-08-22 00:25:52		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x468349 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-08-22 00:25:52		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x468a7d Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-08-22 00:25:52		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x4688c0 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-08-22 00:25:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x468349 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-22 00:25:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x4688c0 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-08-22 00:25:52		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - Display Name: G�lffy Csaba User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-22 00:25:52		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - Display Name: G�lffy Csaba User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Failure	12290	2015-08-22 00:56:49		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-22 00:56:49		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-22 01:29:39		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-22 01:29:39		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	13824	2015-08-22 01:45:08		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x1ffc Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-08-22 01:46:36		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x1ffc Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-08-22 01:48:26		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x1ffc Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	12544	2015-08-22 01:48:39		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-08-22 01:48:39		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x5743b6 Linked Logon ID: 0x5743f0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-22 01:48:39		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x5743f0 Linked Logon ID: 0x5743b6 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-22 01:48:39		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-08-22 01:48:39		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x57483f Linked Logon ID: 0x57488e Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-22 01:48:39		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x57488e Linked Logon ID: 0x57483f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-08-22 01:48:39		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x5743f0 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-08-22 01:48:39		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x5743b6 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-08-22 01:48:39		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x57488e Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-08-22 01:48:39		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x57483f Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-08-22 01:48:39		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x5743b6 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-22 01:48:39		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x57483f Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-08-22 01:48:39		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - Display Name: G�lffy Csaba User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-22 01:48:39		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - Display Name: G�lffy Csaba User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-08-22 02:15:13		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xd00 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-08-22 04:01:02		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xd00 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-08-22 04:04:14		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xd00 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-08-22 04:05:14		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xd00 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-08-22 04:12:13		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xd00 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Failure	12290	2015-08-22 13:14:47		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-22 13:14:47		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12544	2015-08-22 13:15:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-22 13:15:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-08-22 13:16:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-22 13:16:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-08-22 13:18:08		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-22 13:18:08		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-08-22 13:18:10		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-22 13:18:10		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-08-22 15:46:27		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-22 15:46:28		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-22 16:28:05		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-22 16:28:05		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-22 19:04:14		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-22 19:04:14		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-23 00:25:09		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-23 00:25:09		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-23 06:24:29		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-23 06:24:29		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-23 09:14:09		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-23 09:14:21		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-23 11:45:50		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-23 11:45:50		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-23 13:21:58		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-23 13:21:58		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12544	2015-08-23 13:22:01		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-23 13:22:01		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-08-23 15:38:05		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-23 15:38:05		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-23 17:09:46		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-23 17:09:46		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-23 18:18:47		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-23 18:18:47		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-23 19:54:50		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-23 19:54:50		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-23 21:05:15		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-23 21:05:16		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-23 22:17:52		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-23 22:17:52		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-24 06:49:01		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-24 06:49:01		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-24 20:00:56		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-24 20:00:56		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	13312	2015-08-27 16:42:13		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x148 New Process Name: ??????????????-??6?4?????? ? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????4 Process Command Line: ?????? ? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-08-27 16:42:13		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x154 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x148 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13573	2015-08-27 16:42:13		Microsoft-Windows-Security-Auditing	4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
Security	Audit Success	13312	2015-08-27 16:42:21		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1d0 New Process Name: ??????????????-??6??8?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x148 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-08-27 16:42:28		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x208 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1d0 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-08-27 16:42:29		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x24c New Process Name: ??????????????-??6??8?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x148 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-08-27 16:42:29		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x254 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1d0 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-08-27 16:42:29		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x260 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x24c Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-08-27 16:42:29		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2ac New Process Name: ????????????????-??6??c?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x24c Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	12288	2015-08-27 16:42:30		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12544	2015-08-27 16:42:30		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	13312	2015-08-27 16:42:30		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2e0 New Process Name: ????????????????-??6??4?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x254 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-08-27 16:42:30		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2f4 New Process Name: ????????????????-??6??4?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x254 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-08-27 16:42:30		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2fc New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x254 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13568	2015-08-27 16:42:30		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x9020
Security	Audit Success	12544	2015-08-27 16:42:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-27 16:42:31		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-08-27 16:42:32		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-27 16:42:32		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-08-27 16:42:33		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2ac Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-08-27 16:42:33		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1032f Linked Logon ID: 0x10359 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2ac Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-27 16:42:33		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x10359 Linked Logon ID: 0x1032f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2ac Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-27 16:42:33		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-27 16:42:33		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-27 16:42:33		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-27 16:42:33		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1032f Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-27 16:42:33		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x10359 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12548	2015-08-27 16:42:33		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-27 16:42:33		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-27 16:42:33		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	101	2015-08-27 16:42:35		Microsoft-Windows-Eventlog	1101: Audit events have been dropped by the transport. 0
Security	Audit Success	13826	2015-08-27 16:42:35		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x184 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12544	2015-08-27 16:42:36		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-27 16:42:36		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12292	2015-08-27 16:42:43		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12544	2015-08-27 16:42:44		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-27 16:42:44		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-27 16:42:44		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-27 16:42:44		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x29047 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-27 16:42:44		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-27 16:42:44		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-27 16:42:44		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-08-27 16:42:44		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x640 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13824	2015-08-27 16:42:45		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xf4 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	12292	2015-08-27 16:42:54		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2015-08-27 16:43:05		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x184 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-08-27 16:43:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x34997 Linked Logon ID: 0x349c9 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x184 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-27 16:43:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x349c9 Linked Logon ID: 0x34997 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x184 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-27 16:43:05		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x34997 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-08-27 16:43:05		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - Display Name: G�lffy Csaba User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-08-27 16:43:06		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2fc Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-08-27 16:43:06		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x34c47 Linked Logon ID: 0x34c6f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2fc Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-27 16:43:06		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x34c6f Linked Logon ID: 0x34c47 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2fc Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: LAPTOP-5DNN8R19 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-08-27 16:43:06		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34c6f Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-08-27 16:43:06		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34c47 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-08-27 16:43:06		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galffycsaba@gmail.com Account Domain: MicrosoftAccount Logon ID: 0x34c47 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-08-27 16:43:06		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Changed Attributes: SAM Account Name: - Display Name: G�lffy Csaba User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-08-27 16:43:06		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x184 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12544	2015-08-27 16:43:07		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-27 16:43:07		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-08-27 16:43:09		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-27 16:43:10		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	13826	2015-08-27 16:43:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x184 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12544	2015-08-27 16:43:19		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-27 16:43:19		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-08-27 16:43:23		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x12dc Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	12544	2015-08-27 16:44:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-27 16:44:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-08-27 16:44:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-27 16:44:04		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-08-27 16:52:57		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-27 16:52:58		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-27 17:02:27		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-27 17:02:27		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-27 17:02:28		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-27 17:02:28		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	13824	2015-08-27 17:11:36		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x349c9 Additional Information: Caller Workstation: LAPTOP-5DNN8R19 Target Account Name: Administrator Target Account Domain: LAPTOP-5DNN8R19
