| | | | | | | | |
|
| | Log Name | Event Type | Category | Generated On | User | Source | Description
|
| | Application | Warning | 1 | 2016-11-10 20:23:33 | | Windows Search Service | 1008: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.
|
| | Application | Error | None | 2016-11-10 20:25:22 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.0_none_95e4f9a171a1ad95\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-10 20:40:14 | | System Restore | 8193: Failed to create restore point (Process = C:\Program Files\NVIDIA Corporation\Installer2\MSVCRuntime.{47870475-01DF-4758-B9EB-A7061613ED2C}\vcredist_x64_13.exe Files\NVIDIA Corporation\Installer2\MSVCRuntime.{47870475-01DF-4758-B9EB-A7061613ED2C}\vcredist_x64_13.exe" /q; Description = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-10 20:40:58 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\System32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-10 20:40:59 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\System32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-10 20:40:59 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.0_none_95e4f9a171a1ad95\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-10 20:41:02 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\System32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-10 20:41:22 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-10 20:41:27 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\System32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-10 20:41:27 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-10 20:41:50 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\System32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-10 20:41:51 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-10 20:41:53 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\System32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-10 20:43:29 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\System32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-10 20:43:30 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).
|
| | Application | Error | 5973 | 2016-11-10 20:45:02 | user | Microsoft-Windows-Immersive-Shell | 5973: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
|
| | Application | Error | None | 2016-11-10 20:48:07 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\System32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-10 20:48:08 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\System32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-10 20:48:08 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).
|
| | Application | Error | 5973 | 2016-11-10 20:54:41 | user | Microsoft-Windows-Immersive-Shell | 5973: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
|
| | Application | Error | None | 2016-11-10 20:57:05 | | System Restore | 8193: Failed to create restore point (Process = C:\Users\user\AppData\Local\Temp\NVIDIA\DisplayDriver\GeForceGameReadyDriver375.70\MSVCRT\vcredist_x64_13.exe /q; Description = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-10 20:57:05 | | System Restore | 8193: Failed to create restore point (Process = C:\Users\user\AppData\Local\Temp\NVIDIA\DisplayDriver\GeForceGameReadyDriver375.70\MSVCRT\vcredist_x86_13.exe /q; Description = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005; Error = 0x80070422).
|
| | Application | Warning | None | 2016-11-10 20:59:24 | | Wlclntfy | 6001: The winlogon notification subscriber <Sens> failed a notification event.
|
| | Application | Error | 100 | 2016-11-10 21:01:57 | | Application Error | 1000: Faulting application name: NvStreamNetworkService.exe, version: 7.1.2084.9592, time stamp: 0x57605ac0 Faulting module name: NvMdnsPlugin.dll_unloaded, version: 0.0.0.0, time stamp: 0x57605fbb Exception code: 0xc0000005 Fault offset: 0x00000000000d45a0 Faulting process id: 0x1348 Faulting application start time: 0x01d23bbc9340e1e1 Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe Faulting module path: NvMdnsPlugin.dll Report Id: a99b7fe3-df74-4b6a-aa00-7fe7e9143404 Faulting package full name: Faulting package-relative application ID:
|
| | Application | Error | 5973 | 2016-11-11 09:19:30 | user | Microsoft-Windows-Immersive-Shell | 5973: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
|
| | Application | Error | None | 2016-11-11 09:21:00 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed XSplit Gamecaster; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-11 09:21:03 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed XSplit Gamecaster; Error = 0x80070422).
|
| | Application | Error | 5973 | 2016-11-11 09:24:30 | user | Microsoft-Windows-Immersive-Shell | 5973: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
|
| | Application | Error | 5973 | 2016-11-11 09:34:30 | user | Microsoft-Windows-Immersive-Shell | 5973: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
|
| | Application | Error | 5973 | 2016-11-11 09:48:53 | user | Microsoft-Windows-Immersive-Shell | 5973: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
|
| | Application | Error | None | 2016-11-11 10:01:02 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed ROG Gaming Center; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-11 10:01:05 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed ROG Gaming Center; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-11 10:06:33 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Dropbox 25 GB; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-11 10:06:34 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Dropbox 25 GB; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-11 10:06:39 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed GameFirst IV; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-11 10:06:40 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed GameFirst IV; Error = 0x80070422).
|
| | Application | Error | 100 | 2016-11-11 10:07:58 | | Application Error | 1000: Faulting application name: setup.exe_unknown, version: 0.0.0.0, time stamp: 0x57f9ea49 Faulting module name: NVI2.DLL, version: 2.1002.226.1988, time stamp: 0x57f9eb8a Exception code: 0x40000015 Fault offset: 0x00278d49 Faulting process id: 0xe24 Faulting application start time: 0x01d23c2d4e37002b Faulting application path: C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe Faulting module path: C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{DE488D96-92EE-4A97-8784-909FB9B8574A}\NVI2.DLL Report Id: 5bf83c53-9b61-4a03-a07a-8796044ee46a Faulting package full name: Faulting package-relative application ID:
|
| | Application | Error | None | 2016-11-11 10:08:03 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Foxit PhantomPDF; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-11 10:08:05 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Foxit PhantomPDF; Error = 0x80070422).
|
| | Application | Error | 100 | 2016-11-11 10:18:26 | | Application Error | 1000: Faulting application name: NvStreamNetworkService.exe, version: 7.1.2084.9592, time stamp: 0x57605ac0 Faulting module name: NvMdnsPlugin.dll_unloaded, version: 0.0.0.0, time stamp: 0x57605fbb Exception code: 0xc0000005 Fault offset: 0x00000000000d45a0 Faulting process id: 0xdc0 Faulting application start time: 0x01d23c2c8d62412a Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe Faulting module path: NvMdnsPlugin.dll Report Id: ec7393d4-9135-42ce-9b5d-66fac937480e Faulting package full name: Faulting package-relative application ID:
|
| | Application | Error | None | 2016-11-11 12:18:22 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed GameFirst IV; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-11 12:18:22 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed GameFirst IV; Error = 0x80070422).
|
| | Application | Error | 5973 | 2016-11-11 12:18:30 | user | Microsoft-Windows-Immersive-Shell | 5973: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
|
| | Application | Error | None | 2016-11-12 19:03:21 | | Steam Client Service | 1: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
|
| | Application | Error | None | 2016-11-12 19:32:48 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-12 19:32:49 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-12 19:32:50 | | System Restore | 8193: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
|
| | Application | Warning | None | 2016-11-12 19:32:52 | SYSTEM | Microsoft-Windows-RestartManager | 10010: Application 'C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe' (pid 5768) cannot be restarted - 1.
|
| | Application | Warning | None | 2016-11-12 19:32:52 | SYSTEM | Microsoft-Windows-RestartManager | 10010: Application 'C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe' (pid 5932) cannot be restarted - 1.
|
| | Application | Warning | None | 2016-11-12 19:32:52 | SYSTEM | Microsoft-Windows-RestartManager | 10010: Application 'C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe' (pid 5768) cannot be restarted - 1.
|
| | Application | Warning | None | 2016-11-12 19:32:52 | SYSTEM | Microsoft-Windows-RestartManager | 10010: Application 'C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe' (pid 5932) cannot be restarted - 1.
|
| | Application | Error | None | 2016-11-12 20:05:43 | | System Restore | 8193: Failed to create restore point (Process = C:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\_CommonRedist\vcredist\2012\vcredist_x86.exe Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\_CommonRedist\vcredist\2012\vcredist_x86.exe" /quiet /norestart; Description = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-12 20:06:05 | | System Restore | 8193: Failed to create restore point (Process = C:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\_CommonRedist\vcredist\2012\vcredist_x64.exe Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\_CommonRedist\vcredist\2012\vcredist_x64.exe" /quiet /norestart; Description = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-12 20:06:26 | | System Restore | 8193: Failed to create restore point (Process = C:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\_CommonRedist\DirectX\Jun2010\DXSETUP.exe Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\_CommonRedist\DirectX\Jun2010\DXSETUP.exe" /silent; Description = Installed DirectX; Error = 0x80070422).
|
| | Application | Error | None | 2016-11-12 20:48:06 | | Steam Client Service | 1: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
|
| | Application | Error | None | 2016-11-12 20:49:49 | | Steam Client Service | 1: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
|
| | Application | Error | None | 2016-11-12 20:53:22 | | Steam Client Service | 1: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
|
| | Application | Error | None | 2016-11-12 20:54:09 | | Steam Client Service | 1: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
|
| | Security | Audit Success | 13312 | 2016-11-10 20:23:20 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x194 New Process Name: ??????????????-??6?4?????? ? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????4 Process Command Line: ?????? ? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-10 20:23:20 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1a0 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x194 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2016-11-10 20:23:20 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2016-11-10 20:23:21 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x210 New Process Name: ??????????????-??6??4?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x194 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-10 20:23:23 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x290 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x210 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2016-11-10 20:23:24 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:23:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:23:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:23:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:23:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:23:24 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x33c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:23:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x126c1 Linked Logon ID: 0x12853 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x33c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:23:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x12853 Linked Logon ID: 0x126c1 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x33c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:23:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 20:23:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 20:23:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 20:23:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 20:23:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x126c1 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 20:23:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x12853 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 20:23:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13312 | 2016-11-10 20:23:24 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2e4 New Process Name: ??????????????-??6??4?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x194 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-10 20:23:24 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2ec New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x210 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-10 20:23:24 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2f4 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2e4 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-10 20:23:24 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x33c New Process Name: ????????????????-??6??4?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2e4 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-10 20:23:24 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x36c New Process Name: ????????????????-??6??c?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2ec Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-10 20:23:24 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x378 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2ec Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13568 | 2016-11-10 20:23:24 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xc0b3
|
| | Security | Audit Success | 12544 | 2016-11-10 20:23:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 20:23:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-10 20:23:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:23:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:23:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:23:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 20:23:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 20:23:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 20:23:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 20:23:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13568 | 2016-11-10 20:23:30 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Temp\winre\ExtractedFromWim Handle ID: 0x378 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\oobe\msoobe.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13826 | 2016-11-10 20:23:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12292 | 2016-11-10 20:23:31 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:23:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:23:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x33020 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 20:23:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-10 20:23:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x5dc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Failure | 12290 | 2016-11-10 20:23:32 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-10 20:23:32 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-10 20:23:32 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-10 20:23:32 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 12292 | 2016-11-10 20:23:32 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:23:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 20:23:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-10 20:23:33 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x11dc Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:23:33 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: defaultuser0 Account Domain: DESKTOP-R230UV9 Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\oobe\msoobe.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: defaultuser0 Account Domain: DESKTOP-R230UV9 Logon ID: 0x6c34f Linked Logon ID: 0x6c3b0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\oobe\msoobe.exe Network Information: Workstation Name: DESKTOP-D6Q88NA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: defaultuser0 Account Domain: DESKTOP-R230UV9 Logon ID: 0x6c3b0 Linked Logon ID: 0x6c34f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\oobe\msoobe.exe Network Information: Workstation Name: DESKTOP-D6Q88NA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: defaultuser0 Account Domain: DESKTOP-R230UV9 Logon ID: 0x6c3b0 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: defaultuser0 Account Domain: DESKTOP-R230UV9 Logon ID: 0x6c34f Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: defaultuser0 Account Domain: DESKTOP-R230UV9 Logon ID: 0x6c34f Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-544 Account Domain: Builtin Old Account Name: Administrators New Account Name: Administrators Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-545 Account Domain: Builtin Old Account Name: Users New Account Name: Users Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-546 Account Domain: Builtin Old Account Name: Guests New Account Name: Guests Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-558 Account Domain: Builtin Old Account Name: Performance Monitor Users New Account Name: Performance Monitor Users Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-559 Account Domain: Builtin Old Account Name: Performance Log Users New Account Name: Performance Log Users Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-562 Account Domain: Builtin Old Account Name: Distributed COM Users New Account Name: Distributed COM Users Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-568 Account Domain: Builtin Old Account Name: IIS_IUSRS New Account Name: IIS_IUSRS Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-573 Account Domain: Builtin Old Account Name: Event Log Readers New Account Name: Event Log Readers Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-580 Account Domain: Builtin Old Account Name: Remote Management Users New Account Name: Remote Management Users Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-581 Account Domain: Builtin Old Account Name: System Managed Accounts Group New Account Name: System Managed Accounts Group Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-500 Account Name: Administrator Account Domain: DESKTOP-R230UV9 Changed Attributes: SAM Account Name: Administrator Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x211 New UAC Value: 0x211 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-500 Account Name: Administrator Account Domain: DESKTOP-R230UV9 Changed Attributes: SAM Account Name: Administrator Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x211 New UAC Value: 0x211 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-501 Account Name: Guest Account Domain: DESKTOP-R230UV9 Changed Attributes: SAM Account Name: Guest Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x215 New UAC Value: 0x215 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-501 Account Name: Guest Account Domain: DESKTOP-R230UV9 Changed Attributes: SAM Account Name: Guest Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x215 New UAC Value: 0x215 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-503 Account Name: DefaultAccount Account Domain: DESKTOP-R230UV9 Changed Attributes: SAM Account Name: DefaultAccount Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x215 New UAC Value: 0x215 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-503 Account Name: DefaultAccount Account Domain: DESKTOP-R230UV9 Changed Attributes: SAM Account Name: DefaultAccount Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x215 New UAC Value: 0x215 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-513 Account Domain: DESKTOP-R230UV9 Old Account Name: None New Account Name: None Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4720: A user account was created. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 New Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: defaultuser0 Account Domain: DESKTOP-R230UV9 Attributes: SAM Account Name: defaultuser0 Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 Allowed To Delegate To: - Old UAC Value: 0x0 New UAC Value: 0x15 User Account Control: %%2080 %%2082 %%2084 User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4722: A user account was enabled. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: defaultuser0 Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: defaultuser0 Account Domain: DESKTOP-R230UV9 Changed Attributes: SAM Account Name: defaultuser0 Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x15 New UAC Value: 0x14 User Account Control: %%2048 User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: defaultuser0 Account Domain: DESKTOP-R230UV9 Changed Attributes: SAM Account Name: defaultuser0 Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: 11/10/2016 8:24:03 PM Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x14 New UAC Value: 0x14 User Account Control: - User Parameters: - SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4724: An attempt was made to reset an account's password. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: defaultuser0 Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: defaultuser0 Account Domain: DESKTOP-R230UV9 Changed Attributes: SAM Account Name: defaultuser0 Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: 11/10/2016 8:24:03 PM Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x14 New UAC Value: 0x214 User Account Control: %%2089 User Parameters: - SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4724: An attempt was made to reset an account's password. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: defaultuser0 Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Changed Attributes: SAM Account Name: Administrators SID History: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Changed Attributes: SAM Account Name: Users SID History: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Changed Attributes: SAM Account Name: Guests SID History: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-558 Group Name: Performance Monitor Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-558 Group Name: Performance Monitor Users Group Domain: Builtin Changed Attributes: SAM Account Name: Performance Monitor Users SID History: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-559 Group Name: Performance Log Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-559 Group Name: Performance Log Users Group Domain: Builtin Changed Attributes: SAM Account Name: Performance Log Users SID History: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-562 Group Name: Distributed COM Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-562 Group Name: Distributed COM Users Group Domain: Builtin Changed Attributes: SAM Account Name: Distributed COM Users SID History: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-568 Group Name: IIS_IUSRS Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-568 Group Name: IIS_IUSRS Group Domain: Builtin Changed Attributes: SAM Account Name: IIS_IUSRS SID History: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-573 Group Name: Event Log Readers Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-573 Group Name: Event Log Readers Group Domain: Builtin Changed Attributes: SAM Account Name: Event Log Readers SID History: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-580 Group Name: Remote Management Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-580 Group Name: Remote Management Users Group Domain: Builtin Changed Attributes: SAM Account Name: Remote Management Users SID History: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-581 Group Name: System Managed Accounts Group Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-581 Group Name: System Managed Accounts Group Group Domain: Builtin Changed Attributes: SAM Account Name: System Managed Accounts Group SID History: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4737: A security-enabled global group was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-21-798682442-3160011695-3061995338-513 Group Name: None Group Domain: DESKTOP-R230UV9 Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4737: A security-enabled global group was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-21-798682442-3160011695-3061995338-513 Group Name: None Group Domain: DESKTOP-R230UV9 Changed Attributes: SAM Account Name: None SID History: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4728: A member was added to a security-enabled global group. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: - Group: Security ID: S-1-5-21-798682442-3160011695-3061995338-513 Group Name: None Group Domain: DESKTOP-R230UV9 Additional Information: Privileges: - Expiration time: (null)
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4732: A member was added to a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: - Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Additional Information: Privileges: - Expiration time: (null)
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\oobe\msoobe.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\oobe\msoobe.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4732: A member was added to a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: - Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Additional Information: Privileges: - Expiration time: (null)
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\oobe\msoobe.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\oobe\msoobe.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\oobe\msoobe.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\oobe\msoobe.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\oobe\msoobe.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4733: A member was removed from a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: - Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\oobe\msoobe.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\oobe\msoobe.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:24:03 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12288 | 2016-11-10 20:24:47 | | Microsoft-Windows-Security-Auditing | 4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x568 Name: C:\Windows\System32\svchost.exe Previous Time: 2016-11-11T01:24:35.140554900Z New Time: 2016-11-11T01:24:47.658112100Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
|
| | Security | Audit Success | 12288 | 2016-11-10 20:24:47 | | Microsoft-Windows-Security-Auditing | 4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x568 Name: C:\Windows\System32\svchost.exe Previous Time: 2016-11-11T01:24:47.652242200Z New Time: 2016-11-11T01:24:47.651000000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:25:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 20:25:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-10 20:25:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2016-11-10 20:25:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:25:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 20:25:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 20:25:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-10 20:25:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1760 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:25:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1760 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:25:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1760 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:25:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1760 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 12288 | 2016-11-10 20:25:36 | | Microsoft-Windows-Security-Auditing | 4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x568 Name: C:\Windows\System32\svchost.exe Previous Time: 2016-11-11T01:25:36.535255300Z New Time: 2016-11-11T01:25:36.523000000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:25:36 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: defaultuser0 Account Domain: DESKTOP-R230UV9 Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:25:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: defaultuser0 Account Domain: DESKTOP-R230UV9 Logon ID: 0xb4fe6 Linked Logon ID: 0xb5031 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-D6Q88NA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:25:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: defaultuser0 Account Domain: DESKTOP-R230UV9 Logon ID: 0xb5031 Linked Logon ID: 0xb4fe6 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-D6Q88NA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 20:25:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: defaultuser0 Account Domain: DESKTOP-R230UV9 Logon ID: 0xb4fe6 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-10 20:25:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Failure | 12290 | 2016-11-10 20:25:40 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-10 20:25:40 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-10 20:25:40 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-10 20:25:40 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 12544 | 2016-11-10 20:25:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 20:25:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2016-11-10 20:26:00 | | Microsoft-Windows-Security-Auditing | 4720: A user account was created. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 New Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Attributes: SAM Account Name: user Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 Allowed To Delegate To: - Old UAC Value: 0x0 New UAC Value: 0x15 User Account Control: %%2080 %%2082 %%2084 User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:26:00 | | Microsoft-Windows-Security-Auditing | 4722: A user account was enabled. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-10 20:26:00 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Changed Attributes: SAM Account Name: user Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x15 New UAC Value: 0x14 User Account Control: %%2048 User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:26:00 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Changed Attributes: SAM Account Name: user Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: 11/10/2016 8:26:00 PM Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x14 New UAC Value: 0x14 User Account Control: - User Parameters: - SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:26:00 | | Microsoft-Windows-Security-Auditing | 4724: An attempt was made to reset an account's password. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-10 20:26:00 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Changed Attributes: SAM Account Name: - Display Name: - User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:26:00 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Changed Attributes: SAM Account Name: user Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: 11/10/2016 8:26:00 PM Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x14 New UAC Value: 0x214 User Account Control: %%2089 User Parameters: - SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2016-11-10 20:26:00 | | Microsoft-Windows-Security-Auditing | 4724: An attempt was made to reset an account's password. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13826 | 2016-11-10 20:26:00 | | Microsoft-Windows-Security-Auditing | 4728: A member was added to a security-enabled global group. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: - Group: Security ID: S-1-5-21-798682442-3160011695-3061995338-513 Group Name: None Group Domain: DESKTOP-R230UV9 Additional Information: Privileges: - Expiration time: (null)
|
| | Security | Audit Success | 13826 | 2016-11-10 20:26:00 | | Microsoft-Windows-Security-Auditing | 4732: A member was added to a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: - Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Additional Information: Privileges: - Expiration time: (null)
|
| | Security | Audit Success | 13826 | 2016-11-10 20:26:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x204c Process Name: C:\Windows\System32\CloudExperienceHostBroker.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:26:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x204c Process Name: C:\Windows\System32\CloudExperienceHostBroker.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:26:00 | | Microsoft-Windows-Security-Auditing | 4732: A member was added to a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: - Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Additional Information: Privileges: - Expiration time: (null)
|
| | Security | Audit Success | 13826 | 2016-11-10 20:26:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x204c Process Name: C:\Windows\System32\CloudExperienceHostBroker.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:26:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x204c Process Name: C:\Windows\System32\CloudExperienceHostBroker.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:26:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x204c Process Name: C:\Windows\System32\CloudExperienceHostBroker.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:26:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x204c Process Name: C:\Windows\System32\CloudExperienceHostBroker.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:26:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x204c Process Name: C:\Windows\System32\CloudExperienceHostBroker.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:26:00 | | Microsoft-Windows-Security-Auditing | 4733: A member was removed from a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: - Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:26:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x204c Process Name: C:\Windows\System32\CloudExperienceHostBroker.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:26:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x204c Process Name: C:\Windows\System32\CloudExperienceHostBroker.exe
|
| | Security | Audit Success | 12544 | 2016-11-10 20:26:01 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: defaultuser0 Account Domain: DESKTOP-R230UV9 Logon ID: 0xb5031 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: DESKTOP-R230UV9 Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x204c Process Name: C:\Windows\System32\CloudExperienceHostBroker.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:26:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: defaultuser0 Account Domain: DESKTOP-R230UV9 Logon ID: 0xb5031 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x111862 Linked Logon ID: 0x111887 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x204c Process Name: C:\Windows\System32\CloudExperienceHostBroker.exe Network Information: Workstation Name: DESKTOP-D6Q88NA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: OOBE Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:26:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: defaultuser0 Account Domain: DESKTOP-R230UV9 Logon ID: 0xb5031 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x111887 Linked Logon ID: 0x111862 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x204c Process Name: C:\Windows\System32\CloudExperienceHostBroker.exe Network Information: Workstation Name: DESKTOP-D6Q88NA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: OOBE Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 20:26:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x111862 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-10 20:26:01 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2016-11-10 20:26:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 20:26:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-10 20:26:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 20:26:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2016-11-10 20:28:15 | | Microsoft-Windows-Security-Auditing | 4725: A user account was disabled. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: defaultuser0 Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-10 20:28:15 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: defaultuser0 Account Domain: DESKTOP-R230UV9 Changed Attributes: SAM Account Name: defaultuser0 Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: 11/10/2016 8:24:03 PM Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x214 New UAC Value: 0x215 User Account Control: %%2080 User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
|
| | Security | Audit Success | 12544 | 2016-11-10 20:28:22 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-2 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x1844 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:28:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x1cdf08 Linked Logon ID: 0x1cdf1a Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1844 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:28:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x1cdf1a Linked Logon ID: 0x1cdf08 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1844 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:28:22 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: DESKTOP-R230UV9 Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:28:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x1cea39 Linked Logon ID: 0x1ceaa9 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-D6Q88NA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:28:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x1ceaa9 Linked Logon ID: 0x1cea39 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-D6Q88NA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2016-11-10 20:28:22 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x111887 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2016-11-10 20:28:22 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x111862 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2016-11-10 20:28:22 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: defaultuser0 Account Domain: DESKTOP-R230UV9 Logon ID: 0xb5031 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 12548 | 2016-11-10 20:28:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x1cdf08 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 20:28:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x1cdf1a Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 20:28:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x1cea39 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-10 20:28:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Failure | 12290 | 2016-11-10 20:28:26 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-10 20:28:26 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-10 20:28:26 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-10 20:28:26 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 13824 | 2016-11-10 20:29:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x1ceaa9 User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x16f8 Process Name: C:\Windows\System32\SettingSyncHost.exe
|
| | Security | Audit Success | 13824 | 2016-11-10 20:29:51 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x1ceaa9 Additional Information: Caller Workstation: DESKTOP-D6Q88NA Target Account Name: Administrator Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-10 20:29:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x1ceaa9 User: Security ID: S-1-5-21-798682442-3160011695-3061995338-501 Account Name: Guest Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x16f8 Process Name: C:\Windows\System32\SettingSyncHost.exe
|
| | Security | Audit Success | 13824 | 2016-11-10 20:29:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x1ceaa9 User: Security ID: S-1-5-21-798682442-3160011695-3061995338-501 Account Name: Guest Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x16f8 Process Name: C:\Windows\System32\SettingSyncHost.exe
|
| | Security | Audit Success | 13824 | 2016-11-10 20:29:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x1ceaa9 User: Security ID: S-1-5-21-798682442-3160011695-3061995338-501 Account Name: Guest Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x16f8 Process Name: C:\Windows\System32\SettingSyncHost.exe
|
| | Security | Audit Success | 13824 | 2016-11-10 20:29:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x1ceaa9 User: Security ID: S-1-5-21-798682442-3160011695-3061995338-501 Account Name: Guest Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x16f8 Process Name: C:\Windows\System32\SettingSyncHost.exe
|
| | Security | Audit Failure | 12290 | 2016-11-10 20:30:23 | | Microsoft-Windows-Security-Auditing | 6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume3\Windows\System32\efswrt.dll
|
