--------[ AIDA64 Extreme ]---------------------------------------------------------------------------------------------- Version AIDA64 v5.70.3800 Benchmark Module 4.2.671-x64 Homepage http://www.aida64.com/ Report Type Report Wizard [ TRIAL VERSION ] Computer ANIK Generator User Operating System Microsoft Windows 7 Professional 6.1.7601.23915 (Win7 RTM) Date 2018-03-25 Time 18:18 --------[ Summary ]----------------------------------------------------------------------------------------------------- Computer: Computer Type ACPI x64-based PC (Mobile) Operating System Microsoft Windows 7 Professional OS Service Pack [ TRIAL VERSION ] Internet Explorer 11.0.9600.18837 DirectX DirectX 11.1 Computer Name ANIK User Name User SMTP E-mail Address aniels.lavrenuks@gmail.com Logon Domain [ TRIAL VERSION ] Date / Time 2018-03-25 / 18:18 Motherboard: CPU Type Mobile DualCore Intel Core i5-2410M, 2700 MHz (27 x 100) Motherboard Name Lenovo ThinkPad T420 Motherboard Chipset Intel Cougar Point QM67, Intel Sandy Bridge System Memory [ TRIAL VERSION ] DIMM1: Micron 16KTF51264HZ-1G4M1 4 GB DDR3-1333 DDR3 SDRAM (10-9-9-24 @ 666 MHz) (9-9-9-24 @ 666 MHz) (8-8-8-22 @ 609 MHz) (7-7-7-20 @ 533 MHz) (6-6-6-17 @ 457 MHz) (5-5-5-14 @ 380 MHz) DIMM2: Samsung M471B5273CH0-CH9 [ TRIAL VERSION ] BIOS Type Phoenix (01/21/2016) Display: Video Adapter Intel(R) HD Graphics 3000 (2108 MB) Video Adapter Intel(R) HD Graphics 3000 (2108 MB) 3D Accelerator Intel HD Graphics 3000 Monitor Lenovo LP140WH2-TLM2 [14" LCD] Multimedia: Audio Adapter Conexant Cx20590 @ Intel Cougar Point PCH - High Definition Audio Controller [B-2] Audio Adapter Intel Cougar Point HDMI @ Intel Cougar Point PCH - High Definition Audio Controller [B-2] Storage: IDE Controller Intel(R) Mobile Express Chipset SATA AHCI Controller Disk Drive Crucial_CT525MX300SSD1 (489 GB, IDE) Optical Drive DTSOFT Virtual CdRom Device Optical Drive HL-DT-ST DVDRAM GT33N SMART Hard Disks Status OK Partitions: C: (NTFS) [ TRIAL VERSION ] D: (NTFS) 387.1 GB (109.5 GB free) Total Size [ TRIAL VERSION ] Input: Keyboard Standard PS/2 Keyboard Keyboard Wireless Keyboard Filter Device Mouse HID-compliant mouse Mouse HID-compliant mouse Mouse ThinkPad UltraNav Pointing Device Network: Primary IP Address [ TRIAL VERSION ] Primary MAC Address 08-11-96-80-CF-A4 Network Adapter Bluetooth Device (Personal Area Network) #2 Network Adapter Intel(R) 82579LM Gigabit Network Connection Network Adapter Intel(R) Centrino(R) Advanced-N 6205 (10.1 [ TRIAL VERSION ]) Network Adapter Microsoft Virtual WiFi Miniport Adapter #2 Network Adapter Microsoft Virtual WiFi Miniport Adapter Peripherals: Printer \\192.168.0.5\Canon iR2520 PCL6 Printer \\192.168.0.5\Canon MF4320-4350 Printer Brother DCP-1610W series Printer Canon iP110 series Printer Fax Printer Foxit PhantomPDF Printer Printer Microsoft XPS Document Writer Printer Print to Evernote Printer Send To OneNote 2010 USB2 Controller Intel Cougar Point PCH - USB EHCI #1 Controller [B-2] USB2 Controller Intel Cougar Point PCH - USB EHCI #2 Controller [B-2] USB Device Generic USB Hub USB Device Generic USB Hub USB Device Integrated Smart Card Reader USB Device Microsoft Hardware USB Keyboard USB Device Microsoft Hardware USB Mouse USB Device Microsoft Mouse and Keyboard Detection Driver (USB) USB Device ThinkPad Bluetooth 3.0 USB Device USB Composite Device USB Device USB Input Device USB Device USB Input Device USB Device USB Input