Security	Audit Success	13824	2015-08-27 17:11:36		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x349c9 Additional Information: Caller Workstation: LAPTOP-5DNN8R19 Target Account Name: DefaultAccount Target Account Domain: LAPTOP-5DNN8R19
Security	Audit Success	13824	2015-08-27 17:11:36		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x349c9 Additional Information: Caller Workstation: LAPTOP-5DNN8R19 Target Account Name: Guest Target Account Domain: LAPTOP-5DNN8R19
Security	Audit Success	13824	2015-08-27 17:11:36		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x349c9 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xe64 Process Name: C:\Windows\explorer.exe
Security	Audit Success	13824	2015-08-27 17:11:36		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x349c9 Additional Information: Caller Workstation: LAPTOP-5DNN8R19 Target Account Name: Administrator Target Account Domain: LAPTOP-5DNN8R19
Security	Audit Success	13824	2015-08-27 17:11:36		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x349c9 Additional Information: Caller Workstation: LAPTOP-5DNN8R19 Target Account Name: DefaultAccount Target Account Domain: LAPTOP-5DNN8R19
Security	Audit Success	13824	2015-08-27 17:11:36		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x349c9 Additional Information: Caller Workstation: LAPTOP-5DNN8R19 Target Account Name: Guest Target Account Domain: LAPTOP-5DNN8R19
Security	Audit Success	13824	2015-08-27 17:11:36		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x349c9 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0xe64 Process Name: C:\Windows\explorer.exe
Security	Audit Failure	12290	2015-08-27 17:11:37		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-27 17:14:27		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	13824	2015-08-27 17:15:20		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:20		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:20		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:20		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:20		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:20		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:20		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:20		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13826	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13826	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-562 Group Name: Distributed COM Users Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13826	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-573 Group Name: Event Log Readers Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13826	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13826	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-568 Group Name: IIS_IUSRS Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13826	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-559 Group Name: Performance Log Users Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13826	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-558 Group Name: Performance Monitor Users Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13826	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-580 Group Name: Remote Management Users Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13826	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-581 Group Name: System Managed Accounts Group Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13826	2015-08-27 17:15:21		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Failure	12290	2015-08-27 17:24:00		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-27 17:24:01		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12544	2015-08-27 17:35:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-27 17:35:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-08-27 17:35:38		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-27 17:35:38		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-08-27 17:35:45		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x1868 Process Information: Process ID: 0x17c4 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16445_none_1161304761f67502\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	13568	2015-08-27 17:35:45		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x18e0 Process Information: Process ID: 0x17c4 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16445_none_1161304761f67502\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
Security	Audit Success	12288	2015-08-27 17:35:46		Microsoft-Windows-Security-Auditing	4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x478 Name: C:\Windows\System32\svchost.exe Previous Time: 2015-08-27T14:35:55.731530000Z New Time: 2015-08-27T14:35:46.950417600Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Security	Audit Success	12288	2015-08-27 17:35:46		Microsoft-Windows-Security-Auditing	4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x478 Name: C:\Windows\System32\svchost.exe Previous Time: 2015-08-27T14:35:46.954400700Z New Time: 2015-08-27T14:35:46.949000000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Security	Audit Success	12288	2015-08-27 17:35:46		Microsoft-Windows-Security-Auditing	4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x478 Name: C:\Windows\System32\svchost.exe Previous Time: 2015-08-27T14:35:46.948448200Z New Time: 2015-08-27T14:35:46.944000000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Security	Audit Success	12544	2015-08-27 17:35:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-08-27 17:35:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-27 17:35:46		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-08-27 17:35:46		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-08-27 17:35:46		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d00 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-08-27 17:35:46		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d00 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-08-27 17:35:46		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d00 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-08-27 17:35:46		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d00 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Failure	12290	2015-08-27 17:35:56		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-08-27 17:35:57		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12544	2015-08-27 17:45:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-27 17:45:12		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-08-27 17:45:13		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-08-27 17:45:13		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-08-27 17:45:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x514 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-08-27 17:45:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x514 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-08-27 17:45:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x514 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-08-27 17:45:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: LAPTOP-5DNN8R19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x514 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-500 Account Name: Administrator Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-501 Account Name: Guest Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-503 Account Name: DefaultAccount Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13824	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 User: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13826	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13826	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-562 Group Name: Distributed COM Users Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13826	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-573 Group Name: Event Log Readers Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13826	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13826	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-568 Group Name: IIS_IUSRS Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13826	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-559 Group Name: Performance Log Users Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13826	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-558 Group Name: Performance Monitor Users Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13826	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-580 Group Name: Remote Management Users Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13826	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-581 Group Name: System Managed Accounts Group Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
Security	Audit Success	13826	2015-08-27 17:52:31		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1877548631-935440309-1602752157-1001 Account Name: galff Account Domain: LAPTOP-5DNN8R19 Logon ID: 0x34997 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x15e8 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.exe
System	Error	None	2015-08-20 18:33:07	galff	DCOM	10010: The server {9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C} did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 00:25:01	SYSTEM	Microsoft-Windows-Kernel-Boot	16: The directory cannot be removed.
System	Warning	None	2015-08-21 00:25:10		ISH	1: Incorrect function.
System	Warning	212	2015-08-21 00:25:10	SYSTEM	Microsoft-Windows-Kernel-PnP	219: The driver \Driver\WudfRd failed to load for the device HID\Vid_8086&Pid_0001\6&2b15ee36&0&0000.
System	Warning	212	2015-08-21 00:25:10	SYSTEM	Microsoft-Windows-Kernel-PnP	219: The driver \Driver\WudfRd failed to load for the device HID\Vid_8086&Pid_0001\6&234d4d4&0&0000.
System	Warning	212	2015-08-21 00:25:10	SYSTEM	Microsoft-Windows-Kernel-PnP	219: The driver \Driver\WudfRd failed to load for the device HID\Vid_8086&Pid_0001\6&14ee8579&0&0000.
System	Warning	212	2015-08-21 00:25:10	SYSTEM	Microsoft-Windows-Kernel-PnP	219: The driver \Driver\WUDFRd failed to load for the device HID\Vid_8086&Pid_0002\6&39116f9a&0&0000.
System	Warning	212	2015-08-21 00:25:10	SYSTEM	Microsoft-Windows-Kernel-PnP	219: The driver \Driver\WUDFRd failed to load for the device HID\Vid_8086&Pid_8002\6&797b031&0&0000.
System	Error	None	2015-08-21 00:25:18		EventLog	6008: The previous system shutdown at 8:17:39 PM on ?8/?16/?2015 was unexpected.
System	Error	None	2015-08-21 00:25:18		BugCheck	1001: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xffffe0019adfec20, 0xffffd0018ee5bad0, 0xffffe0019b526b80). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082015-11031-01.
System	Warning	None	2015-08-21 00:25:19	LOCAL SERVICE	Microsoft-Windows-Time-Service	134: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
System	Warning	None	2015-08-21 00:25:20	LOCAL SERVICE	Microsoft-Windows-Time-Service	134: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
System	Error	None	2015-08-21 01:27:01		Service Control Manager	7031: The Sync Host_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
System	Error	None	2015-08-21 01:27:01		Service Control Manager	7031: The Contact Data_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
System	Error	None	2015-08-21 01:27:01		Service Control Manager	7031: The User Data Storage_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
System	Error	None	2015-08-21 01:27:01		Service Control Manager	7031: The User Data Access_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
System	Error	None	2015-08-21 01:27:11		Service Control Manager	7032: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_Session2 service, but this action failed with the following error: %%1056
System	Error	None	2015-08-21 01:27:11		Service Control Manager	7009: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_Session2 service to connect.
System	Error	None	2015-08-21 01:27:11		Service Control Manager	7009: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_Session2 service to connect.
System	Warning	None	2015-08-21 01:28:17	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	10002: WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll
System	Warning	None	2015-08-21 01:28:40		ISH	1: Incorrect function.
System	Warning	212	2015-08-21 01:28:46	SYSTEM	Microsoft-Windows-Kernel-PnP	219: The driver \Driver\WudfRd failed to load for the device HID\Vid_8086&Pid_0001\6&2b15ee36&0&0000.
System	Warning	212	2015-08-21 01:28:46	SYSTEM	Microsoft-Windows-Kernel-PnP	219: The driver \Driver\WudfRd failed to load for the device HID\Vid_8086&Pid_0001\6&234d4d4&0&0000.
System	Warning	212	2015-08-21 01:28:46	SYSTEM	Microsoft-Windows-Kernel-PnP	219: The driver \Driver\WudfRd failed to load for the device HID\Vid_8086&Pid_0001\6&14ee8579&0&0000.
System	Warning	212	2015-08-21 01:28:46	SYSTEM	Microsoft-Windows-Kernel-PnP	219: The driver \Driver\WUDFRd failed to load for the device HID\Vid_8086&Pid_0002\6&39116f9a&0&0000.
System	Warning	212	2015-08-21 01:28:46	SYSTEM	Microsoft-Windows-Kernel-PnP	219: The driver \Driver\WUDFRd failed to load for the device HID\Vid_8086&Pid_8002\6&797b031&0&0000.
System	Warning	None	2015-08-21 01:51:47		Display	4101: Display driver igfxLP stopped responding and has successfully recovered.
System	Warning	None	2015-08-21 01:52:21		Display	4101: Display driver igfxLP stopped responding and has successfully recovered.
System	Warning	None	2015-08-21 02:12:10		Display	4101: Display driver igfxLP stopped responding and has successfully recovered.
System	Error	None	2015-08-21 02:19:59	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:19:59	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:19:59	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:19:59	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:01	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:03	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:03	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:03	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:04	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:05	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:05	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:05	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:05	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:05	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:06	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:08	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:08	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:09	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:09	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:09	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:09	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:10	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:10	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:10	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:10	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:10	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:11	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:11	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:11	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:11	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:12	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:12	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:12	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:12	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:13	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:13	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:13	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:13	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:13	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:14	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:14	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:14	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:14	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:15	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:15	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:15	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:15	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:15	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:16	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:16	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:16	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:16	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:17	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:17	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:17	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:17	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:18	