| | Security | Audit Success | 12544 | 2016-11-10 20:30:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 20:30:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-10 20:33:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 20:33:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-10 20:38:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 20:38:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-10 20:39:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:39:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 20:39:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 20:39:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-10 20:40:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:40:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:40:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 20:40:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 20:40:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 20:40:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-10 20:40:14 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1e6c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:40:14 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1e6c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:40:14 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1e6c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:40:14 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1e6c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Failure | 12290 | 2016-11-10 20:40:25 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-10 20:40:25 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-10 20:40:25 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-10 20:40:25 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-10 20:40:30 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-10 20:40:30 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-10 20:40:30 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-10 20:40:30 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x14e4 Process Information: Process ID: 0x2bc0 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.0_none_95e4f9a171a1ad95\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x13c0 Process Information: Process ID: 0x2bc0 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.0_none_95e4f9a171a1ad95\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_fc2045b9046cc796.cdf-ms Handle ID: 0x16c8 Process Information: Process ID: 0x2bc0 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.0_none_95e4f9a171a1ad95\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_version_10.0.10586.486_9179798d00dc14f7.cdf-ms Handle ID: 0x13c0 Process Information: Process ID: 0x2bc0 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.0_none_95e4f9a171a1ad95\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x670 Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x6a8 Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x6bc Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spool_prtprocs_x64_bfba530a0f4e6934.cdf-ms Handle ID: 0x6a8 Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spool_drivers_f1780fdbb7b569a2.cdf-ms Handle ID: 0x670 Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spool_drivers_x64_3_fr-fr_a8bf65e83078338e.cdf-ms Handle ID: 0x6bc Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spool_drivers_x64_3_es-es_a6d8f0103351e46c.cdf-ms Handle ID: 0x5b0 Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spool_drivers_x64_3_en-us_a6d8f0c43351e2e7.cdf-ms Handle ID: 0x670 Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_fr-fr_448347788202c03b.cdf-ms Handle ID: 0x6a8 Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_es-es_429cd1a084dc7119.cdf-ms Handle ID: 0x6bc Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms Handle ID: 0x584 Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata.cdf-ms Handle ID: 0x584 Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_fe5c6d762edd2110.cdf-ms Handle ID: 0x5b0 Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_cae2264614449191.cdf-ms Handle ID: 0x6bc Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_fde55420546edfe6.cdf-ms Handle ID: 0x670 Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_d672ba09d81e87ff.cdf-ms Handle ID: 0x584 Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_accessories_bb30590aa3d31891.cdf-ms Handle ID: 0x6bc Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms Handle ID: 0x6e8 Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms Handle ID: 0x6e8 Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms Handle ID: 0x524 Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_stationery_3f6c21eb4ac66a56.cdf-ms Handle ID: 0x5dc Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x844 Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x848 Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_fc2045b9046cc796.cdf-ms Handle ID: 0x830 Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:41:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_version_10.0.10586.570_91797b8b00dc1203.cdf-ms Handle ID: 0x848 Process Information: Process ID: 0xec Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 12544 | 2016-11-10 20:43:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 20:43:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2016-11-10 20:44:37 | | Microsoft-Windows-Security-Auditing | 4726: A user account was deleted. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x1cea39 Target Account: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: defaultuser0 Account Domain: DESKTOP-R230UV9 Additional Information: Privileges -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:44:37 | | Microsoft-Windows-Security-Auditing | 4733: A member was removed from a security-enabled local group. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x1cea39 Member: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: - Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:44:37 | | Microsoft-Windows-Security-Auditing | 4729: A member was removed from a security-enabled global group. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x1cea39 Member: Security ID: S-1-5-21-798682442-3160011695-3061995338-1002 Account Name: - Group: Security ID: S-1-5-21-798682442-3160011695-3061995338-513 Group Name: None Group Domain: DESKTOP-R230UV9 Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2016-11-10 20:44:37 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x1cea39 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x254 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2016-11-10 20:45:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:45:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 20:45:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 20:45:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Failure | 12290 | 2016-11-10 20:47:07 | | Microsoft-Windows-Security-Auditing | 6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume3\Windows\System32\efswrt.dll
|
| | Security | Audit Success | 12544 | 2016-11-10 20:48:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:48:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 20:48:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 20:48:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-10 20:48:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13a4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:48:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13a4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:48:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13a4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:48:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13a4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13568 | 2016-11-10 20:48:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x7ec Process Information: Process ID: 0x1a74 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:48:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0xd5c Process Information: Process ID: 0x1a74 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:48:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x680 Process Information: Process ID: 0x1a74 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:48:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_securebootupdates_26bd7695a6545733.cdf-ms Handle ID: 0x7ec Process Information: Process ID: 0x1a74 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 20:48:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SecureBootUpdates\dbxupdate.bin Handle ID: 0xeac Process Information: Process ID: 0x1a74 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Failure | 12290 | 2016-11-10 20:48:11 | | Microsoft-Windows-Security-Auditing | 6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume3\Windows\System32\efswrt.dll
|
| | Security | Audit Success | 12544 | 2016-11-10 20:57:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:57:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 20:57:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 20:57:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 20:57:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 20:57:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-10 20:57:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2624 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:57:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2624 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:57:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2624 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 20:57:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2624 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 12544 | 2016-11-10 20:58:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 20:58:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12545 | 2016-11-10 20:59:24 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x1ceaa9 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 12544 | 2016-11-10 21:00:51 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 21:00:51 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-10 21:00:51 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x26d8 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 21:00:51 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x26d8 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 21:00:51 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x26d8 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 21:00:51 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x26d8 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\EFI\boot.stl Handle ID: 0x38 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\EFI\bootmgfw.efi Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\EFI\bootmgr.efi Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\EFI\memtest.efi Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\PCAT\bootmgr Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\PCAT\memtest.exe Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\Resources\bootres.dll Handle ID: 0x3c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\wfplwfs.inf Handle ID: 0x3c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\adhsvc.dll Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\autochk.exe Handle ID: 0x38 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\basesrv.dll Handle ID: 0x38 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BFE.DLL Handle ID: 0x38 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cdd.dll Handle ID: 0x3c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\csrsrv.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FWPUCLNT.DLL Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hal.dll Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\httpprxm.dll Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\httpprxp.dll Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IKEEXT.DLL Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iphlpsvc.dll Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LsaIso.exe Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lsasrv.dll Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lsass.exe Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ncbservice.dll Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntdll.dll Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntoskrnl.exe Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\offlinelsa.dll Handle ID: 0x38 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sspicli.dll Handle ID: 0x38 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winload.efi Handle ID: 0x38 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winload.exe Handle ID: 0x38 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winresume.efi Handle ID: 0x38 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winresume.exe Handle ID: 0x38 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Boot\winresume.efi Handle ID: 0x38 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Boot\winresume.exe Handle ID: 0x38 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ahcache.sys Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\bowser.sys Handle ID: 0x38 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\clfs.sys Handle ID: 0x3c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\cng.sys Handle ID: 0x3c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\dfsc.sys Handle ID: 0x3c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\dxgkrnl.sys Handle ID: 0x3c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\dxgmms1.sys Handle ID: 0x3c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\dxgmms2.sys Handle ID: 0x3c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\fastfat.sys Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\fvevol.sys Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\FWPKCLNT.SYS Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ksecdd.sys Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ksecpkg.sys Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\mrxdav.sys Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\mrxsmb.sys Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\mrxsmb10.sys Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\mrxsmb20.sys Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\mup.sys Handle ID: 0x3c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ndis.sys Handle ID: 0x3c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ndiswan.sys Handle ID: 0x3c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\netbt.sys Handle ID: 0x3c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ntfs.sys Handle ID: 0x38 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\partmgr.sys Handle ID: 0x38 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\pdc.sys Handle ID: 0x38 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\rdbss.sys Handle ID: 0x38 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\storport.sys Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\tcpip.sys Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\tm.sys Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\IphlpsvcMigPlugin.dll Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\ppdlic\CodeIntegrity-ppdlic.xrm-ms Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\ppdlic\NetworkSecurity-ppdlic.xrm-ms Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ntdll.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\offlinelsa.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sspicli.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_21ffbdd2a2dd92e0.cdf-ms Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_19ae85881f1c4f2d.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_b001352a7f7811a4.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_d1910540813810a2.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_fr-fr_b30defacc3dbb349.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_es-es_b30df190c3dab03b.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_en-us_b30de832c3dabde8.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_6f90e8d49688182d.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_windowsopti_a53683620e1d2957.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_windowsopti_767ff5c638fd78be.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_windowsopti_74997fee3bd7299c.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_windowsopti_749980a23bd72817.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_userresourc_0b818a3b670ab493.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_userresourc_09af5f7282219f2c.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_userresourc_09ad5f1a822aa10a.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_userresourc_09ad5cda822aa615.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_servicereso_f4feec68085f10ff.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_servicereso_7e2ee4d50f947bb6.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_servicereso_7e52eba90f436ae8.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_servicereso_7e5309ff0f433d85.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_scriptresou_8db33f971ae881d7.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_scriptresou_65e320a48017c73a.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_scriptresou_63fcaacc82f17818.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_scriptresou_63fcab8082f17693.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_roleresourc_159cf7033f428a50.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_roleresourc_4ed0b044407e3151.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_roleresourc_4eceafec4087332f.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_roleresourc_4eceadac4087383a.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_registryres_611d3eef5906fbff.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_registryres_c96ef935fcc37f58.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_registryres_c96cf8ddfccc8136.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_registryres_c96cf69dfccc8641.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_processreso_e32f9df3d4366bff.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_processreso_c0be483c9b01a14a.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_processreso_c0e24f109ab0907c.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_processreso_c0e26d669ab06319.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_packagereso_6aeaa032cb644484.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_packagereso_298e6790c1b60eed.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_packagereso_29b26e64c164fe1f.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_packagereso_29b28cbac164d0bc.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_groupresour_cdfe0c9818787b93.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_groupresour_30d1d13cb4572588.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_groupresour_30d1d320b456227a.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_groupresour_30d1c9c2b4563027.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_environment_3a79d19bd53c0ca1.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_environment_97c43efc2442f0f4.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_environment_97e845d023f1e026.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_environment_97e8642623f1b2c3.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_archivereso_7032bfdb5c844c68.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_archivereso_263ca7819657c0ad.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_archivereso_2660ae559606afdf.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_archivereso_2660ccab9606827c.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_fr-fr_b2f0cdd465d72baa.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_es-es_b10a57fc68b0dc88.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_en-us_b10a58b068b0db03.cdf-ms Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_msmq_71e80e62c92d6b9c.cdf-ms Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_msdtc_71e80fac5e2c7ea5.cdf-ms Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_msdtc_fr-fr_bbc17d2a2d5ab344.cdf-ms Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_msdtc_es-es_bbe583fe2d09a276.cdf-ms Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_msdtc_en-us_bbe5a2542d097513.cdf-ms Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_microsoft.powershell.odatautils_673c8066f70caa9f.cdf-ms Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_microsoft.powershell.odatautils_fr-fr_6c0a8a880c464a8a.cdf-ms Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_microsoft.powershell.odatautils_es-es_6c0a8c6c0c45477c.cdf-ms Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_microsoft.powershell.odatautils_en-us_6c0a830e0c455529.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_microsoft.powershell.archive_89ff3dcc0b3fce13.cdf-ms Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_microsoft.powershell.archive_fr-fr_f5ca3ae7760aa4a2.cdf-ms Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_microsoft.powershell.archive_es-es_f3e3c50f78e45580.cdf-ms Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_microsoft.powershell.archive_en-us_f3e3c5c378e453fb.cdf-ms Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_wbem_1bf25d11bb30b33f.cdf-ms Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_speech_onecore_engines_sr_d9a4a4f7ccdfa5ac.cdf-ms Handle ID: 0x54 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_speech_onecore_common_3ac1627a1b848769.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_speech_common_b84a7a708e507091.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_migration_bdcfa47e8790e0c4.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ime_shared_19ff36aa43ebd16a.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ime_imetc_0f296d620e0c52d5.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ime_imekr_0f2989dc0e0c2815.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ime_imejp_0f2986100e0c2dc6.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ime_imejp_applets_73e32571896671cb.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_fr-fr_a03ddfd474bf708f.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_f12_1bf23f09a7666be5.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_es-es_9e5769fc7799216d.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_en-us_9e576ab077991fe8.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_dism_1bf2381fbb30eb13.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_bestpractices_v1.0_models_microsoft_windows_webserver_fr-fr_aee07675cc0a3ca6.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_bestpractices_v1.0_models_microsoft_windows_webserver_es-es_aede761dcc133e84.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_bestpractices_v1.0_models_microsoft_windows_webserver_en-us_aede73ddcc13438f.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_bestpractices_v1.0_models_microsoft_windows_msmq_fr-fr_aa48af8dfa78bd17.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_bestpractices_v1.0_models_microsoft_windows_msmq_es-es_aa6cb661fa27ac49.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_bestpractices_v1.0_models_microsoft_windows_msmq_en-us_aa6cd4b7fa277ee6.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_advancedinstallers_0c6bb4866bff02f7.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_0307ca33e1cd9708.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsappthreshold_0b97cbddb6bef8ee.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsappthreshold_pris_c69f4420e8b9ac96.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsadminflowuithreshold_80571585edc0bc10.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsadminflowuithreshold_pris_8eb5d62ebc93ca12.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.data.timezones_d6ed24e35548e087.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.data.timezones_pris_4fe1d707bdf60b69.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_shellexperiencehost_cw5n1h2txyewy_e21c90d9487ed242.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_f20e4c4d4e876b3f.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_2d6b8920d3f31e0d.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_dss_service_55cd938ddb426ea7.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_dss_service_node_modules_windows.web.http.filt_fcb36222cc19ab91.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_dss_service_node_modules_windows.web.http.filt_94ac2eb2e5e19174.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_dss_service_node_modules_windows.cortana_29ac118cefb19364.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_dss_service_node_modules_windows.cortana_bin_5362ef8d90168b6f.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_dss_service_node_modules_platform_06bd3352ef55c154.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_dss_service_node_modules_cortana-platform_f57dc6e0ba0c83a9.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_assets_a5456452ec52a0d8.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_assets_persona_79dec8a2285d1c06.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.contentdeliverymanager_cw5n1h2txyewy_6369fdd3e5ab0989.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_e92250ef2519d1f6.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_js_91283bc423026fc5.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_data_4436285d27fc685e.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_43d095bdcce4e130.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_pris_4719a634d2c04eec.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_f8075bc7ad02362b.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_errorpages_73ec08ffb6105e23.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.lockapp_cw5n1h2txyewy_6f26550558264bb4.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.bioenrollment_cw5n1h2txyewy_0e6f6a5d1f5a1430.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.accountscontrol_cw5n1h2txyewy_fc38de406c5c8223.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.aad.brokerplugin_cw5n1h2txyewy_d48a5fb790740a92.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_contactsupport_cw5n1h2txyewy_9f20cf1a0d04fca1.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_a349059b05097caa.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_smbshare_b160c489ca4b107d.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_smbshare_en-us_afb84194eaac32a1.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_fff314eba11c101c.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_fr-fr_204f13e59b49b311.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_es-es_204f15c99b48b003.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_en-us_204f0c6b9b48bdb0.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_ff9b33f72ef29061.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_windowsopti_4ac7bfc47a1ccc23.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_windowsopti_6a0b76f9f79f1c12.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_windowsopti_68250121fa78ccf0.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_windowsopti_682501d5fa78cb6b.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_userresourc_6c89372784f42be7.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_userresourc_c8401d237c108960.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_userresourc_c83e1ccb7c198b3e.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_userresourc_c83e1a8b7c199049.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_servicereso_fb85110125922f37.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_servicereso_e98c65c1017cea30.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_servicereso_e9b06c95012bd962.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_servicereso_e9b08aeb012babff.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_scriptresou_9439642f1597caa3.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_scriptresou_5aff772efc12d48e.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_scriptresou_59190156feec856c.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_scriptresou_5919020afeec83e7.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_roleresourc_76a4a3ef5d2c01a4.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_roleresourc_0d6170cf3a6d1b85.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_roleresourc_0d5f70773a761d63.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_roleresourc_0d5f6e373a76226e.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_registryres_edea8e2e2ccf59ab.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_registryres_6f00359868c32224.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_registryres_6efe354068cc2402.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_registryres_6efe330068cc290d.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_processreso_e9b5c28bf1698a37.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_processreso_2c1bc8ce8cea0fc4.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_processreso_2c3fcfa28c98fef6.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_processreso_2c3fedf88c98d193.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_packagereso_7170c4cae89762bc.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_packagereso_94ebe822b39e7d67.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_packagereso_950feef6b34d6c99.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_packagereso_95100d4cb34d3f36.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_groupresour_f89377aef0e3070d.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_groupresour_ef6291c702239550.cdf-ms Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_groupresour_ef6293ab02229242.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_groupresour_ef628a4d02229fef.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_environment_f90a921d23087c69.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_environment_84d901a41af020fa.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_environment_84fd08781a9f102c.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_environment_84fd26ce1a9ee2c9.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_archivereso_76b8e47379b76aa0.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_archivereso_919a286d88402f27.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_archivereso_91be2f4187ef1e59.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_msft_archivereso_91be4d9787eef0f6.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_fr-fr_17627181d8f8b556.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_es-es_157bfba9dbd26634.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_psdesiredstateconfiguration_dscresources_en-us_157bfc5ddbd264af.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_networkswitchmanager_7187ed9e42fbe349.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_networkswitchmanager_fr-fr_0488ad1d4b1bad7c.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_networkswitchmanager_es-es_02a237454df55e5a.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_networkswitchmanager_en-us_02a237f94df55cd5.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_msmq_6a8282b1d13e3e68.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_msdtc_6a8283fc51a8e0dd.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_msdtc_fr-fr_82e4dbcb14f26cbe.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_msdtc_es-es_8308e29f14a15bf0.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_msdtc_en-us_830900f514a12e8d.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_microsoft.powershell.odatautils_df6ff71fcfa289a5.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_microsoft.powershell.odatautils_fr-fr_7304627f10203cc2.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_microsoft.powershell.odatautils_es-es_73046463101f39b4.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_microsoft.powershell.odatautils_en-us_73045b05101f4761.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_microsoft.powershell.archive_3b7bfef9dd2baedf.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_microsoft.powershell.archive_fr-fr_ad32e81d5e3d59f6.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_microsoft.powershell.archive_es-es_ab4c724561170ad4.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_microsoft.powershell.archive_en-us_ab4c72f96117094f.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_bitlocker_a73047ff15e7584f.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_bitlocker_fr-fr_89f99730c781685c.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_bitlocker_es-es_8a1d9e04c730578e.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_bitlocker_en-us_8a1dbc5ac7302a2b.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_appx_6a827ca1d13e479b.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_appx_fr-fr_e59ef8a7b71c167a.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_appx_es-es_e3b882cfb9f5c758.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_appx_en-us_e3b88383b9f5c5d3.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_winbioplugins_071a28c5b510fb6a.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_wbem_06656d9fdf2f8577.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_systemresetplatform_14fecc2716acccef.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_ppdlic_0f09ba294211a24b.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_plugin-manifests-signed_d1e9d31c180bebd2.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_speech_onecore_engines_sr_44c0fa140b306d00.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_speech_onecore_common_60bf750299e8ab15.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_speech_speechux_bf4b53e8d47da913.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_speech_common_8c297630658eaa3d.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_setup_5d3758a05cf4a445.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_pointofservice_protocolproviders_2983613e12f0b590.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_oobe_06655c95df2fa06f.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_2650d8d30fee1fe9.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_174c7b92bb7d581f.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-textservicesframework-migration_55ee7b7ed7f684bc.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-shmig_9ef85dcb89d16c58.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-rasserver-migplugin_2a8b8a2e22dfd44a.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_f1386c432966667b.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-textservicesframework-migration-dl_549205906affe6bf.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-shmig-dl_45622e527f470963.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-rasserver-migplugin_9fbe397ae34120be.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-offlinefiles-dl_ed0c7082ff497ba5.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migration_927a21df1acd7c18.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_inputmethod_shared_6eb54fb4ad19ef1c.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ime_shared_5a5b3a5824d8fee4.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ime_imetc_e3d3eac2a148ee29.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ime_imekr_e3d4073ca148c369.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ime_imejp_e3d40370a148c91a.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ime_imejp_applets_94594e11bb62a31f.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_fr-fr_448347788202c03b.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_f12_06654f97d047d6b1.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_es-es_429cd1a084dc7119.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_drivers_dc1b782427b5ee1b.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_drivers_umdf_a531b5dc588477d3.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_drivers_fr-fr_4d9f89205bdfbc76.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_drivers_es-es_4bb913485eb96d54.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_drivers_en-us_4bb913fc5eb96bcf.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_dism_066548addf2fbd4b.cdf-ms Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_diagsvcs_dd4fddd4aaa5e8ac.cdf-ms Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_boot_06654401df2fc50e.cdf-ms Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_bestpractices_v1.0_models_microsoft_windows_webserver_fr-fr_605d37a39df61d72.cdf-ms Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_bestpractices_v1.0_models_microsoft_windows_webserver_es-es_605b374b9dff1f50.cdf-ms Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_bestpractices_v1.0_models_microsoft_windows_webserver_en-us_605b350b9dff245b.cdf-ms Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_bestpractices_v1.0_models_microsoft_windows_msmq_fr-fr_8127fd700d3b3f1d.cdf-ms Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_bestpractices_v1.0_models_microsoft_windows_msmq_es-es_814c04440cea2e4f.cdf-ms Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_bestpractices_v1.0_models_microsoft_windows_msmq_en-us_814c229a0cea00ec.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_appraiser_59bebec9f06db09b.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_advancedinstallers_dfe2cf200b391371.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_resources_fbee56ab048ab239.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_resources_themes_4d0d4910e83c2273.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_resources_themes_aero_3fd78bf4cb5fa2c4.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_provisioning_cc9458acec1840ff.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_provisioning_packages_e07c8f8a91f541c4.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_printdialog_af71281e89102b83.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_policydefinitions_89130cdfc4d9c27c.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_policydefinitions_fr-fr_3af8366f8df212df.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_policydefinitions_es-es_3b1c3d438da10211.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_policydefinitions_en-us_3b1c5b998da0d4ae.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_083d4e330e766c5d.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_46321ba736a30085.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_wpf_647a02df72a14032.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_nativeimages_ae465c5139d1dacc.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v3.0_d97e7188b51e6116.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v3.0_wpf_f80a7f17f38f3771.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v2.0.50727_443de60f3f6e0828.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_83386eac0379231b.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_c40c7a995ddd757b.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_wpf_bc1339ef8efa3c4c.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_nativeimages_7f83bd6ed8241f3a.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v3.0_wpf_b56a2354fbfa0c31.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v2.0.50727_e9368840261e60ee.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_immersivecontrolpanel_1e6ccf0e6a91b570.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_globalization_0fc22903a221b67f.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_globalization_time_zone_08f498d155d3913e.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_e6d66275c6e4d14a.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_d78913b7f0741b59.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_windowsupdate_0862ad88ff233b9d.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_windowsupdate_fr-fr_6fa6342861a2949a.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_windowsupdate_es-es_6dbfbe50647c4578.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_windowsupdate_en-us_6dbfbf04647c43f3.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_windowsmediaplayerplaydvd_3aa04961f831b79d.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_windowsmediaplayerplaydvd_fr-fr_19bd8e8bc81cbabe.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_windowsmediaplayerplaydvd_es-es_17d718b3caf66b9c.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_windowsmediaplayerplaydvd_en-us_17d71967caf66a17.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_windowsmediaplayermedialibrary_64611465e9119df8.cdf-ms Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_windowsmediaplayermedialibrary_fr-fr_8fe44acee0ee7563.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_windowsmediaplayermedialibrary_es-es_900851a2e09d6495.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_windowsmediaplayermedialibrary_en-us_90086ff8e09d3732.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_windowsmediaplayerconfiguration_537e287f67955d9f.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_windowsmediaplayerconfiguration_fr-fr_b559bb1f58a033e4.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_windowsmediaplayerconfiguration_es-es_b557bac758a935c2.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_windowsmediaplayerconfiguration_en-us_b557b88758a93acd.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_video_9d515c9dc78f711e.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_video_fr-fr_b6d77c94f93e4aaf.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_video_es-es_b4f106bcfc17fb8d.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_video_en-us_b4f10770fc17fa08.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_usbcore_14d5b24ecc418e9a.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_usbcore_fr-fr_0c8574bb1fd60ca5.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_usbcore_es-es_0c8374631fdf0e83.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_usbcore_en-us_0c8372231fdf138e.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_search_9d4b5385ff8f1ef3.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_search_fr-fr_0b0015f58595f73a.