Device Battery Microsoft AC Adapter Battery Microsoft ACPI-Compliant Control Method Battery Battery Microsoft Composite Battery DMI: DMI BIOS Vendor LENOVO DMI BIOS Version 83ET78WW (1.48 ) DMI System Manufacturer LENOVO DMI System Product 4236WC9 DMI System Version ThinkPad T420 DMI System Serial Number [ TRIAL VERSION ] DMI System UUID [ TRIAL VERSION ] DMI Motherboard Manufacturer LENOVO DMI Motherboard Product 4236WC9 DMI Motherboard Version Not Available DMI Motherboard Serial Number [ TRIAL VERSION ] DMI Chassis Manufacturer LENOVO DMI Chassis Version Not Available DMI Chassis Serial Number [ TRIAL VERSION ] DMI Chassis Asset Tag [ TRIAL VERSION ] DMI Chassis Type Notebook --------[ Computer Name ]----------------------------------------------------------------------------------------------- Computer Comment Logical NetBIOS Name Logical ANIK DNS Host Name Logical Anik DNS Domain Name Logical Fully Qualified DNS Name Logical Anik NetBIOS Name Physical ANIK DNS Host Name Physical Anik DNS Domain Name Physical Fully Qualified DNS Name Physical Anik --------[ DMI ]--------------------------------------------------------------------------------------------------------- [ BIOS ] BIOS Properties: Vendor LENOVO Version 83ET78WW (1.48 ) Release Date 01/21/2016 Size 8 MB System BIOS Version 1.48 Embedded Controller Firmware Version 1.20 Boot Devices Floppy Disk, Hard Disk, CD-ROM Capabilities Flash BIOS, Shadow BIOS, Selectable Boot, EDD, BBS Supported Standards DMI, ACPI, PnP Expansion Capabilities PCI, USB Virtual Machine No BIOS Manufacturer: Company Name Lenovo Product Information http://www.lenovo.com/products/us BIOS Upgrades http://www.aida64.com/bios-updates [ System ] System Properties: Manufacturer LENOVO Product 4236WC9 Version ThinkPad T420 Serial Number [ TRIAL VERSION ] Family ThinkPad T420 Universal Unique ID [ TRIAL VERSION ] Wake-Up Type Power Switch [ Motherboard ] Motherboard Properties: Manufacturer LENOVO Product 4236WC9 Version Not Available Serial Number [ TRIAL VERSION ] Asset Tag [ TRIAL VERSION ] Asset Tag [ TRIAL VERSION ] Asset Tag [ TRIAL VERSION ] Motherboard Manufacturer: Company Name Lenovo Product Information http://www.lenovo.com/products/us BIOS Download http://support.lenovo.com/en_US Driver Update http://www.aida64.com/driver-updates BIOS Upgrades http://www.aida64.com/bios-updates [ Chassis ] Chassis Properties: Manufacturer LENOVO Version Not Available Serial Number [ TRIAL VERSION ] Asset Tag [ TRIAL VERSION ] Chassis Type Notebook [ Processors / Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz ] Processor Properties: Manufacturer Intel(R) Corporation Version Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz Serial Number Not Supported by CPU Asset Tag None Part Number None External Clock 100 MHz Maximum Clock 2300 MHz Current Clock 2300 MHz Type Central Processor Voltage 1.2 V Status Enabled Upgrade ZIF Socket Designation CPU HTT / CMP Units 2 / 2 Capabilities 64-bit CPU Manufacturer: Company Name Intel Corporation Product Information http://ark.intel.com/search.aspx?q=Intel%20Core%20i5-2410M Driver Update http://www.aida64.com/driver-updates [ Caches / L1-Cache ] Cache Properties: Type Data Status Enabled Operational Mode Write-Through Associativity 8-way Set-Associative Maximum Size 64 KB Installed Size 64 KB Supported SRAM Type Synchronous Current SRAM Type Synchronous Error Correction Single-bit ECC Socket Designation L1-Cache [ Caches / L2-Cache ] Cache Properties: Type Data Status Enabled Operational Mode Write-Through Associativity 8-way Set-Associative Maximum Size 256 KB Installed Size 256 KB Supported SRAM Type Synchronous Current SRAM Type Synchronous Error Correction Single-bit ECC Socket Designation L2-Cache [ Caches / L3-Cache ] Cache Properties: Type Unified Status Enabled Operational Mode Write-Back Associativity 12-way Set-Associative Maximum Size 3072 KB Installed Size 3072 KB Supported SRAM Type Synchronous Current SRAM Type Synchronous Error Correction Single-bit ECC Socket Designation L3-Cache [ Memory Arrays / System Memory ] Memory Array Properties: Location Motherboard Memory Array Function System Memory Error Correction None Max. Memory Capacity 16 GB Memory Devices 2 [ Memory Devices / ChannelA-DIMM0 ] Memory Device Properties: Form Factor SODIMM Type DDR3 Type Detail Synchronous Size 4 GB Max. Clock Speed 1333 MHz Total Width 64-bit Data Width 64-bit Device Locator ChannelA-DIMM0 Bank Locator BANK 0 Manufacturer Micron Serial Number 31408D9C Asset Tag 9876543210 Part Number 16KTF51264HZ-1G4M1 [ Memory Devices / ChannelB-DIMM0 ] Memory Device Properties: Form Factor SODIMM Type DDR3 Type Detail Synchronous Size 4 GB Max. Clock Speed 1333 MHz Total Width 64-bit Data Width 64-bit Device Locator ChannelB-DIMM0 Bank Locator BANK 2 Manufacturer Samsung Serial Number B20F7548 Asset Tag 9876543210 Part Number M471B5273CH0-CH9 [ System Slots / ExpressCard Slot ] System Slot Properties: Slot Designation ExpressCard Slot Type PCI-E Usage Empty Data Bus Width x1 [ System Slots / Media Card Slot ] System Slot Properties: Slot Designation Media Card Slot Usage Empty [ System Slots / SmartCard Slot ] System Slot Properties: Slot Designation SmartCard Slot Usage Empty [ Port Connectors / External Monitor ] Port Connector Properties: Port Type Video Port Internal Reference Designator Not Available Internal Connector Type None External Reference Designator External Monitor External Connector Type DB-15 pin female [ Port Connectors / DisplayPort ] Port Connector Properties: Port Type Video Port Internal Reference Designator Not Available Internal Connector Type None External Reference Designator DisplayPort [ Port Connectors / Headphone/Microphone Combo Jack ] Port Connector Properties: Port Type Audio Port Internal Reference Designator Not Available Internal Connector Type None External Reference Designator Headphone/Microphone Combo Jack External Connector Type Mini-jack (headphones) [ Port Connectors / Ethernet ] Port Connector Properties: Port Type Network Port Internal Reference Designator Not Available Internal Connector Type None External Reference Designator Ethernet External Connector Type RJ-45 [ Port Connectors / USB 1 ] Port Connector Properties: Port Type USB Internal Reference Designator Not Available Internal Connector Type None External Reference Designator USB 1 External Connector Type USB [ Port Connectors / USB 2 ] Port Connector Properties: Port Type USB Internal Reference Designator Not Available Internal Connector Type None External Reference Designator USB 2 External Connector Type USB [ Port Connectors / USB 3 ] Port Connector Properties: Port Type USB Internal Reference Designator Not Available Internal Connector Type None External Reference Designator USB 3 External Connector Type USB [ Port Connectors / USB/eSATA Combo ] Port Connector Properties: Internal Reference