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:18	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:18	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:18	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:37	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:38	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:38	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:38	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:39	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:39	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:39	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:39	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:40	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:40	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:43	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:43	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:43	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:43	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:43	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:44	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:44	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:44	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:44	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:45	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:45	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:45	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:45	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:46	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:46	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:46	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:46	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:47	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:47	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:47	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:47	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:48	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:48	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:48	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:48	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:48	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:49	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:49	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:49	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:49	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:50	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:50	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:50	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:50	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:51	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:51	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:51	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:51	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:52	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:52	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:52	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:52	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:52	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:53	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:53	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:53	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:53	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:54	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:54	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:54	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:54	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:55	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:55	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:55	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:55	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:55	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:56	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:56	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:56	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:56	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:57	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:57	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:57	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:58	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:58	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:58	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:59	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:59	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:20:59	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:21:00	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:21:00	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:21:00	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:21:03	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:21:03	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:21:03	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:21:03	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:21:04	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:21:04	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:21:04	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:21:04	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:21:05	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:21:05	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:21:05	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:21:05	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:21:05	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:21:06	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:21:06	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:21:06	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:21:06	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:21:07	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:21:07	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:21:07	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:21:07	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 02:24:11	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 07:25:56	SYSTEM	DCOM	10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System	Warning	None	2015-08-21 11:57:09		Display	4101: Display driver igfxLP stopped responding and has successfully recovered.
System	Error	None	2015-08-21 12:09:48	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:48	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:48	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:48	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:49	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:49	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:49	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:49	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:49	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:50	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:50	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:50	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:50	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:51	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:51	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:51	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:51	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:51	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:52	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:52	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:52	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:52	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:53	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:53	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:53	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:53	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:54	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:54	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:54	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:54	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:54	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:55	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:55	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:55	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:55	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:56	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:56	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:56	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:56	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:56	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:57	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:57	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:57	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:57	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:58	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:58	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:58	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:58	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:59	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:59	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:59	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:09:59	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:00	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:00	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:00	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:00	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:00	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:01	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:01	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:01	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:01	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:02	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:02	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:02	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:02	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:03	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:03	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:03	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:03	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:04	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:04	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:04	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:04	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:05	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:05	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:05	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:05	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:05	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:06	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:06	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:06	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 12:10:06	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 16:48:04	SYSTEM	DCOM	10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 17:09:57	SYSTEM	DCOM	10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 21:52:48	SYSTEM	DCOM	10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System	Error	None	2015-08-21 22:12:28	SYSTEM	DCOM	10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System	Error	None	2015-08-22 01:29:40	NETWORK SERVICE	DCOM	10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
System	Error	None	2015-08-22 01:44:51	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-22 01:44:59	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-22 01:44:59	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-22 01:44:59	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-22 01:44:59	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-22 01:45:00	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-22 01:45:02	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-22 01:45:02	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-22 01:45:03	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-22 01:45:03	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-22 01:45:03	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-22 01:45:03	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-22 01:45:04	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-22 01:45:04	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-22 01:45:06	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-22 01:45:08	galff	DCOM	10010: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.
System	Error	None	2015-08-22 13:14:46		Service Control Manager	7023: The Data Sharing Service service terminated with the following error: %%3239247876
System	Error	None	2015-08-22 13:19:46		Service Control Manager	7023: The Data Sharing Service service terminated with the following error: %%3239247876
System	Error	None	2015-08-22 13:19:46		Service Control Manager	7023: The Data Sharing Service service terminated with the following error: %%3239247876
System	Error	None	2015-08-22 13:19:46		Service Control Manager	7023: The Data Sharing Service service terminated with the following error: %%3239247876
System	Error	None	2015-08-22 13:46:17	SYSTEM	DCOM	10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System	Error	None	2015-08-22 13:47:52	SYSTEM	DCOM	10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System	Error	None	2015-08-22 14:30:43	SYSTEM	DCOM	10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System	Error	None	2015-08-22 14:32:18	SYSTEM	DCOM	10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System	Error	None	2015-08-22 15:15:08	SYSTEM	DCOM	10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System	Error	None	2015-08-22 15:16:43	SYSTEM	DCOM	10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System	Error	None	2015-08-22 15:31:54	SYSTEM	DCOM	10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System	Error	None	2015-08-23 13:21:59	NETWORK SERVICE	DCOM	10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
System	Error	None	2015-08-23 18:30:18	SYSTEM	DCOM	10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System	Error	None	2015-08-23 23:36:52	SYSTEM	DCOM	10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System	Error	None	2015-08-24 04:39:42	SYSTEM	DCOM	10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System	Error	None	2015-08-25 04:30:24	SYSTEM	DCOM	10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
System	Warning	None	2015-08-26 23:40:43		HID_PCI	4: The system cannot open the file.
System	Warning	None	2015-08-26 23:40:43		HID_PCI	4: The system cannot open the file.
System	Warning	None	2015-08-26 23:40:43		HID_PCI	4: The system cannot open the file.
System	Warning	None	2015-08-26 23:40:43		HID_PCI	4: The system cannot open the file.
System	Warning	None	2015-08-26 23:40:43		HID_PCI	4: The system cannot open the file.
System	Error	None	2015-08-27 16:42:07	SYSTEM	Microsoft-Windows-Kernel-Boot	16: The directory cannot be removed.
System	Warning	None	2015-08-27 16:42:26		ISH	1: Incorrect function.
System	Warning	212	2015-08-27 16:42:27	SYSTEM	Microsoft-Windows-Kernel-PnP	219: The driver \Driver\WudfRd failed to load for the device HID\Vid_8086&Pid_0001\6&2b15ee36&0&0000.
System	Warning	212	2015-08-27 16:42:27	SYSTEM	Microsoft-Windows-Kernel-PnP	219: The driver \Driver\WudfRd failed to load for the device HID\Vid_8086&Pid_0001\6&234d4d4&0&0000.
System	Warning	212	2015-08-27 16:42:27	SYSTEM	Microsoft-Windows-Kernel-PnP	219: The driver \Driver\WudfRd failed to load for the device HID\Vid_8086&Pid_0001\6&14ee8579&0&0000.
System	Warning	212	2015-08-27 16:42:27	SYSTEM	Microsoft-Windows-Kernel-PnP	219: The driver \Driver\WUDFRd failed to load for the device HID\Vid_8086&Pid_0002\6&39116f9a&0&0000.
System	Warning	212	2015-08-27 16:42:27	SYSTEM	Microsoft-Windows-Kernel-PnP	219: The driver \Driver\WUDFRd failed to load for the device HID\Vid_8086&Pid_8002\6&797b031&0&0000.
System	Error	None	2015-08-27 16:42:34		EventLog	6008: The previous system shutdown at 22:04:39 on ?26/?08/?2015 was unexpected.
System	Error	None	2015-08-27 16:42:39		BugCheck	1001: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xffffe000d28e6a00, 0xfffff802308e3ad0, 0xffffe000d2f2a010). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082715-28140-01.
System	Error	None	2015-08-27 16:44:04	NETWORK SERVICE	DCOM	10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
System	Error	None	2015-08-27 16:44:32	LOCAL SERVICE	DCOM	10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Database Software