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_search_es-es_0b241cc98544e66c.cdf-ms Handle ID: 0x94 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_search_en-us_0b243b1f8544b909.cdf-ms Handle ID: 0x94 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_printer_22190c3ab8798fd9.cdf-ms Handle ID: 0x94 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_printer_fr-fr_211c07d5f7afbf28.cdf-ms Handle ID: 0x94 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_printer_es-es_211a077df7b8c106.cdf-ms Handle ID: 0x94 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_printer_en-us_211a053df7b8c611.cdf-ms Handle ID: 0x94 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_power_9d457dc1c7c54838.cdf-ms Handle ID: 0x94 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_power_fr-fr_73fffefa721e0dab.cdf-ms Handle ID: 0x94 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_power_es-es_7219892274f7be89.cdf-ms Handle ID: 0x94 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_power_en-us_721989d674f7bd04.cdf-ms Handle ID: 0x94 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_performance_d48bf95b5c828123.cdf-ms Handle ID: 0x94 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_performance_fr-fr_0e1b291ac5a8194e.cdf-ms Handle ID: 0x94 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_performance_es-es_0e1928c2c5b11b2c.cdf-ms Handle ID: 0x94 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_performance_en-us_0e192682c5b12037.cdf-ms Handle ID: 0x94 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_pcw_2115168e47eaddb7.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_pcw_fr-fr_30abf1b4796d3b52.cdf-ms Handle ID: 0x94 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_pcw_es-es_30a9f15c79763d30.cdf-ms Handle ID: 0x98 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_pcw_en-us_30a9ef1c7976423b.cdf-ms Handle ID: 0x98 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_networking_29c6b61ce45e9171.cdf-ms Handle ID: 0x98 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_networking_fr-fr_9d943efc239ad1f4.cdf-ms Handle ID: 0x98 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_networking_es-es_9db845d02349c126.cdf-ms Handle ID: 0x98 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_networking_en-us_9db86426234993c3.cdf-ms Handle ID: 0x98 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_iesecurity_25644a5ef81c9ef5.cdf-ms Handle ID: 0x98 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_iesecurity_fr-fr_bd14c51e3912b744.cdf-ms Handle ID: 0x98 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_iesecurity_es-es_bd38cbf238c1a676.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_iesecurity_en-us_bd38ea4838c17913.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_iebrowseweb_e2468f1fdde27cf7.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_iebrowseweb_fr-fr_ecd29bf71c0c47c6.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_iebrowseweb_es-es_ecd09b9f1c1549a4.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_iebrowseweb_en-us_ecd0995f1c154eaf.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_homegroup_1909584eb21c73e3.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_homegroup_fr-fr_a570ceb1d3190832.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_homegroup_es-es_a38a58d9d5f2b910.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_homegroup_en-us_a38a598dd5f2b78b.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_devicecenter_0e1655bf357f4c22.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_devicecenter_fr-fr_63ad697e34ea0535.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_devicecenter_es-es_63ad6b6234e90227.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_devicecenter_en-us_63ad620434e90fd4.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_device_9d2d754600160183.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_device_fr-fr_3d73fcdaee8dd7de.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_device_es-es_3d9803aeee3cc710.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_device_en-us_3d982204ee3c99ad.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_bits_8b2c45941936af7d.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_bits_fr-fr_1e9f7d0519bfcdee.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_bits_es-es_1e9f7ee919becae0.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_bits_en-us_1e9f758b19bed88d.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_audio_fr-fr_a198cdfb5d7cc6b4.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_audio_es-es_9fb2582360567792.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_audio_en-us_9fb258d76056760d.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_apps_8b2c3dfa1936baf1.cdf-ms Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_apps_fr-fr_16097f9b2d07939a.cdf-ms Handle ID: 0xa0 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_apps_es-es_1609817f2d06908c.cdf-ms Handle ID: 0xa0 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_apps_en-us_160978212d069e39.cdf-ms Handle ID: 0xa0 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms Handle ID: 0xa0 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_aero_fr-fr_1a66923f20a53285.cdf-ms Handle ID: 0xa0 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_aero_es-es_1a66942320a42f77.cdf-ms Handle ID: 0xa0 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_aero_en-us_1a668ac520a43d24.cdf-ms Handle ID: 0xa0 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_scheduled_35e98acca7dbf9c7.cdf-ms Handle ID: 0xa0 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_scheduled_maintenance_6bb1b174b39bb442.cdf-ms Handle ID: 0xa0 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_scheduled_maintenance_fr-fr_1bdc5b0157eece7f.cdf-ms Handle ID: 0xa0 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_scheduled_maintenance_es-es_1c0061d5579dbdb1.cdf-ms Handle ID: 0xa0 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_scheduled_maintenance_en-us_1c00802b579d904e.cdf-ms Handle ID: 0xa0 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_devicesflow_a24e4906c4ce494f.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_40104b85a18bfcb2.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_resources_0adab7ac98c3dc03.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_pcat_0f8924c0debe64e4.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_pcat_qps-ploc_109d95b40d3e11cb.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_fonts_fee710f4f7b180e0.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_efi_0f890f82be247f42.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_efi_qps-ploc_24e8203102ababf9.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_dvd_pcat_de3c62295de3e26e.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_dvd_efi_de3c4ceb52549e1c.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_dvd_efi_en-us_8245c3aed97c0844.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_bcastdvr_fab1ebc0dbf2dacb.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_apppatch_apppatch64_e39bab3b20714e20.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_appcompat_programs_99c7f419bd54f4ca.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86__676bbe2c7241b694.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windowspowershell_06bfd9d2ecbb6152.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windowspowershell_modules_ee36fceb8463efe3.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windowspowershell_modules_powershellget_71b30b2f8dc296d8.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windowspowershell_modules_powershellget_1.0.0.1_51cddaf395c619ba.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windowspowershell_modules_powershellget_1.0.0.1_fr-fr_d3e319d544f8066f.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windowspowershell_modules_powershellget_1.0.0.1_es-es_d1fca3fd47d1b74d.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windowspowershell_modules_powershellget_1.0.0.1_en-us_d1fca4b147d1b5c8.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windows_photo_viewer_a7a2292bcc87c94b.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windows_nt_75867948982b5de9.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windows_nt_tabletextservice_7af8121010a6df81.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windows_nt_accessories_6b5e9ec4fa2598e7.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windows_media_player_e9607c93dd43c2ea.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windows_mail_fc7b184dbf576a4a.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windows_defender_2ba1d62d9bcc00c8.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_reference_assemblies_41115a5fd4566dab.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_reference_assemblies_microsoft_ad470207ad610db1.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_reference_assemblies_microsoft_framework_b81ea2cfde84fb19.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_reference_assemblies_microsoft_framework_v3.0_1dfad1527dc1078c.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_internet_explorer_cafab575245eacb0.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_dfa3680ec228c528.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_system_681b9383b994c86d.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_system_ole_db_17fcdbc86fee8f8b.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_system_ado_32a3d3ab7409acd3.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_microsoft_shared_635c287ec97ec0a5.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_microsoft_shared_vgx_9d0cc8bc56d58860.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_microsoft_shared_ink_9d0caff456d5ade1.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windowspowershell_f5785c4ea515f92d.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windowspowershell_modules_f73a958359531e4e.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windowspowershell_modules_powershellget_bc2bb607be56a0b5.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windowspowershell_modules_powershellget_1.0.0.1_58184d54a8ed3d17.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windowspowershell_modules_powershellget_1.0.0.1_fr-fr_4ee117a99e19e0e4.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windowspowershell_modules_powershellget_1.0.0.1_es-es_4edf17519e22e2c2.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windowspowershell_modules_powershellget_1.0.0.1_en-us_4edf15119e22e7cd.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_photo_viewer_6eb173d8debcda9a.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_nt_6101456faac5015c.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_nt_tabletextservice_9475b2de2d92bc74.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_nt_accessories_156d2b9b22040474.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_media_player_da4e5f6eb3198de9.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_mail_e07902f329fe05e9.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_defender_3e33901162166ae9.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_reference_assemblies_f89c5a39d351281a.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_reference_assemblies_microsoft_a4ba21b6f468ca9e.cdf-ms Handle ID: 0x50 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_reference_assemblies_microsoft_framework_61efdd9e2d0263ca.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_reference_assemblies_microsoft_framework_v3.0_44577d982216c291.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_internet_explorer_a421d1bfaf856e2b.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_vgx_3c86fd9f0b3afd9b.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll Handle ID: 0x50 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe Handle ID: 0x50 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll Handle ID: 0x50 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\journal.dll Handle ID: 0x50 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\micaut.dll Handle ID: 0xa4 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll Handle ID: 0x9c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\mip.exe Handle ID: 0x2c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll Handle ID: 0x7c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe Handle ID: 0x74 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll Handle ID: 0x6c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\tpcps.dll Handle ID: 0x60 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Internet Explorer\ieinstal.exe Handle ID: 0x94 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Internet Explorer\IEShims.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Internet Explorer\iexplore.exe Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\ConfigSecurityPolicy.exe Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\DataLayer.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\MpAsDesc.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\MpClient.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\MpCmdRun.exe Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\MpCommu.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\MpOAV.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\MpRtp.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\MpSvc.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\MpTpmAtt.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\MSASCui.exe Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\MsMpCom.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\MsMpEng.exe Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\MsMpLics.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\MsMpRes.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\NisIpsPlugin.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\NisLog.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\NisSrv.exe Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\NisWfp.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\ProtectionManagement.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\shellext.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Mail\msoe.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Media Player\setup_wm.exe Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Media Player\wmlaunch.exe Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Media Player\wmpnetwk.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows NT\Accessories\wordpad.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows NT\TableTextService\TableTextService.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Photo Viewer\ImagingEngine.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Photo Viewer\PhotoAcq.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Photo Viewer\PhotoViewer.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\micaut.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\Microsoft.Ink.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tiptsf.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\System\ado\msado15.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\System\Ole DB\msdaora.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Internet Explorer\ieinstal.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Internet Explorer\IEShims.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Internet Explorer\iexplore.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Defender\MpAsDesc.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Defender\MpClient.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Defender\MpOAV.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Defender\MsMpLics.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Defender\shellext.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Mail\msoe.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Media Player\setup_wm.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Media Player\wmlaunch.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows NT\TableTextService\TableTextService.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Photo Viewer\ImagingEngine.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Photo Viewer\PhotoAcq.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\explorer.exe Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\HelpPane.exe Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\AppPatch\AcGenral.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\AppPatch\AcLayers.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\AppPatch\AcSpecfc.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\AppPatch\AcWinRT.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\AppPatch\AcXtrnal.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\AppPatch\drvmain.sdb Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\AppPatch\frxmain.sdb Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\AppPatch\msimain.sdb Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\AppPatch\pcamain.sdb Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\AppPatch\sysmain.sdb Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\AppPatch\apppatch64\AcGenral.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\AppPatch\apppatch64\AcLayers.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\AppPatch\apppatch64\acspecfc.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\AppPatch\apppatch64\AcWinRT.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\AppPatch\apppatch64\pcamain.sdb Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\AppPatch\apppatch64\sysmain.sdb Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\bcastdvr\KnownGameList.bin Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\DVD\EFI\BCD Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\DVD\EFI\en-US\efisys.bin Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\DVD\EFI\en-US\efisys_noprompt.bin Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\DVD\PCAT\BCD Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\EFI\qps-ploc\memtest.efi.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\Fonts\chs_boot.ttf Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\Fonts\cht_boot.ttf Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\Fonts\jpn_boot.ttf Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\Fonts\kor_boot.ttf Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\Fonts\malgun_boot.ttf Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\Fonts\malgunn_boot.ttf Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\Fonts\meiryo_boot.ttf Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\Fonts\meiryon_boot.ttf Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\Fonts\msjh_boot.ttf Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\Fonts\msjhn_boot.ttf Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\Fonts\msyh_boot.ttf Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\Fonts\msyhn_boot.ttf Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\Fonts\segmono_boot.ttf Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\Fonts\segoe_slboot.ttf Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\Fonts\segoen_slboot.ttf Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\Fonts\wgl4_boot.ttf Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\PCAT\qps-ploc\bootmgr.exe.mui Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\PCAT\qps-ploc\memtest.exe.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\DevicesFlow\DevicesFlowUI.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\scheduled\Maintenance\en-US\CL_LocalizationData.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\scheduled\Maintenance\es-ES\CL_LocalizationData.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\scheduled\Maintenance\fr-FR\CL_LocalizationData.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\AERO\en-US\CL_LocalizationData.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\AERO\es-ES\CL_LocalizationData.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\AERO\fr-FR\CL_LocalizationData.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Apps\en-US\CL_LocalizationData.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Apps\es-ES\CL_LocalizationData.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Apps\fr-FR\CL_LocalizationData.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Audio\en-US\CL_LocalizationData.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Audio\es-ES\CL_LocalizationData.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Audio\fr-FR\CL_LocalizationData.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\BITS\en-US\CL_LocalizationData.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\BITS\es-ES\CL_LocalizationData.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\BITS\fr-FR\CL_LocalizationData.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Device\en-US\CL_LocalizationData.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Device\es-ES\CL_LocalizationData.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Device\fr-FR\CL_LocalizationData.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\DeviceCenter\en-US\CL_LocalizationData.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\DeviceCenter\es-ES\CL_LocalizationData.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\DeviceCenter\fr-FR\CL_LocalizationData.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\HomeGroup\en-US\CL_LocalizationData.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\HomeGroup\es-ES\CL_LocalizationData.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\HomeGroup\fr-FR\CL_LocalizationData.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\en-US\IEBrowseWeb_TroubleShooter.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\en-US\RS_DisableAddon.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\en-US\RS_DisableAddonLoadingTime.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\en-US\RS_ResetCacheSize.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\en-US\RS_Resetpagesyncpolicy.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\en-US\RS_RestoreIEconnection.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\es-ES\IEBrowseWeb_TroubleShooter.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\es-ES\RS_DisableAddon.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\es-ES\RS_DisableAddonLoadingTime.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\es-ES\RS_ResetCacheSize.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\es-ES\RS_Resetpagesyncpolicy.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\es-ES\RS_RestoreIEconnection.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\fr-FR\IEBrowseWeb_TroubleShooter.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\fr-FR\RS_DisableAddon.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\fr-FR\RS_DisableAddonLoadingTime.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\fr-FR\RS_ResetCacheSize.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\fr-FR\RS_Resetpagesyncpolicy.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\fr-FR\RS_RestoreIEconnection.psd1 Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IESecurity\en-US\IESecurity_TroubleShooter.psd1 Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IESecurity\en-US\RS_Blockpopups.psd1 Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IESecurity\en-US\RS_IESecuritylevels.psd1 Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IESecurity\en-US\RS_PhishingFilter.psd1 Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IESecurity\es-ES\IESecurity_TroubleShooter.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IESecurity\es-ES\RS_Blockpopups.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IESecurity\es-ES\RS_IESecuritylevels.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IESecurity\es-ES\RS_PhishingFilter.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IESecurity\fr-FR\IESecurity_TroubleShooter.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IESecurity\fr-FR\RS_Blockpopups.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IESecurity\fr-FR\RS_IESecuritylevels.psd1 Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IESecurity\fr-FR\RS_PhishingFilter.psd1 Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Networking\en-US\LocalizationData.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Networking\es-ES\LocalizationData.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Networking\fr-FR\LocalizationData.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\PCW\en-US\CL_LocalizationData.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\PCW\es-ES\CL_LocalizationData.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\PCW\fr-FR\CL_LocalizationData.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Performance\en-US\CL_LocalizationData.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Performance\es-ES\CL_LocalizationData.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Performance\fr-FR\CL_LocalizationData.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\en-US\Power_Troubleshooter.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\en-US\RS_AdjustDimDisplay.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\en-US\RS_AdjustScreenBrightness.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\en-US\RS_Adjustwirelessadaptersettings.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\en-US\RS_Balanced.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\en-US\RS_ChangeProcessorState.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\en-US\RS_DisableScreensaver.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\en-US\RS_DisableUSBSelective.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\en-US\RS_ResetDisplayIdleTimeout.psd1 Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\en-US\RS_ResetIdleDiskTimeout.psd1 Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\en-US\RS_ResetIdleSleepsetting.psd1 Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\es-ES\Power_Troubleshooter.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\es-ES\RS_AdjustDimDisplay.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\es-ES\RS_AdjustScreenBrightness.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\es-ES\RS_Adjustwirelessadaptersettings.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\es-ES\RS_Balanced.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\es-ES\RS_ChangeProcessorState.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\es-ES\RS_DisableScreensaver.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\es-ES\RS_DisableUSBSelective.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\es-ES\RS_ResetDisplayIdleTimeout.psd1 Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\es-ES\RS_ResetIdleDiskTimeout.psd1 Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\es-ES\RS_ResetIdleSleepsetting.psd1 Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\fr-FR\Power_Troubleshooter.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\fr-FR\RS_AdjustDimDisplay.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\fr-FR\RS_AdjustScreenBrightness.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\fr-FR\RS_Adjustwirelessadaptersettings.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\fr-FR\RS_Balanced.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\fr-FR\RS_ChangeProcessorState.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\fr-FR\RS_DisableScreensaver.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\fr-FR\RS_DisableUSBSelective.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\fr-FR\RS_ResetDisplayIdleTimeout.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\fr-FR\RS_ResetIdleDiskTimeout.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\fr-FR\RS_ResetIdleSleepsetting.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Printer\en-US\CL_LocalizationData.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Printer\es-ES\CL_LocalizationData.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Printer\fr-FR\CL_LocalizationData.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Search\en-US\CL_LocalizationData.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Search\es-ES\CL_LocalizationData.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Search\fr-FR\CL_LocalizationData.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\UsbCore\en-US\CL_LocalizationData.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\UsbCore\es-ES\CL_LocalizationData.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\UsbCore\fr-FR\CL_LocalizationData.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Video\en-US\CL_LocalizationData.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Video\es-ES\CL_LocalizationData.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Video\fr-FR\CL_LocalizationData.psd1 Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\WindowsMediaPlayerConfiguration\en-US\CL_LocalizationData.psd1 Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\WindowsMediaPlayerConfiguration\es-ES\CL_LocalizationData.psd1 Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\WindowsMediaPlayerConfiguration\fr-FR\CL_LocalizationData.psd1 Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\WindowsMediaPlayerMediaLibrary\en-US\CL_LocalizationData.psd1 Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\WindowsMediaPlayerMediaLibrary\es-ES\CL_LocalizationData.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\WindowsMediaPlayerMediaLibrary\fr-FR\CL_LocalizationData.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\WindowsMediaPlayerPlayDVD\en-US\CL_LocalizationData.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\WindowsMediaPlayerPlayDVD\es-ES\CL_LocalizationData.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\WindowsMediaPlayerPlayDVD\fr-FR\CL_LocalizationData.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\WindowsUpdate\en-US\CL_LocalizationData.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\WindowsUpdate\es-ES\CL_LocalizationData.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\WindowsUpdate\fr-FR\CL_LocalizationData.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Globalization\Time Zone\timezoneMapping.xml Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Globalization\Time Zone\timezones.xml Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Globalization\Time Zone\tzautoupdate.dat Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\SystemSettings.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\SystemSettingsViewModel.Desktop.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\Telemetry.Desktop.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\apps.inf Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\printupg.inf Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\peverify.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Deployment.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Transactions.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.Activities.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.ComponentModel.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.Runtime.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\NativeImages\mscorlib.ni.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ReachFramework.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Printing.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Controls.Ribbon.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\System.Data.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\System.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PenIMC.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationHostDLL.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\compatjit.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\peverify.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Core.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Deployment.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Transactions.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.Activities.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.ComponentModel.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.Runtime.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xaml.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NativeImages\mscorlib.ni.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationCore.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationHost_v0400.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationNative_v0400.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\ReachFramework.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Printing.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Windows.Controls.Ribbon.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsBase.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\WindowsStore.admx Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\WinMaps.admx Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\InetRes.adml Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\WindowsStore.adml Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\WinMaps.adml Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\es-ES\InetRes.adml Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\es-ES\WindowsStore.adml Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\es-ES\WinMaps.adml Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\fr-FR\InetRes.adml Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\fr-FR\WindowsStore.adml Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\fr-FR\WinMaps.adml Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PrintDialog\PrintDialog.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Microsoft-Common-Provisioning.dat Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Microsoft-Desktop-Provisioning.dat Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.EnergyEstimationEngine.Control.ppkg Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.EnergyEstimationEngine.CPU.ppkg Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.EnergyEstimationEngine.Display.ppkg Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.EnergyEstimationEngine.MBB.ppkg Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.EnergyEstimationEngine.Storage.ppkg Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.EnergyEstimationEngine.Telemetry.ppkg Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.EnergyEstimationEngine.Wifi.ppkg Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.Battery.ppkg Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.Button.ppkg Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.Disk.ppkg Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.Display.ppkg Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.IdleResiliency.ppkg Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.Processor.ppkg Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.Sleep.ppkg Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Resources\Themes\aero\aero.msstyles Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Resources\Themes\aero\aerolite.msstyles Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aadcloudap.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aadtb.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AboveLockAppHost.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\accountaccessor.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AccountsRt.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\acmigration.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ActionCenterCPL.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ActivationManager.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ActiveSyncProvider.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\actxprxy.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\adsmsext.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\adtschema.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aeinv.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aepic.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aitstatic.exe Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\APHostService.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ApnDatabase.xml Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppCapture.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppContracts.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\apphelp.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ApplicationFrame.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppointmentApis.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppReadiness.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\apprepapi.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\apprepsync.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appwiz.cpl Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppxAllUserStore.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppxApplicabilityEngine.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppXDeploymentClient.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppXDeploymentExtensions.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppXDeploymentServer.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppxPackaging.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppxProvisioning.xml Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppxSysprep.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\asycfilt.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\atmfd.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\atmlib.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\audiodg.exe Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AudioEng.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\audiosrv.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\authfwcfg.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\authui.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\azroles.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\azroleui.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AzureSettingSyncProvider.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bcastdvr.exe Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bcdedit.exe Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BCP47Langs.dll Handle ID: 0x8c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bcryptprimitives.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BdeHdCfgLib.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bdesvc.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BingMaps.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bisrv.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BitLockerDeviceEncryption.exe Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BluetoothApis.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BootMenuUX.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BrokerLib.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\browcli.dll Handle ID: 0x94 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\browser.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\browserbroker.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BrowserSettingSync.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bthserv.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ByteCodeGenerator.exe Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cdpreference.exe Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cdpsvc.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CellularAPI.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\certca.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\certcli.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CertEnroll.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\certprop.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\certreq.exe Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Chakra.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Chakradiag.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ChatApis.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CheckNetIsolation.exe Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cic.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Clipc.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ClipSVC.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ClipUp.exe Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CloudDomainJoinDataModelServer.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\clusapi.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cmintegrator.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\combase.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\comdlg32.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTelRunner.exe Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\comsvcs.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\comuid.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\configurationclient.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ConhostV2.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ContactApis.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CoreMessaging.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CoreUIComponents.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CPFilters.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CredProvDataModel.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\credprovhost.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\credprovs.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\crypt32.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cryptngc.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cryptsvc.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cryptui.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\d2d1.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\d3d10.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\d3d10_1.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\d3d10level9.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\d3d10warp.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\d3d11.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\D3D12.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\d3d9.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\D3DCompiler_47.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dafBth.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DafPrintProvider.