Designator Not Available Internal Connector Type None External Reference Designator USB/eSATA Combo [ Pointing Devices / Track Point ] Device Properties: Device Type Track Point Interface PS/2 Buttons 3 [ Pointing Devices / Touch Pad ] Device Properties: Device Type Touch Pad Interface PS/2 Buttons 2 [ On-Board Devices / IBM Embedded Security hardware ] On-Board Device Properties: Description IBM Embedded Security hardware Status Disabled [ Batteries / 42T4883 ] Battery Properties: Device Name 42T4883 Manufacturer SANYO Manufacture Date 14.06.2011 Serial Number 24199 Location Rear Battery Type LION Designed Capacity 31680 mWh Designed Voltage 14.400 V SDDS Version 03.01 [ Intel AMT ] Intel AMT Properties: Intel AMT Not Supported IDE Redirection Disabled SOL Disabled AMT Network Interface Enabled [ Intel vPro ] Intel vPro Properties: MEBX Version 7.0.0.63 ME Firmware Version 7.1.91.3272 PCH PCI Bus / Device / Function 0 / 31 / 0 PCH PCI Device ID 8086-1C4F Wired NIC PCI Bus / Device / Function 0 / 25 / 0 Wired NIC PCI Device ID 8086-1502 AMT Supported Anti-Theft Supported, Disabled Anti-Theft PBA for Recovery Supported Anti-Theft WWAN Supported BIOS TXT Supported BIOS VT-d Supported BIOS VT-x Supported CPU VT-x Supported, Disabled CPU TXT Not Supported KVM Supported Local Wakeup Timer Supported Management Engine Enabled Small Business Advantage Not Supported Standard Manageability Not Supported --------[ Overclock ]--------------------------------------------------------------------------------------------------- CPU Properties: CPU Type Mobile DualCore Intel Core i5-2410M CPU Alias Sandy Bridge-MB CPU Stepping J1 Engineering Sample No CPUID CPU Name Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz CPUID Revision 000206A7h CPU VID 0.7755 V CPU Speed: CPU Clock 797.6 MHz (original: [ TRIAL VERSION ] MHz) CPU Multiplier 8x CPU FSB 99.7 MHz (original: 100 MHz) North Bridge Clock 797.6 MHz Memory Bus 664.6 MHz DRAM:FSB Ratio 20:3 CPU Cache: L1 Code Cache 32 KB per core L1 Data Cache [ TRIAL VERSION ] L2 Cache 256 KB per core (On-Die, ECC, Full-Speed) L3 Cache 3 MB (On-Die, ECC, Full-Speed) Motherboard Properties: Motherboard ID Motherboard Name Lenovo ThinkPad T420 Chipset Properties: Motherboard Chipset Intel Cougar Point QM67, Intel Sandy Bridge Memory Timings 9-9-9-24 (CL-RCD-RP-RAS) Command Rate (CR) [ TRIAL VERSION ] DIMM1: Micron 16KTF51264HZ-1G4M1 4 GB DDR3-1333 DDR3 SDRAM (10-9-9-24 @ 666 MHz) (9-9-9-24 @ 666 MHz) (8-8-8-22 @ 609 MHz) (7-7-7-20 @ 533 MHz) (6-6-6-17 @ 457 MHz) (5-5-5-14 @ 380 MHz) DIMM2: Samsung M471B5273CH0-CH9 [ TRIAL VERSION ] BIOS Properties: System BIOS Date 01/21/2016 Video BIOS Date 10/30/10 DMI BIOS Version 83ET78WW (1.48 ) Graphics Processor Properties: Video Adapter Intel Sandy Bridge-MB - Integrated Graphics Controller (MB GT2) GPU Code Name Sandy Bridge-MB GT2 (Integrated 8086 / 0116, Rev 09) GPU Clock 648 MHz (original: [ TRIAL VERSION ] MHz) --------[ Power Management ]-------------------------------------------------------------------------------------------- Power Management Properties: Current Power Source AC Line Battery Status 88 % (High Level) Full Battery Lifetime Unknown Remaining Battery Lifetime Unknown Battery Properties: Device Name 42T4883 Manufacturer SANYO Serial Number 24199 Unique ID 24199SANYO42T4883 Battery Type Rechargeable Li-Ion Designed Capacity 31680 mWh Fully Charged Capacity 17890 mWh Current Capacity 15770 