Database Drivers:
	Borland Database Engine	-
	Borland InterBase Client	-
	Easysoft ODBC-InterBase 6	-
	Easysoft ODBC-InterBase 7	-
	Firebird Client	-
	Jet Engine	4.00.9765.0
	MDAC	10.0.10240.16384 (th1.150709-1700)
	ODBC	10.0.10240.16384 (th1.150709-1700)
	MySQL Connector/ODBC	-
	Oracle Client	-
	PsqlODBC	-
	Sybase ASE ODBC	-

Database Servers:
	Borland InterBase Server	-
	Firebird Server	-
	Microsoft SQL Server	-
	Microsoft SQL Server Compact Edition	-
	Microsoft SQL Server Express Edition	-
	MySQL Server	-
	Oracle Server	-
	PostgreSQL Server	-
	Sybase SQL Server	-

ODBC Drivers


Driver Description	File Name	Version	File Extensions Supported
Driver da Microsoft para arquivos texto (.txt; .csv)	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	.,.asc,.csv,.tab,.txt,.csv
Driver do Microsoft Access (*.mdb)	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	*.mdb
Driver do Microsoft dBase (*.dbf)	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	.dbf,.ndx,*.mdx
Driver do Microsoft Excel(*.xls)	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	*.xls
Driver do Microsoft Paradox (*.db )	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	*.db
Microsoft Access Driver (*.mdb)	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	*.mdb
Microsoft Access-Treiber (*.mdb)	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	*.mdb
Microsoft dBase Driver (*.dbf)	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	.dbf,.ndx,*.mdx
Microsoft dBase-Treiber (*.dbf)	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	.dbf,.ndx,*.mdx
Microsoft Excel Driver (*.xls)	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	*.xls
Microsoft Excel-Treiber (*.xls)	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	*.xls
Microsoft ODBC for Oracle	msorcl32.dll	10.0.10240.16384 (th1.150709-1700)
Microsoft Paradox Driver (*.db )	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	*.db
Microsoft Paradox-Treiber (*.db )	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	*.db
Microsoft Text Driver (.txt; .csv)	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	.,.asc,.csv,.tab,.txt,.csv
Microsoft Text-Treiber (.txt; .csv)	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	.,.asc,.csv,.tab,.txt,.csv
SQL Server	sqlsrv32.dll	10.0.10240.16384 (th1.150709-1700)

Memory Read


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Read Speed
20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1	111449 MB/s
16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1	77243 MB/s
32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1	67619 MB/s
6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	52396 MB/s
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	45162 MB/s
6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	42431 MB/s
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1	37831 MB/s
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	26428 MB/s
8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	26020 MB/s
4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	23559 MB/s
4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	23218 MB/s
4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	23157 MB/s
8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	21726 MB/s
4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	21404 MB/s
4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	21284 MB/s
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	21210 MB/s
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	21110 MB/s
4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	21006 MB/s
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1	19763 MB/s
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	19552 MB/s
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1	18834 MB/s
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	17639 MB/s
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	16638 MB/s
6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	14730 MB/s
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	13453 MB/s
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1	13118 MB/s
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1	11534 MB/s
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	11178 MB/s
4x Atom x5-Z8500	2233 MHz	ASUSTeK COMPUTER INC. T100HAN	CherryTrail Int.	Dual DDR3-1600	12-15-20-34 CR1	10129 MB/s
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	10112 MB/s
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	9714 MB/s
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	9037 MB/s
4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	8716 MB/s
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	8709 MB/s
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Quad DDR400R	3-4-4-8 CR1	8366 MB/s
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	8096 MB/s
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	7965 MB/s
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	7646 MB/s
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	7627 MB/s
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	7616 MB/s
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	6989 MB/s
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	6593 MB/s
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	6414 MB/s
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	6206 MB/s
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	6104 MB/s
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	6082 MB/s
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	6009 MB/s
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	5353 MB/s
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	4539 MB/s
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	3967 MB/s
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	3907 MB/s
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	3672 MB/s
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	3593 MB/s
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	3362 MB/s
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	3323 MB/s
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	2919 MB/s

Memory Write


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Write Speed
20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1	93980 MB/s
16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1	77060 MB/s
32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1	57844 MB/s
6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	52243 MB/s
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	45588 MB/s
6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	45249 MB/s
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1	27392 MB/s
4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	24093 MB/s
4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	23672 MB/s
4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	23649 MB/s
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	19528 MB/s
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	18063 MB/s
8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	17607 MB/s
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	17088 MB/s
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	16673 MB/s
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	14866 MB/s
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1	14492 MB/s
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	13215 MB/s
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1	12776 MB/s
8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	12328 MB/s
4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	11995 MB/s
4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	10777 MB/s
4x Atom x5-Z8500	2233 MHz	ASUSTeK COMPUTER INC. T100HAN	CherryTrail Int.	Dual DDR3-1600	12-15-20-34 CR1	10221 MB/s
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	10154 MB/s
4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	9970 MB/s
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	9937 MB/s
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	8869 MB/s
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1	8662 MB/s
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	7913 MB/s
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1	7779 MB/s
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	7115 MB/s
6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	7091 MB/s
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	7083 MB/s
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	6733 MB/s
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	5762 MB/s
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	5654 MB/s
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	5639 MB/s
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	5504 MB/s
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	5461 MB/s
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	4869 MB/s
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	4856 MB/s
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	4712 MB/s
4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	4694 MB/s
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	4260 MB/s
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	4220 MB/s
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	4117 MB/s
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	4093 MB/s
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Quad DDR400R	3-4-4-8 CR1	4029 MB/s
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	3800 MB/s
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	3568 MB/s
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	3159 MB/s
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	2831 MB/s
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	2796 MB/s
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	2474 MB/s
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	2348 MB/s
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	2337 MB/s

Memory Copy


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Copy Speed
20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1	104205 MB/s
32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1	69009 MB/s
16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1	67052 MB/s
6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	50043 MB/s
6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	44987 MB/s
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	42150 MB/s
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1	34882 MB/s
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	24509 MB/s
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	23799 MB/s
8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	22896 MB/s
4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	22772 MB/s
4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	21695 MB/s
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	21530 MB/s
4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	21283 MB/s
4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	20802 MB/s
4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	17897 MB/s
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	17836 MB/s
4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	17735 MB/s
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1	17362 MB/s
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1	17174 MB/s
8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	16882 MB/s
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	15347 MB/s
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	13993 MB/s
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	13993 MB/s
6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	12444 MB/s
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1	11945 MB/s
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	11370 MB/s
4x Atom x5-Z8500	2233 MHz	ASUSTeK COMPUTER INC. T100HAN	CherryTrail Int.	Dual DDR3-1600	12-15-20-34 CR1	10839 MB/s
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	9671 MB/s
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1	9468 MB/s
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	9054 MB/s
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	8216 MB/s
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	7792 MB/s
4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	7740 MB/s
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	7403 MB/s
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	6881 MB/s
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Quad DDR400R	3-4-4-8 CR1	6774 MB/s
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	6282 MB/s
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	6139 MB/s
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	5921 MB/s
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	5551 MB/s
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	5396 MB/s
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	5284 MB/s
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	4951 MB/s
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	4891 MB/s
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	4764 MB/s
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	4572 MB/s
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	4213 MB/s
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	4195 MB/s
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	3673 MB/s
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	3270 MB/s
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	3147 MB/s
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	3051 MB/s
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	3009 MB/s
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	2987 MB/s
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	2578 MB/s