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dafWCN.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DAFWSD.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\das.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DataSenseHandlers.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\davclnt.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dbgeng.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dbghelp.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DbgModel.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dcomp.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\defragsvc.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DevDispItemProvider.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\deviceaccess.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\deviceassociation.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceCensus.exe Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceEnroller.exe Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DevicePairing.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\devinv.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dhcpcore.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dhcpcore6.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dhcpcsvc.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dhcpcsvc6.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagCpl.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\diagperf.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\diagtrack.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\diagtrack_win.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dialserver.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DictationManager.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\directmanipulation.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Display.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DisplayManager.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dlnashext.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dmcertinst.exe Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dmcsps.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dmdskmgr.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dmenrollengine.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dmenterprisediagnostics.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DMRServer.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dnsapi.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dnsrslvr.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\domgmt.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dosvc.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dot3ui.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drvstore.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dui70.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\duser.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dwmcore.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dwminit.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DWrite.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dxgi.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DXP.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dxpserver.exe Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dxtrans.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eapp3hst.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eappcfg.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eappgnui.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eapphost.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eappprxy.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eapsvc.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\easinvoker.exe Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\easwrt.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\edgehtml.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EditionUpgradeManagerObj.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\edputil.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\efswrt.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EmailApis.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\enrollmentapi.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EnterpriseAppMgmtSvc.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\enterprisecsps.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EnterpriseDesktopAppMgmtCSP.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EnterpriseModernAppMgmtCSP.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\esent.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\evr.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ExecModelClient.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ExplorerFrame.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fdProxy.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fdWCN.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fhcfg.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fhengine.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fhsettingsprovider.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fhsvc.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\filemgmt.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FingerprintEnrollment.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FntCache.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fontdrvhost.exe Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FontProvider.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fontsub.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fveapi.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fveapibase.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fvecpl.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fveskybackup.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fveui.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fvewiz.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fwcfg.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FwRemoteSvr.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GamePanel.exe Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gameux.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gdi32.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GdiPlus.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\generaltel.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Geolocation.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GlobCollationHost.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GnssAdapter.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gpapi.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gpedit.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gpsvc.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hevcdecoder.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hgcpl.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hmkd.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hnetcfg.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HttpsDataSource.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IconCodecService.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\icsvc.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IdCtrls.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ie4uinit.exe Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ieapfltr.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iedkcs32.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ieframe.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iepeers.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ieproxy.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iertutil.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ieui.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ImplatSetup.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\inetcomm.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\inetcpl.cpl Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\inetpp.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\input.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputLocaleManager.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputService.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InstallAgent.exe Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\internetmail.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\intl.cpl Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\invagent.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ipsecsnp.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IPSECSVC.DLL Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iuilp.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\JpMapControl.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\jscript.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\jscript9.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\jsproxy.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\kerberos.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\kernel32.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\KernelBase.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LegacyNetUX.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LegacyNetUXHost.exe Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LicenseManager.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LicenseManagerShellext.exe Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\licensingdiag.exe Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ListSvc.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\locale.nls Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\localspl.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LocationFramework.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LocationFrameworkInternalPS.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LockAppBroker.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LockAppHost.exe Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LogonController.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MapConfiguration.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MapControlCore.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MapsBtSvc.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MapsCSP.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MapsStore.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mapsupdatetask.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MbaeApiPublic.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MBMediaManager.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mbsmsapi.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mcbuilder.exe Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MDEServer.exe Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MDMAppInstaller.exe Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mdmmigrator.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mdmregistration.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MediaFoundation.DefaultPerceptionProvider.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MessagingDataModel2.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mf.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfasfsrcsnk.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MFCaptureEngine.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfcore.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MFMediaEngine.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfmp4srcsnk.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfnetcore.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfnetsrc.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfplat.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfpmp.exe Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfps.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfsrcsnk.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfsvr.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\microsoft-windows-system-events.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MicrosoftAccountCloudAP.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MicrosoftAccountExtension.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MiracastReceiver.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mispace.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mmc.exe Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mmcbase.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mmcndmgr.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mmcshext.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\modernexecserver.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mos.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\moshost.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MosHostClient.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\moshostcore.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MosStorage.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mprddm.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mprdim.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MPSSVC.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mqcertui.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mqsnap.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MrmCoreR.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MrmIndexer.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MSAJApi.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mscms.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msctf.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msctfp.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msctfuimanager.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msdrm.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msdt.exe Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msdtctm.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msfeeds.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msftedit.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mshtml.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mshtmled.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msi.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msieftp.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msobjs.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mspaint.exe Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msscntrs.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MsSpellCheckingFacility.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mssph.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mssphtb.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mssprxy.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mssrch.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mstsc.exe Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mstscax.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msv1_0.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MSVidCtl.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mswsock.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msxml3.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msxml6.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MTF.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mtxoci.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\musdialoghandlers.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MusNotification.exe Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MusNotificationUx.exe Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MusUpdateHandlers.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ncryptsslp.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netapi32.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netcenter.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetCfgNotifyObjectHost.exe Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netcfgx.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netlogon.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netman.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netplwiz.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetSetupApi.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetSetupEngine.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetSetupShim.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetSetupSvc.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netshell.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nettrace.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetworkBindingEngineMigPlugin.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetworkDesktopSettings.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetworkMobileSettings.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetworkUXBroker.exe Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\newdev.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NFCProvisioningPlugin.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ngccredprov.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NgcCtnr.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NgcCtnrGidsHandler.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NgcCtnrSvc.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ngcpopkeysrv.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ngcsvc.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NMAA.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NotificationController.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NotificationObjFactory.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NPSM.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NPSMDesktopProvider.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nshwfp.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntprint.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntshrui.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\odbcconf.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oemlicense.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\offreg.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ole32.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oleacc.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oleacchooks.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oleaut32.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\omadmapi.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\omadmclient.exe Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OnDemandConnRouteHelper.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OneBackupHandler.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OneDriveSettingSyncProvider.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OpcServices.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PackageStateRoaming.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pcasvc.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\phoneactivate.exe Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PhoneOm.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PhoneProviders.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PhoneService.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PhotoScreensaver.scr Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Pimstore.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pla.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PlayToDevice.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PlayToManager.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PlayToReceiver.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pngfilt.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pnidui.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pnpclean.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\policymanager.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\policymanagerprecheck.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\polstore.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PortableDeviceApi.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PortableDeviceClassExtension.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PortableDeviceConnectApi.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PrintDialogs.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PrintDialogs3D.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\printfilterpipelinesvc.exe Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\prnfldr.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\prnntfy.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\profsvc.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\propsys.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\provengine.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\provhandlers.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\provisioningcsp.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\provops.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PsmServiceExtHost.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\puiapi.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\puiobj.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\qdvd.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\qmgr.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\quartz.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\racpldlg.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RADCUI.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasapi32.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasgcw.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rastls.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpcore.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpcorets.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpudd.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RDXService.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RDXTaskFactory.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RecoveryDrive.exe Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RemoteNaturalLanguage.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\reseteng.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\resutils.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rpcrt4.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rpcss.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rsaenh.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\samlib.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\samsrv.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sbe.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\scapi.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SCardDlg.dll Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\schannel.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\schedsvc.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\schtasks.exe Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sdengin2.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sdrsvc.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sdshext.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Search.ProtocolHandler.MAPI2.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SearchFilterHost.exe Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SearchFolder.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SearchIndexer.exe Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SearchProtocolHost.exe Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SecConfig.efi Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SecureTimeAggregator.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SensorDataService.exe Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SensorsApi.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SensorService.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SensorsNativeApi.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SensorsNativeApi.V2.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingMonitor.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Bluetooth.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Geolocation.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Maps.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_nt.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Privacy.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_StorageSense.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingSync.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingSyncCore.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingSyncHost.exe Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\setupapi.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\shacct.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SharedStartModel.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SharedStartModelShim.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ShareHost.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SHCore.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\shell32.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\shsetup.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\shutdownux.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SIHClient.exe Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SimAuth.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SimCfg.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SmartcardCredentialProvider.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SmartCardSimulator.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SmsRouterSvc.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spcompat.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SpeechPal.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spoolsv.exe Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppcext.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppinst.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppobjs.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppsvc.exe Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppwinob.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SRH.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SRHInproc.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\srvcli.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sti.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\StikyNot.exe Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\storagewmi.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\StoreAgent.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\storewuauth.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\StorSvc.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\StructuredQuery.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SubscriptionMgr.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sud.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\swprv.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SyncCenter.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SyncController.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SyncSettings.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\syncutil.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sysdm.cpl Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemEventsBrokerServer.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\systemreset.exe Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemSettings.DeviceEncryptionHandlers.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemSettings.Handlers.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemSettings.UserAccountsHandlers.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemSettingsAdminFlows.exe Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemSettingsThresholdAdminFlowUI.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\taskcomp.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\taskeng.exe Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Taskmgr.exe Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tbauth.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tdh.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tdlrecover.exe Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\termsrv.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tetheringservice.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TextInputFramework.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\themecpl.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\themeui.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tileobjserver.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TokenBroker.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TokenBrokerCookies.exe Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TpmTasks.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tquery.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TSWorkspace.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\twinapi.appcore.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\twinapi.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\twinui.appcore.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\twinui.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tzautoupdate.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ubpm.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\udhisapi.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uDWM.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UIAnimation.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UIAutomationCore.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UIRibbon.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UIRibbonRes.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\unimdm.tsp Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\updatehandlers.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\updatepolicy.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\upnpcont.exe Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\upnphost.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\urlmon.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\user32.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\usercpl.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UserDataService.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UserDataTimeUtil.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UserLanguagesCpl.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\usermgr.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\usocore.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UXInit.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vbscript.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vds.exe Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vdsutil.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VEDataLayerHelpers.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VEEventDispatcher.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VEStoreEventHandlers.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VoipRT.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vpnike.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vss_ps.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vssapi.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vsstrace.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VSSVC.exe Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\w32time.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WalletService.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbemcomn.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbengine.exe Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wcmcsp.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wcmsvc.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WcnApi.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wcncsvc.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wcnwiz.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wdc.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WebcamUi.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\webcheck.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WebClnt.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\webio.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\webservices.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wer.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\werconcpl.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\werui.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wevtsvc.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wevtutil.exe Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WFS.exe Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wiaaut.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wiarpc.dll Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wiaservc.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wificonnapi.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wifinetworkmanager.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wifitask.exe Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wimserv.exe Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\win32kbase.sys Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\win32kfull.sys Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\win32spl.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.AccountsControl.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.LockScreen.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.Store.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.Wallet.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Cortana.Desktop.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Cortana.OneCore.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Cortana.ProxyStub.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Data.Pdf.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.AllJoyn.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Bluetooth.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Enumeration.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.LowLevel.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Midi.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Picker.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.PointOfService.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Sensors.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.SmartCards.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.WiFiDirect.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Globalization.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Graphics.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Graphics.Printing.3D.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Graphics.Printing.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.Bluetooth.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.Management.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.Shell.Broker.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Audio.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Devices.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Editing.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Import.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.MediaControl.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Speech.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Streaming.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Streaming.ps.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.Connectivity.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.UX.EapRequestHandler.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.Vpn.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Security.Authentication.OnlineId.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Security.Authentication.Web.Core.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Shell.Search.UriHandler.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Speech.Pal.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.StateRepository.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.StateRepositoryBroker.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.StateRepositoryClient.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Storage.ApplicationData.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windows.storage.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Storage.Search.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.BioFeedback.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.BlockedShutdown.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Core.TextInput.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Cred.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Immersive.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Input.Inking.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Logon.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.PicturePassword.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Search.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Shell.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Xaml.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Xaml.Phone.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Web.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Web.Http.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsCodecs.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsCodecsExt.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsCodecsRaw.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windowsperformancerecordercontrol.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winhttp.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wininet.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wininetlui.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wininit.exe Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winipcfile.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winipcsecproc.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winipcsecproc_ssp.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winlogon.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winmde.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winmsipc.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winspool.drv Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winsrv.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wintrust.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinTypes.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wkscli.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlanapi.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WLanConn.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WlanMediaManager.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WlanMM.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlansvc.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlanui.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wldp.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlidprov.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlidsvc.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmdrmdev.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmdrmsdk.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmicmiplugin.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WMNetMgr.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmp.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WMPDMC.exe Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WmpDui.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmpdxm.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmpeffects.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WMPhoto.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmploc.DLL Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmpmde.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmpps.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmpshell.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WMVCORE.DLL Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\workfolderssvc.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Wpc.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WpcMon.exe Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WpcWebFilter.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WpcWebSync.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpdbusenum.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpdshext.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WPDShServiceObj.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpnapps.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpncore.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpr.exe Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpx.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ws2_32.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WSClient.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wscsvc.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WSDApi.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wsdchngr.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wsecedit.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wshbth.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WsmAgent.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WsmAuto.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wsmprovhost.exe Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WsmSvc.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WsmWmiPl.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wsp_fs.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wsp_health.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wsqmcons.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WSService.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WSShared.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WSSync.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuapi.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuauclt.exe Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuaueng.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuautoappupdate.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WUDFPlatform.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WUDFx.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wups.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wusa.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuuhext.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wvc.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WWAHost.exe Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WWanAPI.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wwanconn.