mWh (88 %) Battery Voltage 15.716 V Wear Level 43 % Power State AC Line --------[ Sensor ]------------------------------------------------------------------------------------------------------ Sensor Properties: Sensor Type ThinkPad EC (ACPI) Temperatures: CPU 47 °C (117 °F) CPU Package 49 °C (120 °F) CPU IA Cores 48 °C (118 °F) CPU GT Cores 49 °C (120 °F) CPU #1 / Core #1 49 °C (120 °F) CPU #1 / Core #2 48 °C (118 °F) Crucial_CT525MX300SSD1 [ TRIAL VERSION ] Cooling Fans: CPU 3172 RPM Voltage Values: CPU Core 0.776 V Battery 15.716 V Power Values: CPU Package 4.88 W CPU IA Cores 1.26 W CPU GT Cores [ TRIAL VERSION ] CPU Uncore 3.49 W Battery Charge Rate AC Line --------[ CPU ]--------------------------------------------------------------------------------------------------------- CPU Properties: CPU Type Mobile DualCore Intel Core i5-2410M, 2700 MHz (27 x 100) CPU Alias Sandy Bridge-MB CPU Stepping J1 Instruction Set x86, x86-64, MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, AVX, AES Original Clock [ TRIAL VERSION ] Min / Max CPU Multiplier 8x / 23x Engineering Sample No L1 Code Cache 32 KB per core L1 Data Cache [ TRIAL VERSION ] L2 Cache 256 KB per core (On-Die, ECC, Full-Speed) L3 Cache 3 MB (On-Die, ECC, Full-Speed) CPU Physical Info: Package Type 988 Pin rPGA Package Size 37.5 mm x 37.5 mm Transistors [ TRIAL VERSION ] million Process Technology 32 nm, CMOS, Cu, High-K + Metal Gate Die Size [ TRIAL VERSION ] mm2 Typical Power 35 W CPU Manufacturer: Company Name Intel Corporation Product Information http://ark.intel.com/search.aspx?q=Intel%20Core%20i5-2410M Driver Update http://www.aida64.com/driver-updates Multi CPU: CPU #1 Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz, 2292 MHz CPU #2 Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz, 2292 MHz CPU #3 Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz, 2292 MHz CPU #4 Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz, 2292 MHz CPU Utilization: CPU #1 / Core #1 / HTT Unit #1 0% CPU #1 / Core #1 / HTT Unit #2 0% CPU #1 / Core #2 / HTT Unit #1 0% CPU #1 / Core #2 / HTT Unit #2 0% --------[ CPUID ]------------------------------------------------------------------------------------------------------- CPUID Properties: CPUID Manufacturer GenuineIntel CPUID CPU Name Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz CPUID Revision 000206A7h IA Brand ID 00h (Unknown) Platform ID 29h / MC 10h (rPGA988B) Microcode Update Revision 29h HTT / CMP Units 2 / 2 Tjmax Temperature 100 °C (212 °F) CPU Thermal Design Power 35 W CPU IA Cores Thermal Design Current 97.5 A CPU GT Cores Thermal Design Current 32.5 A CPU Max Power Limit 56 W / 64.00 sec CPU Power Limit 1 (Long Duration) 35 W / 64.00 sec (Locked) CPU Power Limit 2 (Short Duration) 43.8 W / Unlimited Time (Locked) Max Turbo Boost Multipliers 1C: 29x, 2C: 27x Instruction Set: 64-bit x86 Extension (AMD64, Intel64) Supported AMD 3DNow! Not Supported AMD 3DNow! Professional Not Supported AMD 3DNowPrefetch Not Supported AMD Enhanced 3DNow! Not Supported AMD Extended MMX Not Supported AMD FMA4 Not Supported AMD MisAligned SSE Not Supported AMD SSE4A Not Supported AMD XOP Not Supported Cyrix Extended MMX Not Supported Enhanced REP MOVSB/STOSB Not Supported Float-16 Conversion Instructions Not Supported IA-64 Not Supported IA AES Extensions Supported IA AVX Supported, Enabled IA AVX2 Not Supported IA AVX-512 (AVX512F) Not Supported IA AVX-512 52-bit