Memory Latency


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Latency
Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	55.2 ns
Core i7-3770K	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	57.5 ns
Xeon E3-1245 v3	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	57.9 ns
Core i7-4770	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	58.3 ns
A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	59.6 ns
FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	60.3 ns
FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	61.4 ns
A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	62.0 ns
Core i7-4930K	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	62.1 ns
Core i7-965 Extreme	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	62.9 ns
Core i7-2600	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	66.7 ns
Core i7-990X Extreme	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	67.1 ns
Core i7-3960X Extreme	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	67.5 ns
Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	69.6 ns
Xeon X5550	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1	70.3 ns
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	72.4 ns
Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	74.1 ns
Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	74.2 ns
Core i7-5820K	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	74.4 ns
A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	75.9 ns
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	77.0 ns
Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	77.9 ns
Pentium EE 955	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	78.0 ns
Xeon E5-2670	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1	79.6 ns
A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	79.6 ns
Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	79.9 ns
Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	81.2 ns
P4EE	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	82.4 ns
Xeon E5-2660 v3	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1	83.9 ns
Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1	87.0 ns
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	88.2 ns
Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	88.6 ns
Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Quad DDR400R	3-4-4-8 CR1	89.9 ns
Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	91.3 ns
Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	93.2 ns
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	93.7 ns
Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1	99.1 ns
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	99.5 ns
Core i5-650	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	100.3 ns
Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	101.4 ns
Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	103.9 ns
Atom 230	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	105.7 ns
E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	107.0 ns
Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1	111.9 ns
Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	113.3 ns
Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	114.8 ns
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	120.0 ns
Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1	124.4 ns
Xeon	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	124.7 ns
Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	127.8 ns
Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	128.3 ns
Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	129.7 ns
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	138.4 ns
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	153.7 ns
Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1	159.0 ns
Atom x5-Z8500	2233 MHz	ASUSTeK COMPUTER INC. T100HAN	CherryTrail Int.	Dual DDR3-1600	12-15-20-34 CR1	162.5 ns

CPU Queen


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1	147245
16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1	100531
6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	62643
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	62484
6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	59940
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	56836
32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1	53879
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1	53544
4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	47291
4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	46747
4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	45915
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	43907
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1	42550
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	41740
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	37778
8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	36089
8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	34010
6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	32366
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	31680
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1	30784
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	26997
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	25523
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	22162
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	22013
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1	21945
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	21896
4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	21655
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	21434
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	21225
4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	20154
4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	19397
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	19226
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	18012
4x Atom x5-Z8500	2233 MHz	ASUSTeK COMPUTER INC. T100HAN	CherryTrail Int.	Dual DDR3-1600	12-15-20-34 CR1	16788
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	16094
4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	14695
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1	12584
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	12140
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	11236
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	9614
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	7485
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	7304
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	7300
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	5904
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	5452
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	5164
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Quad DDR400R	3-4-4-8 CR1	4879
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	4086
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	4021
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	3855
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	3791
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	3514
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	3301
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	2814
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	2586
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	1839

CPU PhotoWorxx


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1	62186 MPixel/s
16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1	38725 MPixel/s
32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1	35478 MPixel/s
6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	25266 MPixel/s
6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	23599 MPixel/s
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	22806 MPixel/s
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1	20428 MPixel/s
4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	14178 MPixel/s
4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	14090 MPixel/s
4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	14001 MPixel/s
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	12962 MPixel/s
8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	12477 MPixel/s
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	12457 MPixel/s
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	11872 MPixel/s
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1	11495 MPixel/s
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	11115 MPixel/s
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1	10673 MPixel/s
4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	9603 MPixel/s
4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	9078 MPixel/s
4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	8913 MPixel/s
8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	8886 MPixel/s
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	8581 MPixel/s
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	8064 MPixel/s
6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	6975 MPixel/s
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	6862 MPixel/s
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1	6131 MPixel/s
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	5627 MPixel/s
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	5276 MPixel/s
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	4730 MPixel/s
4x Atom x5-Z8500	1833 MHz	ASUSTeK COMPUTER INC. T100HAN	CherryTrail Int.	Dual DDR3-1600	12-15-20-34 CR1	4214 MPixel/s
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	4183 MPixel/s
4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	4179 MPixel/s
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	3840 MPixel/s
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1	3707 MPixel/s
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	3462 MPixel/s
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	3041 MPixel/s
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	3025 MPixel/s
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	2926 MPixel/s
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	2793 MPixel/s
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	2536 MPixel/s
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	2390 MPixel/s
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	2147 MPixel/s
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	1936 MPixel/s
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	1904 MPixel/s
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	1895 MPixel/s
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	1864 MPixel/s
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	1852 MPixel/s
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Quad DDR400R	3-4-4-8 CR1	1850 MPixel/s
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	1844 MPixel/s
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	1676 MPixel/s
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	1224 MPixel/s
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	1167 MPixel/s
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	1100 MPixel/s
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	1099 MPixel/s
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	879 MPixel/s
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	826 MPixel/s

CPU ZLib


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1	1238.7 MB/s
16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1	975.4 MB/s
32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1	672.7 MB/s
6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	455.0 MB/s
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	444.5 MB/s
6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	436.1 MB/s
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1	366.5 MB/s
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	358.7 MB/s
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1	358.1 MB/s
8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	346.1 MB/s
4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	320.0 MB/s
4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	317.2 MB/s
4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	308.6 MB/s
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	289.2 MB/s
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	281.4 MB/s
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	276.3 MB/s
6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	256.7 MB/s
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1	244.3 MB/s
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	222.7 MB/s
8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	209.2 MB/s
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	189.4 MB/s
4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	183.0 MB/s
4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	174.8 MB/s
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1	174.3 MB/s
4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	167.7 MB/s
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	154.7 MB/s
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	153.2 MB/s
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	152.5 MB/s
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	136.2 MB/s
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	117.7 MB/s
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	112.5 MB/s
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	108.3 MB/s
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	105.8 MB/s
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	97.1 MB/s
4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	95.6 MB/s
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1	82.8 MB/s
4x Atom x5-Z8500	2000 MHz	ASUSTeK COMPUTER INC. T100HAN	CherryTrail Int.	Dual DDR3-1600	12-15-20-34 CR1	75.1 MB/s
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	75.0 MB/s
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	73.7 MB/s
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	59.6 MB/s
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	57.8 MB/s
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	57.5 MB/s
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	47.3 MB/s
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	41.5 MB/s
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	33.3 MB/s
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	32.9 MB/s
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	32.2 MB/s
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	31.6 MB/s
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Quad DDR400R	3-4-4-8 CR1	30.8 MB/s
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	24.3 MB/s
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	22.8 MB/s
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	20.3 MB/s
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	18.5 MB/s
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	17.4 MB/s
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	16.3 MB/s
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	15.2 MB/s

CPU AES


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1	65839 MB/s
16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1	46884 MB/s
32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1	38007 MB/s
6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	23204 MB/s
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	21097 MB/s
6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	21094 MB/s
8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	17312 MB/s
4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	16800 MB/s
4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	16333 MB/s
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	15406 MB/s
4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	14455 MB/s
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	13681 MB/s
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	12247 MB/s
4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	9124 MB/s
4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	8465 MB/s
4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	8460 MB/s
4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	6532 MB/s
8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	4053 MB/s
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	3782 MB/s
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	2908 MB/s
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1	1930 MB/s
4x Atom x5-Z8500	2083 MHz	ASUSTeK COMPUTER INC. T100HAN	CherryTrail Int.	Dual DDR3-1600	12-15-20-34 CR1	1549 MB/s
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	1447 MB/s
6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	1332 MB/s
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1	1286 MB/s
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	1212 MB/s
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1	1153 MB/s
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1	913 MB/s
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	802 MB/s
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	790 MB/s
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	789 MB/s
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	721 MB/s
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	651 MB/s
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	587 MB/s
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	566 MB/s
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	524 MB/s
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	493 MB/s
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1	473 MB/s
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	421 MB/s
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	387 MB/s
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	311 MB/s
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	277 MB/s
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	274 MB/s
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	269 MB/s
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	245 MB/s
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	242 MB/s
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Quad DDR400R	3-4-4-8 CR1	184 MB/s
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	153 MB/s
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	148 MB/s
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	144 MB/s
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	131 MB/s
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	109 MB/s
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	105 MB/s
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	98 MB/s
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	84 MB/s
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	44 MB/s