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wwanmm.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wwansvc.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\XblAuthManager.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\XboxNetApiSvc.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\XpsDocumentTargetPrint.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\XpsFilt.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\XpsPrint.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\xpsrchvw.exe Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\xpsservices.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\zipfldr.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AdvancedInstallers\cmiv2.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser\appraiser.sdb Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser\Appraiser_Data.ini Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser\Appraiser_TelemetryRunList.xml Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser\hwcompat_RS1.txt Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser\hwexclude_RS1.txt Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser\wucompat.txt Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BestPractices\v1.0\Models\Microsoft\Windows\MSMQ\en-US\Msmq.psd1 Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BestPractices\v1.0\Models\Microsoft\Windows\MSMQ\es-ES\Msmq.psd1 Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BestPractices\v1.0\Models\Microsoft\Windows\MSMQ\fr-FR\Msmq.psd1 Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BestPractices\v1.0\Models\Microsoft\Windows\WebServer\en-US\WebServer.psd1 Handle ID: 0x44 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BestPractices\v1.0\Models\Microsoft\Windows\WebServer\es-ES\WebServer.psd1 Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BestPractices\v1.0\Models\Microsoft\Windows\WebServer\fr-FR\WebServer.psd1 Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Boot\winload.efi Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Boot\winload.exe Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Runtime.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ProvProvider.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\TransmogProvider.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\VhdProvider.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\WimProvider.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ClipSp.sys Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\dumpsdport.sys Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\filecrypt.sys Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\http.sys Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\Ndu.sys Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\nwifi.sys Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\scfilter.sys Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\sdport.sys Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\srv.sys Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\srv2.sys Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\srvnet.sys Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\UcmCx.sys Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ufx01000.sys Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\WdiWiFi.sys Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\en-US\ndis.sys.mui Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\es-ES\ndis.sys.mui Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\fr-FR\ndis.sys.mui Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\UMDF\UcmCx.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\adtschema.dll.mui Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\appraiser.dll.mui Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\AppXDeploymentServer.dll.mui Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\crypt32.dll.mui Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\edgehtml.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\ieframe.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\microsoft-windows-system-events.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\mshtml.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\msobjs.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\MusNotificationUx.exe.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\powrprof.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\SettingsHandlers_Maps.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\SRH.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\SRHInproc.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\tzres.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\wininet.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\wininetlui.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\wmploc.DLL.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-ES\adtschema.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-ES\appraiser.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-ES\AppXDeploymentServer.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-ES\crypt32.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-ES\edgehtml.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-ES\ieframe.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-ES\microsoft-windows-system-events.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-ES\mshtml.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-ES\msobjs.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-ES\MusNotificationUx.exe.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-ES\powrprof.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-ES\readingviewresources.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-ES\SettingsHandlers_Maps.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-ES\SRH.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-ES\SRHInproc.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-ES\tzres.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-ES\wininet.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-ES\wininetlui.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-ES\wmploc.DLL.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\F12AppFrame.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\F12Platform.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\F12Platform2.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\perf_nt.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-FR\adtschema.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-FR\appraiser.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-FR\AppXDeploymentServer.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-FR\crypt32.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-FR\edgehtml.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-FR\ieframe.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-FR\microsoft-windows-system-events.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-FR\mshtml.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-FR\msobjs.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-FR\MusNotificationUx.exe.mui Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-FR\powrprof.dll.mui Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-FR\readingviewresources.dll.mui Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-FR\SettingsHandlers_Maps.dll.mui Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-FR\SRH.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-FR\SRHInproc.dll.mui Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-FR\tzres.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-FR\wininet.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-FR\wininetlui.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-FR\wmploc.DLL.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\IMJPAPI.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\IMJPCMLD.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\imjpcus.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\IMJPDAPI.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\IMJPDCT.EXE Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\IMJPDCTP.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\IMJPLMP.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\IMJPPRED.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\IMJPSET.EXE Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\IMJPTIP.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\IMJPUEX.EXE Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\imjpuexc.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\imjputyc.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\APPLETS\IMJPCAC.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\APPLETS\imjpskey.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\APPLETS\IMJPSKF.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEKR\imkrapi.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEKR\imkrotip.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEKR\imkrtip.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMETC\IMTCCFG.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMETC\IMTCCORE.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMETC\IMTCPROP.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMETC\IMTCTIP.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMETC\imtcui.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\SHARED\IMCCPHR.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\SHARED\ImeBroker.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\SHARED\imecfm.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\SHARED\imecfmui.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\SHARED\IMEFILES.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\SHARED\IMEPADSM.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\SHARED\IMEPADSV.EXE Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\SHARED\IMETIP.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\SHARED\IMEWDBLD.EXE Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\SHARED\IMJKAPI.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\SHARED\MSCAND20.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputMethod\SHARED\ChxEM.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputMethod\SHARED\IHDS.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\AppxUpgradeMigrationPlugin.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\ClipMigPlugin.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\dafmigplugin.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\imjpmig.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\msctfmig.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\pnpmig.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\shmig.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\WpcMigration.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\migcore.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\migstore.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-OfflineFiles-DL\CscMigDl.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-RasServer-MigPlugin\RasMigPlugin.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-shmig-DL\shmig.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imjpmig.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\msctfmig.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\legacy-sapi-repl.man Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\Microsoft-Windows-RasServer-MigPlugin\RasMigPlugin.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\microsoft-windows-shmig\shmig.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\Microsoft-Windows-TextServicesFramework-Migration\msctfmig.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\audit.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\msoobe.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\msoobedui.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\msoobeplugins.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\win32ui.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\WinLGDep.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\winsetup.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PointOfService\ProtocolProviders\BarcodeScannerProtocolProvider.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PointOfService\ProtocolProviders\CashDrawerProtocolProvider.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PointOfService\ProtocolProviders\PrinterProtocolProvider.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\setup\RasMigPlugin.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech\Common\sapi.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech\SpeechUX\SpeechUX.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech\SpeechUX\SpeechUXWiz.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\Common\sapi_onecore.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\Engines\SR\spsreng_onecore.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\plugin-manifests-signed\sppobjs-spp-plugin-manifest-signed.xrm-ms Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\plugin-manifests-signed\sppwinob-spp-plugin-manifest-signed.xrm-ms Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\ppdlic\ClipService-ppdlic.xrm-ms Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\ppdlic\dmenrollengine-ppdlic.xrm-ms Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\ppdlic\enterprisemgmt_policymanager-ppdlic.xrm-ms Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\ppdlic\explorer-ppdlic.xrm-ms Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\ppdlic\ExtensibleStorageEngine-ISAM-ppdlic.xrm-ms Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\ppdlic\hevcdecoder-ppdlic.xrm-ms Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\ppdlic\iuilp-ppdlic.xrm-ms Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\ppdlic\Microsoft-Windows-InternetConnectionSharingConfig-ppdlic.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\ppdlic\MicrosoftWindowsSafeDocsMain-ppdlic.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\ppdlic\msoobe-ppdlic.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\ppdlic\Security-SPP-ppdlic.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\ppdlic\TabletPCInputPanel-ppdlic.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\ppdlic\transmog-ppdlic.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\ppdlic\UpdatePolicy-ppdlic.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\ppdlic\WebServices-ppdlic.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\ppdlic\WMPPlayer-ppdlic.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\ppdlic\WSLicensingService-ppdlic.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemResetPlatform\RjvClassicApp.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemResetPlatform\RjvMDMConfig.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\cimwin32.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\DMWmiBridgeProv.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\MDMSettingsProv.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ndisimplatcim.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\NetAdapterCim.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\NetEventPacketCapture.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\wbemcore.dll Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\wbemess.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\wfascim.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WmiDcPrv.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WmiPrvSD.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WmiPrvSE.exe Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceRecognitionEngineAdapter.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Appx\en-US\Appx.psd1 Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Appx\es-ES\Appx.psd1 Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Appx\fr-FR\Appx.psd1 Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\es-ES\BitLocker.psd1 Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\fr-FR\BitLocker.psd1 Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\en-US\ArchiveResources.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\es-ES\ArchiveResources.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\fr-FR\ArchiveResources.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\en-US\Microsoft.PowerShell.ODataUtilsStrings.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\es-ES\Microsoft.PowerShell.ODataUtilsStrings.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\fr-FR\Microsoft.PowerShell.ODataUtilsStrings.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MsDtc\en-US\TestDtc.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MsDtc\es-ES\TestDtc.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MsDtc\fr-FR\TestDtc.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MSMQ\Microsoft.Msmq.Activex.Interop.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MSMQ\Microsoft.Msmq.PowerShell.Commands.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MSMQ\Microsoft.Msmq.Runtime.Interop.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MSMQ\MSMQ.psd1 Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\NetworkSwitchManager\en-US\NetworkSwitchManager.Resource.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\NetworkSwitchManager\es-ES\NetworkSwitchManager.Resource.psd1 Handle ID: 0x48 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\NetworkSwitchManager\fr-FR\NetworkSwitchManager.Resource.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\en-US\RunAsHelper.strings.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\es-ES\RunAsHelper.strings.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\fr-FR\RunAsHelper.strings.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\en-US\ArchiveProvider.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\es-ES\ArchiveProvider.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\fr-FR\ArchiveProvider.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\en-US\MSFT_EnvironmentResource.strings.psd1 Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\es-ES\MSFT_EnvironmentResource.strings.psd1 Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\fr-FR\MSFT_EnvironmentResource.strings.psd1 Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\en-US\MSFT_GroupResource.strings.psd1 Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\es-ES\MSFT_GroupResource.strings.psd1 Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\fr-FR\MSFT_GroupResource.strings.psd1 Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\en-US\PackageProvider.psd1 Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\es-ES\PackageProvider.psd1 Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\fr-FR\PackageProvider.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\en-US\MSFT_ProcessResource.strings.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\es-ES\MSFT_ProcessResource.strings.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\fr-FR\MSFT_ProcessResource.strings.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\en-US\MSFT_RegistryResource.strings.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\es-ES\MSFT_RegistryResource.strings.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\fr-FR\MSFT_RegistryResource.strings.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\en-US\MSFT_RoleResourceStrings.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\es-ES\MSFT_RoleResourceStrings.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\fr-FR\MSFT_RoleResourceStrings.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\en-US\MSFT_ScriptResourceStrings.psd1 Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\es-ES\MSFT_ScriptResourceStrings.psd1 Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\fr-FR\MSFT_ScriptResourceStrings.psd1 Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\en-US\MSFT_ServiceResource.strings.psd1 Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\es-ES\MSFT_ServiceResource.strings.psd1 Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\fr-FR\MSFT_ServiceResource.strings.psd1 Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\en-US\MSFT_UserResource.strings.psd1 Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\es-ES\MSFT_UserResource.strings.psd1 Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\fr-FR\MSFT_UserResource.strings.psd1 Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\en-US\MSFT_WindowsOptionalFeature.strings.psd1 Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\es-ES\MSFT_WindowsOptionalFeature.strings.psd1 Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\fr-FR\MSFT_WindowsOptionalFeature.strings.psd1 Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\en-US\PSDesiredStateConfiguration.Resource.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\en-US\PSDSCxMachine.strings.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\es-ES\PSDesiredStateConfiguration.Resource.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\es-ES\PSDSCxMachine.strings.psd1 Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\fr-FR\PSDesiredStateConfiguration.Resource.psd1 Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\fr-FR\PSDSCxMachine.strings.psd1 Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\SmbShare\en-US\SmbLocalization.psd1 Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ContactSupport_cw5n1h2txyewy\RdpRelayTransport.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ContactSupport_cw5n1h2txyewy\SupportApp.WinRT.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AAD.Core.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlUI.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy\BioEnrollmentUI.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Actions.xbf Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppxBlockMap.xml Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppxManifest.xml Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppxSignature.p7x Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eData.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eModel.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eView.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\F12AppFrame2.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\resources.pri Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings.xbf Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\ErrorPages\ErrorPageScripts.js Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\pris\resources.en-US.pri Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\pris\resources.es-ES.pri Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\pris\resources.fr-FR.pri Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Microsoft.CloudExperienceHost.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\MicrosoftAccount.TokenProvider.Core.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\data\uriRules-int.json Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\data\uriRules.json Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\js\cloudDomainJoin.js Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\js\storage.js Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\js\tokenProviderManager.js Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionMgr.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\BingConfigurationClient.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\BingIdentityManagerInternal.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\BingLocalSearchService.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CGSVCBackgroundTask.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.ActionUriHandlers.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.AppToApp.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.ContactPermissions.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.DoNotDisturb.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.IntentExtraction.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.LocalSearch.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Nodewinrtwrap.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Reminders.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.SmartExtraction.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Sync.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Sync.Worker.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Upload.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaSpeechux.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\DeviceSideServicesActionUriHandler.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\node.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\OnlineServices.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PhonePCVoiceAgents.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PPIVoiceAgents.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ReactiveAgentsCommon.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ReminderActionUriHandlers.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesActionUriHandler.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SAPIBackgroundTask.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ShellActionUriHandlers.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\tws.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\VoiceAgentsCommon.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Assets\Persona\PersonaPShader.cso Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Assets\Persona\PersonaVShader.cso Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\cortana-platform\cortana_platform_abstraction.js Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\platform\platform_abstraction.js Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana\bin\NodeRT_Windows_Cortana.node Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\GamingTcuiHelpers.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\BatteryFlyoutExperience.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ClockFlyoutExperience.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\DevicesFlowUI.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\JumpviewUI.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\NetworkUX.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\PeopleShared.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickConnectUI.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\resources.pri Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\StartUI.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.ActionCenter.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\Windows.Data.TimeZones.pri Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.ar-SA.pri Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.bg-BG.pri Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.cs-CZ.pri Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.da-DK.pri Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.de-DE.pri Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.el-GR.pri Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.en-GB.pri Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.en-US.pri Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.es-ES.pri Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.es-MX.pri Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.et-EE.pri Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.fi-FI.pri Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.fr-CA.pri Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.fr-FR.pri Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.he-IL.pri Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.hr-HR.pri Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.hu-HU.pri Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.it-IT.pri Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.ja-JP.pri Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.ko-KR.pri Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.lt-LT.pri Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.lv-LV.pri Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.nb-NO.pri Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.nl-NL.pri Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.pl-PL.pri Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.pt-BR.pri Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.pt-PT.pri Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.ro-RO.pri Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.ru-RU.pri Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.sk-SK.pri Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.sl-SI.pri Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.sr-Latn-RS.pri Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.sv-SE.pri Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.th-TH.pri Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.tr-TR.pri Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.uk-UA.pri Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.zh-CN.pri Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.zh-HK.pri Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.zh-TW.pri Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsAdminFlowUIThreshold\Windows.UI.SettingsAdminFlowUIThreshold.pri Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsAdminFlowUIThreshold\pris\Windows.UI.SettingsAdminFlowUIThreshold.en-US.pri Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsAdminFlowUIThreshold\pris\Windows.UI.SettingsAdminFlowUIThreshold.es-ES.pri Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsAdminFlowUIThreshold\pris\Windows.UI.SettingsAdminFlowUIThreshold.fr-FR.pri Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsAppThreshold\Windows.UI.SettingsAppThreshold.pri Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsAppThreshold\pris\Windows.UI.SettingsAppThreshold.en-US.pri Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsAppThreshold\pris\Windows.UI.SettingsAppThreshold.es-ES.pri Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsAppThreshold\pris\Windows.UI.SettingsAppThreshold.fr-FR.pri Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AboveLockAppHost.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AccountsRt.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ActionCenterCPL.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ActiveSyncProvider.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\actxprxy.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\adsmsext.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\adtschema.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppCapture.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppContracts.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\apphelp.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppLockerCSP.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppointmentApis.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\apprepapi.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\apprepsync.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\appwiz.cpl Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppxAllUserStore.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppXDeploymentClient.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppxPackaging.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppxProvisioning.xml Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\asycfilt.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\atmfd.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\atmlib.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\authfwcfg.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\authui.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\azroles.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\azroleui.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AzureSettingSyncProvider.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\bcastdvr.exe Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BCP47Langs.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\bcryptprimitives.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BingMaps.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BluetoothApis.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\browcli.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BrowserSettingSync.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ByteCodeGenerator.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\certca.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\certcli.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CertEnroll.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\certmgr.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\certreq.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Chakra.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CheckNetIsolation.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cic.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Clipc.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\clusapi.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\combase.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\comdlg32.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\comsvcs.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\comuid.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ContactApis.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CoreMessaging.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CoreUIComponents.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CPFilters.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CredProvDataModel.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\credprovhost.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\credprovs.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\crypt32.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cryptngc.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cryptui.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\d2d1.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\d3d10level9.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\d3d10warp.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\d3d11.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\D3D12.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\d3d9.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\D3DCompiler_47.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DafPrintProvider.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\davclnt.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dbgeng.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DbgModel.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dcomp.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DevDispItemProvider.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\deviceassociation.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DevicePairing.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dhcpcore.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dhcpcore6.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dhcpcsvc.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dhcpcsvc6.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DictationManager.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\directmanipulation.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Display.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DisplayManager.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dlnashext.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dmdskmgr.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dnsapi.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dot3ui.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\drvstore.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dui70.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\duser.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dwmcore.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DWrite.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dxgi.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dxtrans.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\eapp3hst.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\eappcfg.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\eappgnui.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\eapphost.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\eappprxy.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\easwrt.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\edgehtml.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\edputil.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\efswrt.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\esent.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\evr.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ExecModelClient.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\explorer.exe Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ExplorerFrame.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fdWCN.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\filemgmt.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fontdrvhost.exe Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fontsub.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fwcfg.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\FWPUCLNT.DLL Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\FwRemoteSvr.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\GamePanel.exe Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\gameux.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\gdi32.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\GdiPlus.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Geolocation.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\GlobCollationHost.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\gpedit.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\hevcdecoder.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\hgcpl.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\hmkd.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\hnetcfg.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IconCodecService.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IdCtrls.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ieapfltr.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iedkcs32.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ieframe.dll Handle ID: 0x94 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iepeers.dll Handle ID: 0x58 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ieproxy.dll Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iertutil.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ieui.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\inetcomm.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\inetcpl.cpl Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\input.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\InputLocaleManager.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\InputService.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\InstallAgent.exe Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\intl.cpl Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\JpMapControl.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\jscript.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\jscript9.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\jsproxy.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\kerberos.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\kernel32.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\KernelBase.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LicenseManager.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\licensingdiag.exe Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LocationFramework.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LockAppBroker.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LockAppHost.exe Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LogonController.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MapConfiguration.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MapControlCore.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MapsBtSvc.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MbaeApiPublic.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mbsmsapi.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mdmregistration.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MessagingDataModel2.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mf.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfasfsrcsnk.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MFCaptureEngine.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfcore.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MFMediaEngine.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfmp4srcsnk.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfnetsrc.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfplat.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfpmp.exe Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfsrcsnk.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfsvr.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MiracastReceiver.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mispace.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mmc.exe Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mmcbase.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mmcndmgr.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mmcshext.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mos.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MosHostClient.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MosStorage.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mprddm.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mprdim.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mqcertui.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mqsnap.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MrmCoreR.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MrmIndexer.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MSAJApi.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mscms.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msctf.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msctfuimanager.