Integer Instructions (AVX512IFMA52)Not Supported IA AVX-512 Byte and Word Instructions (AVX512BW) Not Supported IA AVX-512 Conflict Detection Instructions (AVX512CD)Not Supported IA AVX-512 Doubleword and Quadword Instructions (AVX512DQ)Not Supported IA AVX-512 Exponential and Reciprocal Instructions (AVX512ER)Not Supported IA AVX-512 Prefetch Instructions (AVX512PF) Not Supported IA AVX-512 Vector Bit Manipulation Instructions (AVX512VBMI)Not Supported IA AVX-512 Vector Length Extensions (AVX512VL) Not Supported IA BMI1 Not Supported IA BMI2 Not Supported IA FMA Not Supported IA MMX Supported IA SHA Extensions Not Supported IA SSE Supported IA SSE2 Supported IA SSE3 Supported IA Supplemental SSE3 Supported IA SSE4.1 Supported IA SSE4.2 Supported VIA Alternate Instruction Set Not Supported ADCX / ADOX Instruction Not Supported CLFLUSH Instruction Supported CLFLUSHOPT Instruction Not Supported CLWB Instruction Not Supported CMPXCHG8B Instruction Supported CMPXCHG16B Instruction Supported Conditional Move Instruction Supported INVPCID Instruction Not Supported LAHF / SAHF Instruction Supported LZCNT Instruction Not Supported MONITOR / MWAIT Instruction Supported MONITORX / MWAITX Instruction Not Supported MOVBE Instruction Not Supported PCLMULQDQ Instruction Supported PCOMMIT Instruction Not Supported POPCNT Instruction Supported PREFETCHWT1 Instruction Not Supported RDFSBASE / RDGSBASE / WRFSBASE / WRGSBASE InstructionNot Supported RDRAND Instruction Not Supported RDSEED Instruction Not Supported RDTSCP Instruction Supported SKINIT / STGI Instruction Not Supported SYSCALL / SYSRET Instruction Not Supported SYSENTER / SYSEXIT Instruction Supported Trailing Bit Manipulation Instructions Not Supported VIA FEMMS Instruction Not Supported Security Features: Advanced Cryptography Engine (ACE) Not Supported Advanced Cryptography Engine 2 (ACE2) Not Supported Data Execution Prevention (DEP, NX, EDB) Supported Hardware Random Number Generator (RNG) Not Supported Hardware Random Number Generator 2 (RNG2) Not Supported Memory Protection Extensions (MPX) Not Supported PadLock Hash Engine (PHE) Not Supported PadLock Hash Engine 2 (PHE2) Not Supported PadLock Montgomery Multiplier (PMM) Not Supported PadLock Montgomery Multiplier 2 (PMM2) Not Supported Processor Serial Number (PSN) Not Supported Protection Keys for User-Mode Pages (PKU) Not Supported Safer Mode Extensions (SMX) Not Supported Software Guard Extensions (SGX) Not Supported Supervisor Mode Access Prevention (SMAP) Not Supported Supervisor Mode Execution Protection (SMEP) Not Supported Power Management Features: Application Power Management (APM) Not Supported Automatic Clock Control Supported Configurable TDP (cTDP) Not Supported Core C6 State (CC6) Not Supported Digital Thermometer Supported Dynamic FSB Frequency Switching Not Supported Enhanced Halt State (C1E) Supported, Enabled Enhanced SpeedStep Technology (EIST, ESS) Supported, Enabled Frequency ID Control Not Supported Hardware P-State Control Not Supported Hardware Thermal Control (HTC) Not Supported LongRun Not Supported LongRun Table Interface Not Supported Overstress Not Supported Package C6 State (PC6) Not Supported Parallax Not Supported PowerSaver 1.0 Not Supported PowerSaver 2.0 Not Supported PowerSaver 3.0 Not Supported Processor Duty Cycle Control Supported Software Thermal Control Not Supported Temperature Sensing Diode Not Supported Thermal Monitor 1 Supported