CPU Hash


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1	14804 MB/s
32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1	9056 MB/s
16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1	8724 MB/s
6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	5231 MB/s
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1	4783 MB/s
6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	4368 MB/s
8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	4104 MB/s
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	3924 MB/s
4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	3786 MB/s
4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	3679 MB/s
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	3674 MB/s
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	3604 MB/s
6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	3304 MB/s
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1	3188 MB/s
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	3137 MB/s
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1	3094 MB/s
4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	2995 MB/s
4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	2621 MB/s
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	2544 MB/s
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	2345 MB/s
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1	2242 MB/s
4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	2159 MB/s
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	1989 MB/s
4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	1986 MB/s
8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	1965 MB/s
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	1942 MB/s
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	1936 MB/s
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	1914 MB/s
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	1680 MB/s
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	1677 MB/s
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	1464 MB/s
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	1441 MB/s
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1	1101 MB/s
4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	998 MB/s
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	980 MB/s
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	976 MB/s
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	969 MB/s
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	925 MB/s
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	911 MB/s
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	828 MB/s
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	809 MB/s
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	730 MB/s
4x Atom x5-Z8500	2083 MHz	ASUSTeK COMPUTER INC. T100HAN	CherryTrail Int.	Dual DDR3-1600	12-15-20-34 CR1	708 MB/s
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	641 MB/s
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	548 MB/s
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	489 MB/s
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	443 MB/s
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Quad DDR400R	3-4-4-8 CR1	427 MB/s
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	350 MB/s
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	336 MB/s
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	326 MB/s
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	306 MB/s
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	251 MB/s
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	246 MB/s
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	245 MB/s
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	162 MB/s

FPU VP8


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	6751
20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1	6650
6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	6539
4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	6391
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	6381
4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	6367
16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1	6350
4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	6307
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	5592
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	5279
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	4981
8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	4943
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	4777
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1	4589
6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	4583
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	3973
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1	3920
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	3864
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	3766
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1	3654
4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	3623
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	3304
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	3294
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	3238
4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	3166
8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	3145
4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	3141
32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1	3070
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	2707
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	2499
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1	2448
4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	2402
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	2382
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	2369
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	2112
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	1816
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	1786
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	1779
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1	1687
4x Atom x5-Z8500	2233 MHz	ASUSTeK COMPUTER INC. T100HAN	CherryTrail Int.	Dual DDR3-1600	12-15-20-34 CR1	1638
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	1352
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	1215
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	1189
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	1108
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	1057
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	954
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	850
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	803
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	796
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Quad DDR400R	3-4-4-8 CR1	689
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	685
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	661
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	613
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	586
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	511
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	487

FPU Julia


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1	105781
16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1	62590
6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	40502
32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1	30193
6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	28480
4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	26953
4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	26917
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	26898
4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	19516
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	18457
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1	18309
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	17993
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1	17671
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	15300
8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	13504
6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	12634
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1	12208
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	11912
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	11125
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	8956
8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	8747
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1	8681
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	8201
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	8070
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	7608
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	7438
4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	6999
4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	6474
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	6411
4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	6207
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	5587
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	5579
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	5551
4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	5235
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	4059
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	3534
4x Atom x5-Z8500	2233 MHz	ASUSTeK COMPUTER INC. T100HAN	CherryTrail Int.	Dual DDR3-1600	12-15-20-34 CR1	3286
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	3079
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	2440
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	2393
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1	2309
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	2053
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	1988
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	1865
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	1342
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	1308
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	1117
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	958
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	911
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Quad DDR400R	3-4-4-8 CR1	896
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	893
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	792
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	702
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	641
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	589
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	513

FPU Mandel


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1	54521
16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1	33143
6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	21649
32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1	15402
6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	15100
4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	14429
4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	14418
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	14253
4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	10344
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	9777
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1	9318
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	8672
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1	8614
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	8066
8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	6901
6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	6434
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1	6211
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	6094
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	5395
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	4626
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1	4418
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	4333
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	4179
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	3973
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	3874
4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	3474
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	3308
4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	3228
4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	3176
8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	2982
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	2889
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	2840
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	2676
4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	2335
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	1823
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	1626
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	1482
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	1449
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	1383
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1	1182
4x Atom x5-Z8500	2166 MHz	ASUSTeK COMPUTER INC. T100HAN	CherryTrail Int.	Dual DDR3-1600	12-15-20-34 CR1	1166
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	1062
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	1051
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	856
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	795
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	688
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	494
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	476
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Quad DDR400R	3-4-4-8 CR1	458
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	427
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	404
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	402
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	359
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	328
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	263
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	193

FPU SinJulia


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
20x Xeon E5-2660 v3 HT	2600 MHz	Supermicro X10DRi	C612	Octal DDR4-1866	13-13-13-31 CR1	18482
16x Xeon E5-2670 HT	2600 MHz	Supermicro X9DR6-F	C600	Octal DDR3-1333	9-9-9-24 CR1	16035
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	7471
6x Core i7-4930K HT	3400 MHz	Gigabyte GA-X79-UD3	X79	Quad DDR3-1866	9-10-9-27 CR2	7274
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	7214
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Hexa DDR3-1333	9-9-9-24 CR1	6993
32x Opteron 6274	2200 MHz	Supermicro H8DGI-F	SR5690	Octal DDR3-1600R	11-11-11-28 CR1	6822
6x Core i7-5820K HT	3300 MHz	Gigabyte GA-X99-UD4	X99	Quad DDR4-2133	15-15-15-36 CR2	6513
4x Core i7-3770K HT	3500 MHz	MSI Z77A-GD55	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	4984
4x Core i7-4770 HT	3400 MHz	Intel DZ87KLT-75K	Z87 Int.	Dual DDR3-1600	9-9-9-27 CR2	4716
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	4679
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Quad DDR2-800R	6-6-6-18 CR1	4658
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	4587
4x Xeon E3-1245 v3 HT	3400 MHz	Supermicro X10SAE	C226 Int.	Dual DDR3-1600	11-11-11-28 CR1	4583
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	4132
6x Phenom II X6 Black 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR2	3213
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Quad DDR2-800R	6-6-6-18 CR1	3101
8x FX-8350	4000 MHz	Asus M5A99X Evo R2.0	AMD990X	Dual DDR3-1866	9-10-9-27 CR2	2833
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	2645
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	2590
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	2306
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	2268
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	2219
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Quad DDR2-667R	5-5-5-15 CR1	2210
8x Atom C2750	2400 MHz	Supermicro A1SAi-2750F	Avoton	Dual DDR3-1600	11-11-11-28 CR1	2042
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	1934
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	1872
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	1856
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	1618
4x A10-7850K	3700 MHz	Gigabyte GA-F2A88XM-D3H	A88X Int.	Dual DDR3-2133	9-11-10-31 CR2	1481
4x A10-6800K	4100 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-2133	9-11-10-27 CR2	1480
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	1421
4x A10-5800K	3800 MHz	Asus F2A55-M	A55 Int.	Dual DDR3-1866	9-10-9-27 CR2	1377
4x Athlon 5350	2050 MHz	ASRock AM1B-ITX	Yangtze Int.	DDR3-1600 SDRAM	11-11-11-28 CR2	1260
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Quad DDR2-600R	5-5-5-15 CR1	1178
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	1049
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	1021
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	960
Celeron J1900	2000 MHz	Gigabyte GA-J1900N-D3V	BayTrailD Int.	Dual DDR3-1333	9-9-9-24 CR1	948
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	942
4x Atom x5-Z8500	2233 MHz	ASUSTeK COMPUTER INC. T100HAN	CherryTrail Int.	Dual DDR3-1600	12-15-20-34 CR1	857
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	835
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	685
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	516
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	505
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Quad DDR400R	3-4-4-8 CR1	457
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	452
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	359
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	327
Nano X2 L4350	1600 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	284
Celeron 420	1600 MHz	Intel DQ965GF	Q965 Int.	Dual DDR2-667	5-5-5-15	277
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	262
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	262
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	205
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	203
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	131