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msfeeds.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msftedit.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mshtml.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MshtmlDac.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mshtmled.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msi.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msieftp.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msobjs.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msorcl32.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mspaint.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msscntrs.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MsSpellCheckingFacility.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mssph.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mssphtb.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mssrch.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mstsc.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mstscax.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msv1_0.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MSVidCtl.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mswsock.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msxml3.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msxml6.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MTF.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mtxoci.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ncryptsslp.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netapi32.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netcenter.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netcfgx.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netplwiz.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NetSetupApi.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NetSetupEngine.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NetSetupShim.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netshell.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\newdev.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NMAA.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\notepad.exe Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NotificationObjFactory.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NPSM.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NPSMDesktopProvider.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\nshwfp.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ntprint.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ntshrui.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\objsel.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\odbcconf.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\oemlicense.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\offreg.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ole32.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\oleacc.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\oleacchooks.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\oleaut32.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\olepro32.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\OpcServices.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PhoneOm.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PhotoScreensaver.scr Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Pimstore.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\pla.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PlayToManager.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PlayToReceiver.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\policymanager.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\polstore.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PortableDeviceApi.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PortableDeviceClassExtension.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PortableDeviceConnectApi.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PrintDialogs.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\prnfldr.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\prnntfy.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\propsys.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ProximityCommon.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\puiapi.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\puiobj.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\qdvd.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rasdlg.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rasgcw.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rastls.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rdpcore.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\RemoteNaturalLanguage.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\resutils.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rpcrt4.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rsaenh.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\samlib.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sbe.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SCardDlg.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\schannel.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\schtasks.exe Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Search.ProtocolHandler.MAPI2.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SearchFolder.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SearchIndexer.exe Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SearchProtocolHost.exe Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SensorsApi.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SensorsNativeApi.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SensorsNativeApi.V2.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SettingMonitor.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SettingSync.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SettingSyncCore.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SettingSyncHost.exe Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\setupapi.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\shacct.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ShareHost.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SHCore.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\shell32.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\shsetup.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SimAuth.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SimCfg.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SmartcardCredentialProvider.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SRH.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SRHInproc.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\srpapi.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\srvcli.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sti.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\storagewmi.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\StoreAgent.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\StructuredQuery.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sud.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SyncCenter.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SyncController.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SyncSettings.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\syncutil.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sysdm.cpl Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\taskcomp.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\taskeng.exe Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Taskmgr.exe Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\taskschd.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tbauth.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tdh.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tdlrecover.exe Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TextInputFramework.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\themecpl.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\themeui.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TokenBroker.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TokenBrokerCookies.exe Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tquery.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\twinapi.appcore.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\twinapi.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\twinui.appcore.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\twinui.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\udhisapi.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UIAnimation.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UIAutomationCore.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UIRibbon.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UIRibbonRes.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\unimdm.tsp Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\updatepolicy.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\upnpcont.exe Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\upnphost.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\urlmon.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\usbceip.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\user32.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\usercpl.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UserDataTimeUtil.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UserLanguagesCpl.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UXInit.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\vbscript.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\VEDataLayerHelpers.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\VEEventDispatcher.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\VoipRT.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\vssapi.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\vsstrace.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbemcomn.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WcnApi.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wcnwiz.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wdc.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WebcamUi.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\webcheck.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WebClnt.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\webio.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\webservices.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wer.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wevtutil.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wfdprov.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wiaaut.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.AccountsControl.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.ApplicationModel.Wallet.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Cortana.ProxyStub.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Data.Pdf.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.AllJoyn.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Enumeration.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.LowLevel.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Midi.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Picker.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Sensors.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.WiFiDirect.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Globalization.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Graphics.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Graphics.Printing.3D.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Graphics.Printing.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Internal.Management.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Audio.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Devices.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Editing.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Import.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Speech.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Streaming.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Streaming.ps.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Networking.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Shell.Search.UriHandler.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Speech.Pal.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.StateRepository.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.StateRepositoryBroker.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\windows.storage.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Storage.Search.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Cred.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Immersive.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Logon.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Search.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Xaml.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Xaml.Phone.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Web.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Web.Http.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsCodecs.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsCodecsExt.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsCodecsRaw.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winhttp.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wininet.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wininetlui.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winipcfile.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winipcsecproc.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winipcsecproc_ssp.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winmde.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winmsipc.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winspool.drv Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wintrust.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wkscli.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlanapi.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WLanConn.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WlanMM.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlanmsm.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlansec.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlanui.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wldp.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlidprov.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wmdrmdev.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wmdrmsdk.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WMNetMgr.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wmp.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WMPDMC.exe Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WmpDui.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wmpdxm.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wmpeffects.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WMPhoto.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wmploc.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wmpshell.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WMVCORE.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Wpc.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WpcWebFilter.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wpdshext.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WPDShServiceObj.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wpnapps.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ws2_32.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WSClient.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WSDApi.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wsdchngr.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wsecedit.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wshbth.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WsmAgent.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WsmAuto.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wsmprovhost.exe Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WsmSvc.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WsmWmiPl.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wsp_fs.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wsp_health.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WSShared.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WSSync.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wuapi.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wups.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wvc.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WWAHost.exe Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\XpsDocumentTargetPrint.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\XpsFilt.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\XpsPrint.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\xpsrchvw.exe Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\xpsservices.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\zipfldr.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AdvancedInstallers\cmiv2.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BestPractices\v1.0\Models\Microsoft\Windows\MSMQ\en-US\Msmq.psd1 Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BestPractices\v1.0\Models\Microsoft\Windows\MSMQ\es-ES\Msmq.psd1 Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BestPractices\v1.0\Models\Microsoft\Windows\MSMQ\fr-FR\Msmq.psd1 Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\ProvProvider.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\TransmogProvider.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\VhdProvider.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\en-US\adtschema.dll.mui Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\en-US\crypt32.dll.mui Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\en-US\edgehtml.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\en-US\ieframe.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\en-US\mshtml.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\en-US\msobjs.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\en-US\powrprof.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\en-US\SRH.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\en-US\SRHInproc.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\en-US\tzres.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\en-US\wininet.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\en-US\wininetlui.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\en-US\wmploc.DLL.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\es-ES\adtschema.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\es-ES\crypt32.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\es-ES\edgehtml.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\es-ES\ieframe.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\es-ES\mshtml.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\es-ES\msobjs.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\es-ES\powrprof.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\es-ES\readingviewresources.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\es-ES\SRH.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\es-ES\SRHInproc.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\es-ES\tzres.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\es-ES\wininet.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\es-ES\wininetlui.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\es-ES\wmploc.DLL.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\F12\F12AppFrame.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\F12\F12Platform.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fr-FR\adtschema.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fr-FR\crypt32.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fr-FR\edgehtml.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fr-FR\ieframe.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fr-FR\mshtml.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fr-FR\msobjs.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fr-FR\powrprof.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fr-FR\readingviewresources.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fr-FR\SRH.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fr-FR\SRHInproc.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fr-FR\tzres.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fr-FR\wininet.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fr-FR\wininetlui.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fr-FR\wmploc.DLL.mui Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\IMJPAPI.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\IMJPCMLD.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\imjpcus.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\IMJPDAPI.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\IMJPDCT.EXE Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\IMJPDCTP.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\IMJPLMP.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\IMJPPRED.DLL Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\IMJPSET.EXE Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\IMJPTIP.DLL Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\IMJPUEX.EXE Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\imjpuexc.exe Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\imjputyc.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\applets\IMJPCAC.DLL Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\applets\imjpskey.DLL Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\applets\IMJPSKF.DLL Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEKR\imkrapi.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEKR\imkrotip.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEKR\imkrtip.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMETC\IMTCCFG.DLL Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMETC\IMTCCORE.DLL Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMETC\IMTCPROP.exe Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMETC\IMTCTIP.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMETC\imtcui.DLL Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\SHARED\IMCCPHR.exe Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\SHARED\imecfm.dll Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\SHARED\imecfmui.exe Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\SHARED\IMEFILES.DLL Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\SHARED\IMEPADSM.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\SHARED\IMEPADSV.EXE Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\SHARED\IMETIP.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\SHARED\IMEWDBLD.EXE Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\SHARED\IMJKAPI.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\SHARED\MSCAND20.DLL Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\dafmigplugin.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\imjpmig.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\msctfmig.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\shmig.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\WpcMigration.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech\Common\sapi.dll Handle ID: 0x90 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech_OneCore\Common\sapi_onecore.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech_OneCore\Engines\SR\spsreng_onecore.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\WmiDcPrv.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\en-US\ArchiveResources.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\es-ES\ArchiveResources.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\fr-FR\ArchiveResources.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\en-US\Microsoft.PowerShell.ODataUtilsStrings.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\es-ES\Microsoft.PowerShell.ODataUtilsStrings.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\fr-FR\Microsoft.PowerShell.ODataUtilsStrings.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en-US\TestDtc.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es-ES\TestDtc.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\fr-FR\TestDtc.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MSMQ\Microsoft.Msmq.Activex.Interop.dll Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MSMQ\Microsoft.Msmq.PowerShell.Commands.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MSMQ\Microsoft.Msmq.Runtime.Interop.dll Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MSMQ\MSMQ.psd1 Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\en-US\RunAsHelper.strings.psd1 Handle ID: 0x84 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\es-ES\RunAsHelper.strings.psd1 Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\fr-FR\RunAsHelper.strings.psd1 Handle ID: 0x38 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\en-US\ArchiveProvider.psd1 Handle ID: 0x38 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\es-ES\ArchiveProvider.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\fr-FR\ArchiveProvider.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\en-US\MSFT_EnvironmentResource.strings.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\es-ES\MSFT_EnvironmentResource.strings.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\fr-FR\MSFT_EnvironmentResource.strings.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\en-US\MSFT_GroupResource.strings.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\es-ES\MSFT_GroupResource.strings.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\fr-FR\MSFT_GroupResource.strings.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\en-US\PackageProvider.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\es-ES\PackageProvider.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\fr-FR\PackageProvider.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\en-US\MSFT_ProcessResource.strings.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\es-ES\MSFT_ProcessResource.strings.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\fr-FR\MSFT_ProcessResource.strings.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\en-US\MSFT_RegistryResource.strings.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\es-ES\MSFT_RegistryResource.strings.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\fr-FR\MSFT_RegistryResource.strings.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\en-US\MSFT_RoleResourceStrings.psd1 Handle ID: 0x38 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\es-ES\MSFT_RoleResourceStrings.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\fr-FR\MSFT_RoleResourceStrings.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\en-US\MSFT_ScriptResourceStrings.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\es-ES\MSFT_ScriptResourceStrings.psd1 Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\fr-FR\MSFT_ScriptResourceStrings.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\en-US\MSFT_ServiceResource.strings.psd1 Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\es-ES\MSFT_ServiceResource.strings.psd1 Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\fr-FR\MSFT_ServiceResource.strings.psd1 Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\en-US\MSFT_UserResource.strings.psd1 Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\es-ES\MSFT_UserResource.strings.psd1 Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\fr-FR\MSFT_UserResource.strings.psd1 Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\en-US\MSFT_WindowsOptionalFeature.strings.psd1 Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\es-ES\MSFT_WindowsOptionalFeature.strings.psd1 Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\fr-FR\MSFT_WindowsOptionalFeature.strings.psd1 Handle ID: 0x4c Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\en-US\PSDesiredStateConfiguration.Resource.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\en-US\PSDSCxMachine.strings.psd1 Handle ID: 0x80 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\es-ES\PSDesiredStateConfiguration.Resource.psd1 Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\es-ES\PSDSCxMachine.strings.psd1 Handle ID: 0x40 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\fr-FR\PSDesiredStateConfiguration.Resource.psd1 Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-10 21:01:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\fr-FR\PSDSCxMachine.strings.psd1 Handle ID: 0x88 Process Information: Process ID: 0x262c Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 103 | 2016-11-10 21:01:57 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 12544 | 2016-11-10 21:01:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-D6Q88NA$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 21:01:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13312 | 2016-11-10 21:02:16 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x190 New Process Name: ??????????????-??6?4?????? ? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????4 Process Command Line: ?????? ? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-10 21:02:16 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x19c New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x190 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2016-11-10 21:02:16 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2016-11-10 21:02:17 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x20c New Process Name: ??????????????-??6??0?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x190 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-10 21:02:18 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x284 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x20c Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-10 21:02:20 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2e4 New Process Name: ??????????????-??6??0?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x190 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-10 21:02:20 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2ec New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x20c Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-10 21:02:20 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2f4 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2e4 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2016-11-10 21:02:21 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2016-11-10 21:02:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 21:02:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 21:02:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13312 | 2016-11-10 21:02:21 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x33c New Process Name: ????????????????-??6??4?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2e4 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-10 21:02:21 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x370 New Process Name: ????????????????-??6??c?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2ec Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-10 21:02:21 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x378 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2ec Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13568 | 2016-11-10 21:02:21 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xcb4e
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:22 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12544 | 2016-11-10 21:02:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 21:02:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 21:02:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 21:02:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 21:02:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 21:02:22 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x33c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2016-11-10 21:02:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x166c6 Linked Logon ID: 0x16714 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x33c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 21:02:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x16714 Linked Logon ID: 0x166c6 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x33c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 21:02:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 21:02:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 21:02:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 21:02:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 21:02:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 21:02:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 21:02:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x166c6 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 21:02:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x16714 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 21:02:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-10 21:02:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x430 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Failure | 12290 | 2016-11-10 21:02:23 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-10 21:02:23 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-10 21:02:23 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-10 21:02:23 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:23 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2016-11-10 21:02:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 21:02:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-10 21:02:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2995d Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 21:02:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-10 21:02:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-10 21:02:23 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x660 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2016-11-10 21:02:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 21:02:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-10 21:02:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 21:02:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12290 | 2016-11-10 21:02:40 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Cryptographic Operation: Operation: %%2481 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:40 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\c908fb4e1133f4dd24dd4aba66484abd_8b341ae7-ed15-4663-9456-de22aa499398 Operation: %%2459 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:40 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:40 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:40 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:40 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:40 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:40 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:40 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:40 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:40 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:40 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2016-11-10 21:02:41 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2016-11-10 21:02:41 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2016-11-10 21:02:41 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:41 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:41 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:41 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\c908fb4e1133f4dd24dd4aba66484abd_8b341ae7-ed15-4663-9456-de22aa499398 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:41 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\c908fb4e1133f4dd24dd4aba66484abd_8b341ae7-ed15-4663-9456-de22aa499398 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:41 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\c908fb4e1133f4dd24dd4aba66484abd_8b341ae7-ed15-4663-9456-de22aa499398 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2016-11-10 21:02:42 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2016-11-10 21:02:42 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:42 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\c908fb4e1133f4dd24dd4aba66484abd_8b341ae7-ed15-4663-9456-de22aa499398 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:42 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\c908fb4e1133f4dd24dd4aba66484abd_8b341ae7-ed15-4663-9456-de22aa499398 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2016-11-10 21:02:43 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2016-11-10 21:02:43 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2016-11-10 21:02:43 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Cryptographic Operation: Operation: %%2481 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:43 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\c908fb4e1133f4dd24dd4aba66484abd_8b341ae7-ed15-4663-9456-de22aa499398 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:43 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\c908fb4e1133f4dd24dd4aba66484abd_8b341ae7-ed15-4663-9456-de22aa499398 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:43 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-f8f2c345-d180-4212-a202-f82cb648c6ec Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\c908fb4e1133f4dd24dd4aba66484abd_8b341ae7-ed15-4663-9456-de22aa499398 Operation: %%2457 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:43 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\b73f06d4b9a84c448a6c312cdb7a81f8_8b341ae7-ed15-4663-9456-de22aa499398 Operation: %%2459 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:43 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:43 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:43 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:43 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:43 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:43 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:43 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:43 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:43 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:43 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2016-11-10 21:02:44 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2016-11-10 21:02:44 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2016-11-10 21:02:44 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:44 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:44 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:44 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\b73f06d4b9a84c448a6c312cdb7a81f8_8b341ae7-ed15-4663-9456-de22aa499398 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:44 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\b73f06d4b9a84c448a6c312cdb7a81f8_8b341ae7-ed15-4663-9456-de22aa499398 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:44 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\b73f06d4b9a84c448a6c312cdb7a81f8_8b341ae7-ed15-4663-9456-de22aa499398 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2016-11-10 21:02:45 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2016-11-10 21:02:45 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:45 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\b73f06d4b9a84c448a6c312cdb7a81f8_8b341ae7-ed15-4663-9456-de22aa499398 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:45 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\b73f06d4b9a84c448a6c312cdb7a81f8_8b341ae7-ed15-4663-9456-de22aa499398 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2016-11-10 21:02:46 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2016-11-10 21:02:46 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:46 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\b73f06d4b9a84c448a6c312cdb7a81f8_8b341ae7-ed15-4663-9456-de22aa499398 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:46 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\b73f06d4b9a84c448a6c312cdb7a81f8_8b341ae7-ed15-4663-9456-de22aa499398 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2016-11-10 21:02:46 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-601be063-ad11-42ca-be71-d5ecfc9e9d78 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\b73f06d4b9a84c448a6c312cdb7a81f8_8b341ae7-ed15-4663-9456-de22aa499398 Operation: %%2457 Return Code: 0x0
|
| | Security | Audit Failure | 12290 | 2016-11-10 21:03:46 | | Microsoft-Windows-Security-Auditing | 6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume3\Windows\System32\efswrt.dll
|
| | Security | Audit Success | 13824 | 2016-11-10 21:03:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 13826 | 2016-11-10 21:04:26 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x430 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2016-11-10 21:04:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 21:04:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-10 21:04:33 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xec8 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 12544 | 2016-11-10 21:04:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 21:04:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-10 21:06:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 21:06:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-10 21:12:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-10 21:12:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2016-11-11 03:29:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 12292 | 2016-11-11 03:35:34 | | Microsoft-Windows-Security-Auditing | 6406: McAfee Personal Firewall registered to Windows Firewall to control filtering for the following: BootTimeRuleCategory, FirewallRuleCategory.