Debug - PCI


		B00 D00 F00:	Intel Cherry Trail / Braswell SoC - Transaction Router

		Offset 000:	86 80 80 22 07 00 00 00 20 00 00 06 00 00 00 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 DD 1B
		Offset 030:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	12 83 01 00 9F FF 07 80 12 83 01 00 00 00 00 00
		Offset 050:	02 81 00 00 02 81 00 00 02 81 00 00 00 00 00 00
		Offset 060:	02 83 01 00 9F FF 07 80 12 83 01 00 00 00 00 00
		Offset 070:	02 83 01 00 9F FF 07 80 02 83 01 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 03 00 00 03 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	01 10 34 00 00 00 00 00 00 00 00 00 00 00 00 00

		B00 D02 F00:	Intel Cherry Trail / Braswell SoC - Integrated Graphics Controller (16 EU)

		Offset 000:	86 80 B0 22 07 04 10 00 20 00 00 03 00 00 00 00
		Offset 010:	04 00 00 90 00 00 00 00 0C 00 00 80 00 00 00 00
		Offset 020:	01 F0 00 00 00 00 00 00 00 00 00 00 43 10 DD 1B
		Offset 030:	00 00 00 00 D0 00 00 00 00 00 00 00 00 01 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	09 02 00 00 00 00 00 00 00 00 00 00 01 00 C0 7C
		Offset 060:	00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	01 00 80 7C 07 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	05 B0 01 00 0C F0 E0 FE 54 49 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 13 00 06 03 00 00 00 00 00 00 00 00
		Offset 0B0:	09 00 07 01 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	01 90 22 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 10 DA 7A

		B00 D0A F00:	Intel(R) Integrated Sensor Solution [8086-22D8] [NoDB]

		Offset 000:	86 80 D8 22 06 00 10 00 20 00 00 00 10 00 00 00
		Offset 010:	00 F0 BF DF 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 DD 1B
		Offset 030:	00 00 00 00 80 00 00 00 00 00 00 00 14 01 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	01 00 03 00 08 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 1C 0F 20 04 00 00 00 00

		B00 D0B F00:	Intel Cherry Trail / Braswell SoC - P-Unit

		Offset 000:	86 80 DC 22 06 04 10 00 20 00 80 11 00 00 00 00
		Offset 010:	04 E0 BF DF 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 DD 1B
		Offset 030:	00 00 00 00 40 00 00 00 00 00 00 00 00 01 00 00
		Offset 040:	05 50 01 00 0C F0 E0 FE 95 49 00 00 00 00 00 00
		Offset 050:	01 00 03 00 08 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 1C 0F 20 04 00 00 00 00

		B00 D14 F00:	Intel Cherry Trail / Braswell SoC - USB 3.0 xHCI Controller

		Offset 000:	86 80 B5 22 06 04 90 02 20 30 03 0C 00 00 00 00
		Offset 010:	04 00 80 91 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 DD 1B
		Offset 030:	00 00 00 00 70 00 00 00 00 00 00 00 00 01 00 00
		Offset 040:	FD 01 34 80 8F C6 CF 83 00 00 00 00 00 00 00 00
		Offset 050:	3F 6D DF 0F 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	30 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	01 80 C2 C1 08 01 00 00 00 00 00 00 00 00 00 00
		Offset 080:	05 00 87 00 0C F0 E0 FE 00 00 00 00 A4 49 00 00
		Offset 090:	09 00 14 F0 10 00 40 01 00 00 00 00 C1 0A 08 00
		Offset 0A0:	00 08 04 00 00 18 00 00 8F 40 02 00 00 01 04 00
		Offset 0B0:	01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 1C 0F 20 04 00 00 00 00

		B00 D1A F00:	Intel Cherry Trail / Braswell SoC - Trusted Execution Engine

		Offset 000:	86 80 98 22 00 05 10 00 20 00 80 10 10 00 00 00
		Offset 010:	00 00 70 91 00 00 60 91 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 DD 1B
		Offset 030:	00 00 00 00 80 00 00 00 00 00 00 00 00 01 00 00
		Offset 040:	D5 00 00 1F 00 48 11 80 0E 00 00 69 00 00 00 00
		Offset 050:	41 00 F0 3E 04 01 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 10 01 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	01 A0 03 48 0B 01 00 00 FF 00 00 00 01 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	05 00 00 00 0C F0 E0 FE 94 49 00 00 00 00 00 00
		Offset 0B0:	00 00 00 40 02 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	09 10 00 00 00 00 D0 7E 00 00 20 01 00 00 00 00
		Offset 0D0:	09 10 00 00 00 00 F0 7F 00 10 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 1C 0F 20 04 00 00 00 00

		B00 D1F F00:	Intel Cherry Trail / Braswell SoC - Platform Controller Unit - LPC

		Offset 000:	86 80 9C 22 07 00 10 02 20 00 01 06 00 00 80 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 DD 1B
		Offset 030:	00 00 00 00 E0 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	03 04 00 00 02 30 D0 FE 01 00 00 00 02 00 D8 FE
		Offset 050:	02 80 D0 FE 02 10 D0 FE 02 00 A0 FE 02 60 D0 FE
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 CF FF 00 00 00 00 00 00
		Offset 0E0:	09 00 0C 10 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	01 C0 D1 FE 00 00 00 00 1C 0F 20 04 03 03 00 00