|
| | Security | Audit Success | 12544 | 2016-11-11 03:36:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 03:36:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-11 04:34:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 04:34:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-11 05:03:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 05:03:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2016-11-11 09:18:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 12544 | 2016-11-11 09:19:25 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: DESKTOP-R230UV9 Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x430 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2016-11-11 09:19:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x177b294 Linked Logon ID: 0x177b2ca Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x430 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-R230UV9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 09:19:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x177b2ca Linked Logon ID: 0x177b294 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x430 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-R230UV9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 09:19:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x177b294 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-11 09:19:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x430 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2016-11-11 09:19:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 09:19:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 09:19:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 09:19:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Failure | 12290 | 2016-11-11 09:20:00 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 09:20:00 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 09:20:00 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 09:20:00 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 13826 | 2016-11-11 09:20:06 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x430 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2016-11-11 09:21:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 09:21:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 09:21:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 09:21:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 09:21:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 09:21:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-11 09:21:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1860 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-11 09:21:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1860 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-11 09:21:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1860 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-11 09:21:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1860 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 12544 | 2016-11-11 09:36:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 09:36:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2016-11-11 09:57:35 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x177b2ca User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1684 Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 12292 | 2016-11-11 09:59:05 | | Microsoft-Windows-Security-Auditing | 6407: McAfee Personal Firewall unregistered from Windows Firewall. Windows Firewall is now controlling the filtering for BootTimeRuleCategory, FirewallRuleCategory.
|
| | Security | Audit Success | 12544 | 2016-11-11 09:59:06 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 09:59:06 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-11 10:01:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:01:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:01:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:01:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:01:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:01:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-11 10:01:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1fac Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-11 10:01:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1fac Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-11 10:01:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1fac Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-11 10:01:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1fac Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13824 | 2016-11-11 10:01:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-798682442-3160011695-3061995338-500 Account Name: Administrator Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\wbem\WmiPrvSE.exe
|
| | Security | Audit Success | 13824 | 2016-11-11 10:01:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-798682442-3160011695-3061995338-503 Account Name: DefaultAccount Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\wbem\WmiPrvSE.exe
|
| | Security | Audit Success | 13824 | 2016-11-11 10:01:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-798682442-3160011695-3061995338-501 Account Name: Guest Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\wbem\WmiPrvSE.exe
|
| | Security | Audit Success | 13824 | 2016-11-11 10:01:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\wbem\WmiPrvSE.exe
|
| | Security | Audit Success | 12545 | 2016-11-11 10:01:38 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x177b2ca This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 103 | 2016-11-11 10:01:40 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:01:52 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x17c New Process Name: ??????????????-??6?4?????? ? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????4 Process Command Line: ?????? ? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:01:52 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x188 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x17c Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2016-11-11 10:01:52 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2016-11-11 10:01:54 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1f8 New Process Name: ??????????????-??6??c?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x17c Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:01:55 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x22c New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1f8 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:01:56 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x280 New Process Name: ??????????????-??6??c?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x17c Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:01:56 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x288 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1f8 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:01:56 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x290 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x280 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2016-11-11 10:01:57 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:01:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:01:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x30c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:01:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13312 | 2016-11-11 10:01:57 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2d8 New Process Name: ????????????????-??6??0?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x280 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:01:57 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x30c New Process Name: ????????????????-??6??8?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x288 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:01:57 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x314 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x288 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13568 | 2016-11-11 10:01:57 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xad86
|
| | Security | Audit Success | 12292 | 2016-11-11 10:01:58 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:01:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x30c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:01:58 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:01:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x11534 Linked Logon ID: 0x11575 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:01:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x11575 Linked Logon ID: 0x11534 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:01:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x30c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:01:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x30c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:01:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x30c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:01:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x30c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:01:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:01:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x11534 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:01:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x11575 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:01:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:01:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:01:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:01:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-11 10:01:58 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x308 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:01:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:01:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:01:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:01:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 12292 | 2016-11-11 10:01:59 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:01:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x30c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:01:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x30c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:01:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x30c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:01:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x28835 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:01:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:01:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:01:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2016-11-11 10:01:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x7c Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 13826 | 2016-11-11 10:01:59 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x608 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2016-11-11 10:03:59 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x308 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2016-11-11 10:04:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x30c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:04:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-11 10:04:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfe0 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 12544 | 2016-11-11 10:05:54 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: DESKTOP-R230UV9 Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x308 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:05:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x68b96 Linked Logon ID: 0x68bc6 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x308 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-R230UV9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:05:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x68bc6 Linked Logon ID: 0x68b96 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x308 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-R230UV9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:05:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x68b96 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-11 10:05:54 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x308 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:05:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:06:00 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:06:00 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:06:00 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 12544 | 2016-11-11 10:06:06 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x30c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:06:06 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-11 10:06:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x30c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:06:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-11 10:06:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x30c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:06:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x30c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:06:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x30c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:06:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:06:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:06:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-11 10:06:33 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-11 10:06:33 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-11 10:06:33 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-11 10:06:33 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 12544 | 2016-11-11 10:07:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x30c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:07:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-11 10:07:14 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1b28 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 12544 | 2016-11-11 10:07:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x30c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:07:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-11 10:15:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x30c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:15:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12545 | 2016-11-11 10:18:25 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x68bc6 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:18:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x30c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:18:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x30c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:18:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:18:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 103 | 2016-11-11 10:18:27 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:18:38 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x180 New Process Name: ??????????????-??6?4?????? ? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????4 Process Command Line: ?????? ? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:18:38 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x18c New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x180 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2016-11-11 10:18:38 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2016-11-11 10:18:40 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x200 New Process Name: ??????????????-??6??0?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x180 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2016-11-11 10:18:41 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:18:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:18:41 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x230 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x200 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:18:41 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x284 New Process Name: ??????????????-??6??0?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x180 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:18:41 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x28c New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x200 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:18:41 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x294 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x284 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:18:41 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2dc New Process Name: ????????????????-??6??4?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x284 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:18:41 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x318 New Process Name: ????????????????-??6??c?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x28c Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:18:41 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x320 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x28c Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:18:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x318 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:18:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x318 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:18:42 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:18:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x112f1 Linked Logon ID: 0x1132f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:18:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1132f Linked Logon ID: 0x112f1 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:18:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x318 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:18:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x318 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:18:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x318 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:18:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x318 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:18:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:18:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:18:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x112f1 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:18:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1132f Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:18:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:18:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:18:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:18:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13568 | 2016-11-11 10:18:42 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xab0c
|
| | Security | Audit Success | 13826 | 2016-11-11 10:18:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x488 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:18:43 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:18:43 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:18:43 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:18:43 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 12292 | 2016-11-11 10:18:43 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12292 | 2016-11-11 10:18:43 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:18:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x318 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:18:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x318 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:18:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x318 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:18:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x28db8 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:18:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:18:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:18:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2016-11-11 10:18:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x60 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 13826 | 2016-11-11 10:18:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x5fc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2016-11-11 10:20:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x488 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2016-11-11 10:20:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x318 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:20:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-11 10:20:47 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x8c0 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 12544 | 2016-11-11 10:25:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x318 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:25:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-11 10:29:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x318 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:29:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-11 10:30:00 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: DESKTOP-R230UV9 Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x488 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:30:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x131e67 Linked Logon ID: 0x131e97 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x488 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-R230UV9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:30:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x131e97 Linked Logon ID: 0x131e67 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x488 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-R230UV9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:30:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x131e67 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-11 10:30:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x488 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:30:04 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:30:04 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:30:04 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:30:04 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 13826 | 2016-11-11 10:30:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x488 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2016-11-11 10:31:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x318 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:31:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-11 10:31:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x318 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:31:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12545 | 2016-11-11 10:31:22 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x131e97 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 103 | 2016-11-11 10:31:26 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:31:36 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x184 New Process Name: ??????????????-??6?4?????? ? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????4 Process Command Line: ?????? ? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:31:36 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x190 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x184 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2016-11-11 10:31:36 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2016-11-11 10:31:38 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x200 New Process Name: ??????????????-??6??4?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x184 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2016-11-11 10:31:39 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:31:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:31:39 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x228 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x200 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:31:39 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x284 New Process Name: ??????????????-??6??4?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x184 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:31:39 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x28c New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x200 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:31:39 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x294 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x284 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:31:39 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2dc New Process Name: ????????????????-??6??4?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x284 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:31:39 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x310 New Process Name: ????????????????-??6??c?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x28c Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:31:39 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x318 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x28c Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12292 | 2016-11-11 10:31:40 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:31:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:31:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:31:40 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:31:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x113b0 Linked Logon ID: 0x113e7 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:31:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x113e7 Linked Logon ID: 0x113b0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:31:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:31:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:31:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:31:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:31:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:31:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:31:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x113b0 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:31:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x113e7 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:31:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:31:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:31:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:31:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13568 | 2016-11-11 10:31:40 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xaa75
|
| | Security | Audit Success | 13826 | 2016-11-11 10:31:40 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x3e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:31:41 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:31:41 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:31:41 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:31:41 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 12292 | 2016-11-11 10:31:41 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:31:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:31:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:31:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:31:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x28bf6 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:31:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:31:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:31:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2016-11-11 10:31:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x16c Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 13826 | 2016-11-11 10:31:41 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x5f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2016-11-11 10:33:14 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: DESKTOP-R230UV9 Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3e8 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:33:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x40859 Linked Logon ID: 0x40889 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3e8 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-R230UV9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:33:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x40889 Linked Logon ID: 0x40859 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3e8 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-R230UV9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:33:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:33:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x40859 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:33:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-11 10:33:14 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x3e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2016-11-11 10:33:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x12cc Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:33:18 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:33:18 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:33:18 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:33:18 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 13826 | 2016-11-11 10:33:33 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x3e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2016-11-11 10:34:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:34:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2016-11-11 10:36:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x40859 User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x14c4 Process Name: C:\Program Files (x86)\ASUS\WinFlash\WinFlash.exe
|
| | Security | Audit Success | 12544 | 2016-11-11 10:42:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:42:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12545 | 2016-11-11 10:49:55 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x40889 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 103 | 2016-11-11 10:49:57 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:50:59 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x184 New Process Name: ??????????????-??6?4?????? ? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????4 Process Command Line: ?????? ? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2016-11-11 10:50:59 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2016-11-11 10:51:01 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1e4 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x184 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:51:01 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1f0 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x184 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:51:03 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x22c New Process Name: ??????????????-??6??4?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x184 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:51:03 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x234 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x22c Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:51:03 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x284 New Process Name: ??????????????-??6??4?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x184 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:51:03 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x28c New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x22c Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:51:03 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x294 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x284 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2016-11-11 10:51:04 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:51:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:51:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:51:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:51:04 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:51:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x127a1 Linked Logon ID: 0x127ea Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:51:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x127ea Linked Logon ID: 0x127a1 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2dc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:51:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:51:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:51:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:51:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:51:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:51:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:51:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x127a1 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:51:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x127ea Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:51:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:51:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:51:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:51:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13312 | 2016-11-11 10:51:04 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2dc New Process Name: ????????????????-??6??4?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x284 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:51:04 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x310 New Process Name: ????????????????-??6??c?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x28c Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 10:51:04 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x318 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x28c Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13568 | 2016-11-11 10:51:04 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xbe90
|
| | Security | Audit Success | 13826 | 2016-11-11 10:51:04 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x38c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:51:05 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:51:05 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:51:05 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 10:51:05 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 12292 | 2016-11-11 10:51:05 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12292 | 2016-11-11 10:51:05 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:51:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:51:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:51:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 10:51:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x28bbe Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:51:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:51:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 10:51:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2016-11-11 10:51:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x164 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 13826 | 2016-11-11 10:51:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2016-11-11 10:53:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x38c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2016-11-11 10:53:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 10:53:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-11 10:53:09 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x998 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 12544 | 2016-11-11 11:01:06 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 11:01:06 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-11 11:32:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 11:32:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-11 11:32:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 11:32:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-11 12:12:23 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: DESKTOP-R230UV9 Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x38c Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2016-11-11 12:12:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x449019 Linked Logon ID: 0x449049 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x38c Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-R230UV9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 12:12:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x449049 Linked Logon ID: 0x449019 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x38c Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-R230UV9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 12:12:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x449019 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-11 12:12:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x38c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Failure | 12290 | 2016-11-11 12:12:29 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 12:12:29 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 12:12:29 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 12:12:29 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 12544 | 2016-11-11 12:18:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 12:18:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 12:18:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 12:18:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 12:18:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 12:18:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-11 12:18:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x11ac Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-11 12:18:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x11ac Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-11 12:18:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x11ac Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-11 12:18:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x11ac Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 12544 | 2016-11-11 12:18:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x310 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 12:18:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12545 | 2016-11-11 12:18:41 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x449049 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 103 | 2016-11-11 12:18:43 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 13312 | 2016-11-11 12:18:54 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x184 New Process Name: ??????????????-??6?4?????? ? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????4 Process Command Line: ?????? ? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 12:18:54 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x190 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x184 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2016-11-11 12:18:54 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2016-11-11 12:18:56 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x204 New Process Name: ??????????????-??6??4?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x184 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 12:18:56 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x230 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x204 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2016-11-11 12:18:57 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2016-11-11 12:18:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 13312 | 2016-11-11 12:18:57 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x288 New Process Name: ??????????????-??6??4?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x184 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 12:18:57 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x290 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x204 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 12:18:57 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x298 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x288 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 12:18:57 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2e0 New Process Name: ????????????????-??6??8?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x288 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 12:18:57 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x314 New Process Name: ????????????????-??6??0?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x290 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2016-11-11 12:18:57 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x31c New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x290 Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13568 | 2016-11-11 12:18:57 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xaa5d
|
| | Security | Audit Success | 12292 | 2016-11-11 12:18:58 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12544 | 2016-11-11 12:18:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 12:18:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 12:18:58 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2016-11-11 12:18:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x11277 Linked Logon ID: 0x11296 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 12:18:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x11296 Linked Logon ID: 0x11277 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 12:18:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 12:18:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 12:18:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 12:18:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 12:18:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 12:18:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 12:18:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x11277 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 12:18:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x11296 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 12:18:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 12:18:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 12:18:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 12:18:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-11 12:18:58 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x398 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Failure | 12290 | 2016-11-11 12:18:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 12:18:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 12:18:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 12:18:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 12292 | 2016-11-11 12:18:59 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2016-11-11 12:18:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 12:18:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 12:18:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 12:18:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x27bde Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 12:18:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 12:18:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 12:18:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2016-11-11 12:18:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x124 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 13826 | 2016-11-11 12:18:59 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x628 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2016-11-11 12:20:32 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: DESKTOP-R230UV9 Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x398 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2016-11-11 12:20:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e Linked Logon ID: 0x432ce Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x398 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-R230UV9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 12:20:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Linked Logon ID: 0x4329e Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x398 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-R230UV9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-11 12:20:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 12:20:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-11 12:20:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-11 12:20:32 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x398 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2016-11-11 12:20:33 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1244 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Failure | 12290 | 2016-11-11 12:20:36 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 12:20:36 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 12:20:36 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-11 12:20:36 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 13826 | 2016-11-11 12:20:59 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x398 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2016-11-11 12:29:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 12:29:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-11 14:19:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-11 14:19:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-11 14:20:38 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x398 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 18:57:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b64 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Failure | 12290 | 2016-11-12 18:57:48 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-12 18:57:48 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-12 18:57:48 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2016-11-12 18:57:48 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B1BE79F8-70E6-4388-9731-E5B954529DA3} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 12544 | 2016-11-12 18:57:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-12 18:57:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-12 18:58:08 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: DESKTOP-R230UV9 Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x398 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2016-11-12 18:58:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x140fd0a Linked Logon ID: 0x140fd2f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x398 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-R230UV9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-12 18:58:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x140fd2f Linked Logon ID: 0x140fd0a Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x398 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-R230UV9 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2016-11-12 18:58:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x140fd2f Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2016-11-12 18:58:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x140fd0a Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2016-11-12 18:58:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x140fd0a Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-12 19:00:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-12 19:00:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-12 19:00:59 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x398 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 19:05:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-798682442-3160011695-3061995338-501 Account Name: Guest Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xe0c Process Name: C:\Windows\System32\CompatTelRunner.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 19:05:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-798682442-3160011695-3061995338-500 Account Name: Administrator Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1e38 Process Name: C:\Windows\System32\rundll32.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 19:05:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-798682442-3160011695-3061995338-503 Account Name: DefaultAccount Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1e38 Process Name: C:\Windows\System32\rundll32.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 19:05:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-798682442-3160011695-3061995338-501 Account Name: Guest Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1e38 Process Name: C:\Windows\System32\rundll32.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 19:05:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1e38 Process Name: C:\Windows\System32\rundll32.exe
|
| | Security | Audit Success | 13826 | 2016-11-12 19:05:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1e38 Process Name: C:\Windows\System32\rundll32.exe
|
| | Security | Audit Success | 13826 | 2016-11-12 19:05:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x1e38 Process Name: C:\Windows\System32\rundll32.exe
|
| | Security | Audit Success | 13826 | 2016-11-12 19:05:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Process Information: Process ID: 0x1e38 Process Name: C:\Windows\System32\rundll32.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 19:10:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13826 | 2016-11-12 19:13:10 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x398 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 19:13:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 19:14:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 12544 | 2016-11-12 19:14:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-12 19:14:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2016-11-12 19:20:49 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Administrator Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 19:20:49 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: DefaultAccount Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 19:20:49 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Guest Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 19:20:49 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Administrator Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 19:20:49 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: DefaultAccount Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 19:20:49 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Guest Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 19:21:00 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Administrator Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 19:21:00 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: DefaultAccount Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 19:21:00 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Guest Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 19:21:10 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Guest Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 19:21:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x19cc Process Name: C:\Windows\System32\dllhost.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 19:21:12 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Administrator Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 19:21:12 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: DefaultAccount Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 19:21:12 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Guest Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 19:22:04 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Administrator Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 19:22:04 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: DefaultAccount Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 19:22:04 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Guest Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 19:22:04 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Administrator Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 19:22:04 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: user Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 19:22:04 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: DefaultAccount Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 19:22:04 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: user Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 19:22:04 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Guest Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 19:22:04 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: user Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 19:22:04 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: user Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 19:22:13 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Guest Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 12544 | 2016-11-12 19:23:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x18f3b31 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: X99WPC Source Network Address: 10.200.0.138 Source Port: 63853 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-12 19:23:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x18f3b31 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-12 19:23:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x18f3b31 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-12 19:24:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x18f6f5f Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: WIN-KOSPEOLOTBD Source Network Address: 10.200.0.122 Source Port: 50318 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V2 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-12 19:24:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x18f6f5f Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-12 19:24:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x18f6f5f Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-12 19:29:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x19180f6 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: WIN-KOSPEOLOTBD Source Network Address: 10.200.0.122 Source Port: 50369 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V2 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-12 19:29:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x19180f6 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-12 19:29:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x19180f6 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12545 | 2016-11-12 19:30:28 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x18f6f5f Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12544 | 2016-11-12 19:32:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-12 19:32:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-12 19:32:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-12 19:32:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-12 19:32:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-12 19:32:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-12 19:32:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-12 19:32:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-12 19:32:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1fc4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-12 19:32:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1fc4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-12 19:32:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1fc4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-12 19:32:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1fc4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13568 | 2016-11-12 19:32:50 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x4b4 Process Information: Process ID: 0xc34 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-12 19:32:50 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x50c Process Information: Process ID: 0xc34 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-12 19:32:50 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x4c0 Process Information: Process ID: 0xc34 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-12 19:32:50 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_appraiser_59bebec9f06db09b.cdf-ms Handle ID: 0x518 Process Information: Process ID: 0xc34 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-12 19:32:50 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser\appraiser.sdb Handle ID: 0x4b4 Process Information: Process ID: 0xc34 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2016-11-12 19:32:50 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser\Appraiser_Data.ini Handle ID: 0x428 Process Information: Process ID: 0xc34 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AI New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 12544 | 2016-11-12 19:32:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-12 19:32:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2016-11-12 19:47:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-12 19:47:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12545 | 2016-11-12 19:55:00 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x18f3b31 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12544 | 2016-11-12 19:58:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x217a2c6 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: WIN-KOSPEOLOTBD Source Network Address: 10.200.0.122 Source Port: 50608 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V2 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-12 19:58:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x217a2c6 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-12 19:58:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x217a2c6 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12545 | 2016-11-12 19:59:42 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x19180f6 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Failure | 12290 | 2016-11-12 19:59:56 | | Microsoft-Windows-Security-Auditing | 6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume3\Windows\System32\efswrt.dll
|
| | Security | Audit Success | 12544 | 2016-11-12 20:05:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2016-11-12 20:05:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-12 20:05:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2016-11-12 20:05:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2016-11-12 20:05:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2374 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-12 20:05:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2374 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-12 20:05:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2374 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2016-11-12 20:05:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2374 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:08:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:08:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:08:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:08:40 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:08:40 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:08:42 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Administrator Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:08:42 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: DefaultAccount Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:08:42 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Guest Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:09:50 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Administrator Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:09:50 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: DefaultAccount Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:09:50 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Guest Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:10:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:12:07 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Administrator Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:12:07 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: DefaultAccount Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:12:07 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Guest Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:12:07 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Administrator Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:12:07 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: DefaultAccount Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:12:07 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Guest Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:13:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:13:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:13:07 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Administrator Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:13:07 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: DefaultAccount Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:13:07 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Guest Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:13:59 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Administrator Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:13:59 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: DefaultAccount Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:13:59 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Guest Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:20:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:20:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:20:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:20:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:35:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:35:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:35:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:36:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:36:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 12545 | 2016-11-12 20:38:06 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x217a2c6 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12544 | 2016-11-12 20:43:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-12 20:43:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2016-11-12 20:46:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:46:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:46:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:46:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:47:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:47:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:47:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1044 Process Name: C:\Windows\System32\RuntimeBroker.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:47:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:47:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:47:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:47:35 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:47:35 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:47:37 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:47:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:48:40 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Administrator Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:48:40 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: DefaultAccount Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:48:40 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Guest Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:48:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:49:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:49:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:49:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:49:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:49:32 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:49:32 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:49:32 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:49:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:50:49 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Administrator Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:50:49 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: DefaultAccount Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:50:49 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Guest Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:51:00 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Administrator Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:51:00 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: DefaultAccount Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:51:00 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Guest Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:51:01 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Administrator Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:51:01 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: DefaultAccount Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:51:01 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Guest Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:52:45 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Administrator Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:52:45 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: DefaultAccount Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:52:45 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce Additional Information: Caller Workstation: DESKTOP-R230UV9 Target Account Name: Guest Target Account Domain: DESKTOP-R230UV9
|
| | Security | Audit Success | 13824 | 2016-11-12 20:52:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:52:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:52:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:52:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:52:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:52:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:52:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:52:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:53:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 20:53:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 12544 | 2016-11-12 21:00:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-R230UV9$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2016-11-12 21:00:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x432ce User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0xa1c Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-500 Account Name: Administrator Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-503 Account Name: DefaultAccount Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-501 Account Name: Guest Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-500 Account Name: Administrator Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-503 Account Name: DefaultAccount Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-501 Account Name: Guest Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-500 Account Name: Administrator Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-500 Account Name: Administrator Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-503 Account Name: DefaultAccount Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-503 Account Name: DefaultAccount Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-501 Account Name: Guest Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-501 Account Name: Guest Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-500 Account Name: Administrator Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-500 Account Name: Administrator Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-501 Account Name: Guest Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-501 Account Name: Guest Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-503 Account Name: DefaultAccount Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-503 Account Name: DefaultAccount Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-500 Account Name: Administrator Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-500 Account Name: Administrator Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-501 Account Name: Guest Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-501 Account Name: Guest Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-503 Account Name: DefaultAccount Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-503 Account Name: DefaultAccount Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e User: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e Group: Security ID: S-1-5-32-562 Group Name: Distributed COM Users Group Domain: Builtin Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e Group: Security ID: S-1-5-32-573 Group Name: Event Log Readers Group Domain: Builtin Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e Group: Security ID: S-1-5-32-568 Group Name: IIS_IUSRS Group Domain: Builtin Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e Group: Security ID: S-1-5-32-559 Group Name: Performance Log Users Group Domain: Builtin Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e Group: Security ID: S-1-5-32-558 Group Name: Performance Monitor Users Group Domain: Builtin Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e Group: Security ID: S-1-5-32-580 Group Name: Remote Management Users Group Domain: Builtin Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e Group: Security ID: S-1-5-32-581 Group Name: System Managed Accounts Group Group Domain: Builtin Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2016-11-12 21:03:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-798682442-3160011695-3061995338-1003 Account Name: user Account Domain: DESKTOP-R230UV9 Logon ID: 0x4329e Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x1b88 Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
|
| | System | Warning | 212 | 2016-11-10 20:23:20 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WUDFRd failed to load for the device ACPI\INT3400\2&daba3ff&1.
|
| | System | Warning | None | 2016-11-10 20:23:30 | LOCAL SERVICE | Microsoft-Windows-Time-Service | 134: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
|
| | System | Warning | None | 2016-11-10 20:23:31 | LOCAL SERVICE | Microsoft-Windows-Time-Service | 134: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
|
| | System | Warning | None | 2016-11-10 20:25:03 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:26:16 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:26:41 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Error | None | 2016-11-10 20:27:52 | SYSTEM | DCOM | 10010: The server {8F2BC96B-68C5-40E8-9CE1-368E3ACAC09B} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2016-11-10 20:28:15 | | Service Control Manager | 7031: The Sync Host_b763b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
|
| | System | Error | None | 2016-11-10 20:28:18 | SYSTEM | DCOM | 10010: The server {7006698D-2974-4091-A424-85DD0B909E23} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2016-11-10 20:29:52 | SYSTEM | DCOM | 10010: The server {8F2BC96B-68C5-40E8-9CE1-368E3ACAC09B} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2016-11-10 20:30:22 | SYSTEM | DCOM | 10010: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.
|
| | System | Warning | None | 2016-11-10 20:33:02 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:34:00 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:34:20 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:35:01 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:35:08 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Error | None | 2016-11-10 20:38:28 | user | DCOM | 10010: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2016-11-10 20:38:34 | | Service Control Manager | 7009: A timeout was reached (30000 milliseconds) while waiting for the McAfee Boot Delay Start Service service to connect.
|
| | System | Error | None | 2016-11-10 20:38:34 | | Service Control Manager | 7000: The McAfee Boot Delay Start Service service failed to start due to the following error: %%1053
|
| | System | Warning | None | 2016-11-10 20:38:37 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:38:37 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:38:37 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:46:55 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:46:55 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:50:40 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:50:46 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:52:04 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:52:35 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:52:46 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:52:46 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:52:46 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:53:07 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:53:10 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:53:45 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:54:27 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:55:58 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:57:23 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:57:28 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:58:06 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 20:58:34 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Error | None | 2016-11-10 20:59:22 | | Service Control Manager | 7031: The Sync Host_1d1ff0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
|
| | System | Error | None | 2016-11-10 20:59:22 | | Service Control Manager | 7031: The Contact Data_1d1ff0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
|
| | System | Error | None | 2016-11-10 20:59:22 | | Service Control Manager | 7031: The User Data Storage_1d1ff0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
|
| | System | Error | None | 2016-11-10 20:59:22 | | Service Control Manager | 7031: The User Data Access_1d1ff0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
|
| | System | Error | None | 2016-11-10 20:59:22 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2016-11-10 21:00:12 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 21:01:03 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 21:01:26 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 21:01:29 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 21:01:39 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | 212 | 2016-11-10 21:02:16 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WUDFRd failed to load for the device ACPI\INT3400\2&daba3ff&1.
|
| | System | Error | 100 | 2016-11-10 21:03:12 | LOCAL SERVICE | Microsoft-Windows-Eventlog | 30: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.
|
| | System | Warning | None | 2016-11-10 21:06:27 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 21:06:50 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 21:14:23 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 21:15:12 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 21:16:24 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 21:21:57 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 21:25:27 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 21:28:59 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 21:39:57 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 21:46:31 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 21:47:29 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 21:49:01 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 21:49:25 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 21:54:37 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 21:58:59 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 22:08:54 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 22:13:49 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 22:20:18 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 22:35:32 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 22:36:06 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 23:04:27 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 23:20:53 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 23:36:11 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 23:37:18 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 23:43:54 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 23:47:56 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 23:53:44 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-10 23:54:21 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 00:00:03 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 03:35:42 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 03:36:32 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 03:37:22 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 03:37:48 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 03:39:53 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 03:47:49 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 03:51:11 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 03:55:53 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 03:59:43 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 04:09:22 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 04:16:40 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 04:18:26 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 04:20:16 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 04:39:17 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 04:47:58 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 04:59:45 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 04:59:59 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 05:00:20 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 05:00:51 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 05:01:27 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 05:03:20 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 05:13:07 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 05:16:46 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 05:23:51 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 05:41:29 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 05:47:49 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 05:48:27 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 05:53:59 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 06:01:36 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 06:07:46 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 06:09:30 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 06:14:53 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 06:20:13 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 06:25:20 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 06:25:34 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 06:29:50 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 09:19:26 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 09:20:01 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 09:20:09 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 09:21:38 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 09:22:32 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 09:24:30 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 09:29:13 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 09:35:24 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 09:36:20 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 09:37:32 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 09:41:27 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 09:46:27 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 09:47:30 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 09:49:56 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 09:50:11 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 09:50:44 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 09:53:56 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 09:57:27 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:00:01 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Error | None | 2016-11-11 10:01:22 | | Service Control Manager | 7031: The Sync Host_177cf65 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
|
| | System | Error | None | 2016-11-11 10:01:22 | | Service Control Manager | 7031: The Contact Data_177cf65 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
|
| | System | Error | None | 2016-11-11 10:01:22 | | Service Control Manager | 7031: The User Data Storage_177cf65 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
|
| | System | Error | None | 2016-11-11 10:01:22 | | Service Control Manager | 7031: The User Data Access_177cf65 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
|
| | System | Warning | None | 2016-11-11 10:01:26 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Error | None | 2016-11-11 10:01:32 | | Service Control Manager | 7009: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_177cf65 service to connect.
|
| | System | Error | None | 2016-11-11 10:01:32 | | Service Control Manager | 7009: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_177cf65 service to connect.
|
| | System | Warning | 212 | 2016-11-11 10:01:53 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WUDFRd failed to load for the device ACPI\INT3400\2&daba3ff&1.
|
| | System | Warning | None | 2016-11-11 10:02:05 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:03:05 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:04:42 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:06:40 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:08:00 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:08:20 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:09:01 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:11:06 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:14:19 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:16:35 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:16:50 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:17:09 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Error | None | 2016-11-11 10:18:24 | | Service Control Manager | 7031: The Sync Host_69ec7 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
|
| | System | Warning | None | 2016-11-11 10:18:26 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | 212 | 2016-11-11 10:18:38 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WUDFRd failed to load for the device ACPI\INT3400\2&daba3ff&1.
|
| | System | Warning | None | 2016-11-11 10:24:43 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:24:49 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:26:46 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:28:20 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:30:13 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:31:02 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:31:25 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:31:25 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | 212 | 2016-11-11 10:31:37 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WUDFRd failed to load for the device ACPI\INT3400\2&daba3ff&1.
|
| | System | Warning | None | 2016-11-11 10:34:16 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:34:33 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:37:52 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:38:08 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:38:18 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:38:18 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:38:31 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:38:48 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:39:55 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:40:35 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:42:13 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:42:26 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:42:44 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:42:44 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:42:44 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:44:53 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:44:56 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:45:39 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:46:39 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:47:06 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:47:12 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:49:15 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Error | None | 2016-11-11 10:49:54 | | Service Control Manager | 7031: The Sync Host_42386 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
|
| | System | Warning | 212 | 2016-11-11 10:50:59 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WUDFRd failed to load for the device ACPI\INT3400\2&daba3ff&1.
|
| | System | Warning | None | 2016-11-11 10:51:05 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:51:27 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:51:36 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:53:07 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:56:01 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 10:59:13 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 11:01:31 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 11:06:39 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 11:12:48 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 11:23:26 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 11:28:28 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 11:33:09 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 11:34:39 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 11:38:59 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 11:39:07 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 11:40:13 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 11:47:19 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 11:51:18 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 11:57:50 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 11:59:15 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 12:01:37 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 12:12:11 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 12:12:24 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 12:12:52 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 12:14:07 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 12:16:58 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Error | None | 2016-11-11 12:18:29 | | Service Control Manager | 7031: The Sync Host_44ad62 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
|
| | System | Error | None | 2016-11-11 12:18:30 | user | DCOM | 10010: The server CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca did not register with DCOM within the required timeout.
|
| | System | Error | None | 2016-11-11 12:18:39 | | Service Control Manager | 7009: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_44ad62 service to connect.
|
| | System | Warning | None | 2016-11-11 12:18:40 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | 212 | 2016-11-11 12:18:54 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WUDFRd failed to load for the device ACPI\INT3400\2&daba3ff&1.
|
| | System | Warning | None | 2016-11-11 12:20:34 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 12:20:34 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 12:20:34 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 12:20:35 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 12:25:37 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 12:29:01 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 12:34:36 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 12:39:00 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 12:39:00 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 12:42:12 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 12:46:00 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 12:49:31 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 12:51:38 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 12:59:45 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 13:01:29 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 13:05:49 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 13:05:49 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 13:12:04 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 13:14:24 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 13:20:09 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 13:24:36 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 13:29:36 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 13:39:50 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 13:41:53 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 13:42:09 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 13:44:03 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 13:49:56 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 13:53:00 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 13:59:37 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 14:01:03 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 14:15:13 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 14:15:27 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 14:16:37 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 14:19:05 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 14:20:26 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 14:20:36 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 14:20:54 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 14:30:28 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 14:30:57 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 14:33:35 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 14:34:32 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 14:38:26 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 14:41:04 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 14:43:12 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 14:43:14 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 14:45:04 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 14:53:46 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 14:59:43 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 15:07:36 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 15:10:59 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 15:15:54 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 15:20:37 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 15:23:00 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 15:25:59 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 15:28:45 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 15:44:14 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 15:45:57 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 15:57:10 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 16:03:12 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 16:03:57 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 16:15:31 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 16:16:48 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 16:18:31 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 16:25:21 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 16:33:59 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 16:35:35 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 16:38:51 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 16:45:45 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 16:46:09 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 16:54:24 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 17:03:00 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 17:03:59 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 17:05:52 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 17:06:56 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 17:11:23 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 17:11:38 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 17:12:42 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 17:21:42 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 17:23:17 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 17:27:16 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 17:38:36 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 17:48:06 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 17:58:01 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 18:03:57 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 18:05:38 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 18:13:35 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-11 18:14:38 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 18:58:50 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Error | None | 2016-11-12 19:03:21 | | Service Control Manager | 7009: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
|
| | System | Error | None | 2016-11-12 19:03:21 | | Service Control Manager | 7000: The Steam Client Service service failed to start due to the following error: %%1053
|
| | System | Warning | None | 2016-11-12 19:04:51 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 19:05:52 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 19:06:26 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 19:06:26 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 19:11:29 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 19:11:38 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 19:12:10 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 19:12:22 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 19:12:40 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 19:12:40 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 19:12:50 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 19:37:49 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 19:52:51 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 19:53:49 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | 1014 | 2016-11-12 19:54:25 | NETWORK SERVICE | Microsoft-Windows-DNS-Client | 1014: Name resolution for the name wpad timed out after none of the configured DNS servers responded.
|
| | System | Warning | None | 2016-11-12 19:57:51 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 19:58:49 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 20:11:51 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 20:12:04 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 20:12:34 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 20:13:10 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 20:18:11 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 20:18:16 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 20:19:55 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 20:20:11 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 20:47:49 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 20:49:50 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa112 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 20:51:51 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 20:52:50 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|
| | System | Warning | None | 2016-11-12 20:59:23 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: 4 Error Source: 4 Bus:Device:Function: 0x0:0x1c:0x3 Vendor ID:Device ID: 0x8086:0xa113 Class Code: 0x30400 The details view of this entry contains further information.
|