		PCI-8086-229C:	Intel BSW/CHT PUBAR @ FED06000h

		Offset 00:	00 00 00 00 00 00 00 8C 00 00 00 00 00 00 00 00
		Offset 10:	00 00 00 00 03 01 00 00 10 00 8F 32 86 01 0A 00
		Offset 20:	08 01 00 00 10 01 00 00 06 01 00 00 43 10 DD 1B
		Offset 30:	00 00 00 00 00 00 00 00 00 28 90 51 00 00 00 00
		Offset 40:	00 02 00 00 EB 80 01 00 E4 27 00 00 06 18 00 00
		Offset 50:	FF 03 00 00 71 07 00 00 F4 18 01 00 03 00 04 89
		Offset 60:	00 82 00 00 00 82 00 00 02 82 01 00 16 82 00 00
		Offset 70:	FF FF FF 00 00 00 00 00 0F 00 00 00 FF 00 00 00
		Offset 80:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 90:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00
		Offset A0:	00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset C0:	FF FF FF FF FF FF FF FF 03 00 00 03 00 00 00 00
		Offset D0:	FF FF FF FF FF FF FF FF FC 0B 3C 0B FF FF FF FF
		Offset E0:	FF FF FF FF 03 00 00 03 1F 00 00 1F 00 00 00 00
		Offset F0:	FF FF FF FF FF FF FF FF 00 00 00 00 FF FF FF FF
		Offset 100:	A7 09 00 00 8F 09 00 00 89 09 00 00 53 00 00 00
		Offset 110:	8A FC 08 1B FF FF FF FF FF FF FF FF A0 88 00 00
		Offset 120:	00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF
		Offset 130:	00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF
		Offset 140:	00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF
		Offset 150:	00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF
		Offset 160:	00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF
		Offset 170:	00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF
		Offset 180:	FF FF FF FF 0F FC FF 03 00 00 00 00 00 00 00 00
		Offset 190:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 1A0:	00 00 00 00 00 00 00 00 00 00 00 00 E0 2F 00 00
		Offset 1B0:	38 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00
		Offset 1C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 1D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 1E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 1F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 200:	08 07 03 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 210:	00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF
		Offset 220:	00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00
		Offset 230:	00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF
		Offset 240:	EB 02 15 1D 57 7A CD 42 EB E5 EA 18 89 76 8C 1B
		Offset 250:	DB 46 87 8E 10 01 00 00 FF FF FF FF FF FF FF FF
		Offset 260:	20 00 80 22 14 8E C0 0B D4 05 00 00 00 00 00 00
		Offset 270:	00 00 00 00 14 8E C0 0B D4 05 00 00 00 00 00 00
		Offset 280:	4C 0E CD DC D7 05 00 00 FF FF FF FF FF FF FF FF
		Offset 290:	FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
		Offset 2A0:	78 7C 04 4B 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 2B0:	00 00 00 00 00 00 00 00 00 00 00 00 22 00 00 00
		Offset 2C0:	03 00 00 00 94 95 8C 00 00 00 00 00 00 00 00 00
		Offset 2D0:	00 04 03 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 2E0:	08 08 06 00 08 08 06 00 08 08 06 00 00 00 00 00
		Offset 2F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 300:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 310:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 320:	00 00 00 00 00 04 00 00 00 00 00 00 FF FF FF FF
		Offset 330:	FF FF FF FF FF FF FF FF B7 58 D1 E1 67 00 00 00
		Offset 340:	00 00 00 00 00 00 00 00 FF 66 0A 00 14 00 00 00
		Offset 350:	3C 00 00 00 00 00 00 4F 00 00 00 00 00 00 00 00
		Offset 360:	10 3C 00 00 CF 0E 00 00 00 00 00 00 00 00 00 00
		Offset 370:	00 00 00 00 31 69 BF E0 67 00 00 00 3C 28 00 00
		Offset 380:	FF FF FF FF 00 00 00 00 00 00 00 00 BE AD 00 00
		Offset 390:	0E AC 00 00 A2 AB 00 00 D7 05 00 00 72 BE 7C E1
		Offset 3A0:	00 00 00 00 00 00 00 00 00 00 00 00 74 AB 64 0B
		Offset 3B0:	D4 05 00 00 FF FF FF FF FF FF FF FF 00 00 00 00
		Offset 3C0:	00 00 00 00 FF FF FF FF FF FF FF FF 96 01 01 00
		Offset 3D0:	FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
		Offset 3E0:	FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
		Offset 3F0:	FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
		Offset 400:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 410:	00 5A 0F 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 420:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 430:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 440:	FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
		Offset 450:	FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
		Offset 460:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 470:	00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF
		Offset 480:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 490:	00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF
		Offset 4A0:	FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
		Offset 4B0:	FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
		Offset 4C0:	02 00 00 00 10 00 20 00 30 00 40 00 50 00 60 00
		Offset 4D0:	70 00 FF 00 4C 29 00 00 28 3C 3C 3C 28 14 90 51
		Offset 4E0:	53 03 CB 01 00 00 00 00 00 00 00 00 16 95 01 00
		Offset 4F0:	00 00 00 00 00 00 12 0C 00 00 00 00 00 00 00 00
		Offset 500:	00 00 00 00 00 00 00 00 A0 62 00 00 AF 9F B1 03
		Offset 510:	00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00
		Offset 520:	43 10 DD 1B FF FF FF FF FF FF FF FF FF FF FF FF
		Offset 530:	FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
		Offset 540:	58 00 00 00 1F 32 1F 14 C0 4B 03 00 C0 4B 03 00
		Offset 550:	00 00 00 00 30 02 30 02 30 02 30 02 00 00 00 00
		Offset 560:	00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF
		Offset 570:	FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
		Offset 580:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 590:	00 00 00 00 00 00 00 00 00 00 00 00 02 00 10 02

		PCI-8086-22B0:	Intel BSW/CHT iGPU MMIO @ 90000000h

		Offset 182000:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 182010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 182020:	00 00 00 00 00 00 00 00 E1 03 00 00 00 00 00 00
		Offset 182030:	76 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 182040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 182050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 182060:	00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 182070:	00 00 01 00 17 80 02 00 00 00 00 00 00 00 00 00
		Offset 182080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 182090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 1820A0:	A0 04 02 00 00 00 00 00 1F FB FD FF 00 00 04 00
		Offset 1820B0:	00 00 00 00 71 00 00 00 01 00 00 00 00 00 00 00
		Offset 1820C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 1820D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 1820E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 1820F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 182100:	F0 04 06 00 38 D5 2A DE CE 00 00 00 00 00 00 00
		Offset 182110:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 182120:	01 80 BF 7E 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 182130:	50 00 40 00 00 00 00 80 31 03 00 20 00 00 00 00
		Offset 182140:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 182150:	00 00 00 00 00 00 00 00 00 00 00 00 77 A3 A3 00
		Offset 182160:	E0 E1 01 00 00 00 00 00 00 00 88 88 F2 D5 77 5C
		Offset 182170:	12 12 12 00 00 00 00 00 00 00 00 00 00 00 00 00

Debug - Video BIOS


		C000:0000	%.....`....u6F.\.V.R..[.7.t....#..'>..V.z...^.+..0..9..y.....#xn
		C000:0040	-.........TW6F...VMp..).7.".......S...,.z...^.Y".0K.9........#..
		C000:0080	......f..8;e*N.X.K.\.R....-..p.G..7n.KR.i5..Z.).....m..+.......?
		C000:00C0	F......,.:oG*N...K.\|.R.[..:.p....dL.K0Gi5..Z.[t....m.....P.....
		C000:0100	.^0...St....2...R.F..z.Ba._.......g,.j.J.....ywC3.v.....QS......
		C000:0140	..f...!...].2...R....z..a......1..1..j.......y..3. 9..p..S.p.<.x
		C000:0180	.N)...Uv..2.....Q.....n..8.e4N..1.w\|.....W.R..u.cu.CX](.r.V...J.
		C000:01C0	.\...'...D.....Q.. .....8PG4N.U!*#......W.p....ce.AX]ZXs.....8)
		C000:0200	s...\.....u..c%..C.....:}T....x..!T.v......*.x.Nd....r.KF....d..
		C000:0240	s..!\.....#>.cWN.C......uTU....u....6..?..g..x..d.]..r..F..0.d.M
		C000:0280	H!..P.....L..k+..\w...%x.6Y.1.......~(...R<h....6[.v....u./P..:.
		C000:02C0	@..)P........kYJ.^!...W..t.C1.......~(.k.RnP....<[.T....e.]v..H.
		C000:0300	..L_:B...vyd..'.4....?..#....+2gZ%4.V.]v....=.....c... ....\|.S.[
		C000:0340	...}:B.^.v*B..U.4....?b`#.~..+@.Z%..^./.....=../..7...R<.O.^.Sz.
		C000:0380	..TW6....^Ip..)X5.".......q<..$.z...~.Y".0@.9........#....S:....
		C000:03C0	...u6F.\.V.R..[.7.t....#..'>..V.z...^.+..0..9..y.....#xn........

Debug - Unknown


		ACPI	BCFG: Unknown
		ACPI	PRAM: Unknown
		HDD	Samsung CGND3R
		Monitor ID	AUO20D4: Generic PnP Monitor [NoDB]
		PCI/AGP	8086-22D8 [SubSys: 1043-1BDD]: Intel(R) Integrated Sensor Solution [8086-22D8] [NoDB]
		PnP	BCM2E72: Broadcom Serial Bus Driver over UART Bus Enumerator [NoDB]
		PnP	INT33A4: Intel(R) Power Engine Plug-in [NoDB]
		PnP	SIS0457: I2C HID Device [NoDB]
		SPD	No SPD module found! (BusCount = 0)
		SSD	Samsung CGND3R

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.