Thermal Monitor 2 Supported Thermal Monitor 3 Not Supported Thermal Monitoring Not Supported Thermal Trip Not Supported Voltage ID Control Not Supported Virtualization Features: Extended Page Table (EPT) Supported Hypervisor Not Present INVEPT Instruction Supported INVVPID Instruction Supported Nested Paging (NPT, RVI) Not Supported Secure Virtual Machine (SVM, Pacifica) Not Supported Virtual Machine Extensions (VMX, Vanderpool) Supported Virtual Processor ID (VPID) Supported CPUID Features: 1 GB Page Size Not Supported 36-bit Page Size Extension Supported 64-bit DS Area Supported Adaptive Overclocking Not Supported Address Region Registers (ARR) Not Supported Code and Data Prioritization Technology (CDP) Not Supported Core Performance Boost (CPB) Not Supported Core Performance Counters Not Supported CPL Qualified Debug Store Supported Data Breakpoint Extension Not Supported Debug Trace Store Supported Debugging Extension Supported Deprecated FPU CS and FPU DS Not Supported Direct Cache Access Not Supported Dynamic Acceleration Technology (IDA) Not Supported Dynamic Configurable TDP (DcTDP) Not Supported Extended APIC Register Space Not Supported Fast Save & Restore Supported Hardware Lock Elision (HLE) Not Supported Hybrid Boost Not Supported Hyper-Threading Technology (HTT) Supported, Enabled Instruction Based Sampling Not Supported Invariant Time Stamp Counter Supported L1 Context ID Not Supported L2I Performance Counters Not Supported Lightweight Profiling Not Supported Local APIC On Chip Supported Machine Check Architecture (MCA) Supported Machine Check Exception (MCE) Supported Memory Configuration Registers (MCR) Not Supported Memory Type Range Registers (MTRR) Supported Model Specific Registers (MSR) Supported NB Performance Counters Not Supported Page Attribute Table (PAT) Supported Page Global Extension Supported Page Size Extension (PSE) Supported Pending Break Event (PBE) Supported Performance Time Stamp Counter (PTSC) Not Supported Physical Address Extension (PAE) Supported Platform Quality of Service Enforcement (PQE) Not Supported Platform Quality of Service Monitoring (PQM) Not Supported Process Context Identifiers (PCID) Supported Processor Feedback Interface Not Supported Processor Trace (PT) Not Supported Restricted Transactional Memory (RTM) Not Supported Self-Snoop Supported Time Stamp Counter (TSC) Supported Turbo Boost Supported, Enabled Virtual Mode Extension Supported Watchdog Timer Not Supported x2APIC Supported, Disabled XGETBV / XSETBV OS Enabled Supported XSAVE / XRSTOR / XSETBV / XGETBV Extended States Supported XSAVEOPT Supported CPUID Registers (CPU #1): CPUID 00000000 0000000D-756E6547-6C65746E-49656E69 [GenuineIntel] CPUID 00000001 000206A7-00100800-1FBAE3BF-BFEBFBFF CPUID 00000002 76035A01-00F0B2FF-00000000-00CA0000 CPUID 00000003 00000000-00000000-00000000-00000000 CPUID 00000004 1C004121-01C0003F-0000003F-00000000 [SL 00] CPUID 00000004 1C004122-01C0003F-0000003F-00000000 [SL 01] CPUID 00000004 1C004143-01C0003F-000001FF-00000000 [SL 02] CPUID 00000004 1C03C163-02C0003F-00000FFF-00000006 [SL 03] CPUID 00000005 00000040-00000040-00000003-00021120 CPUID 00000006 00000077-00000002-00000009-00000000 CPUID 00000007 00000000-00000000-00000000-00000000 CPUID 00000008 00000000-00000000-00000000-00000000 CPUID 00000009 00000000-00000000-00000000-00000000 CPUID 0000000A 07300403-00000000-00000000-00000603 CPUID 0000000B 00000001-00000002-00000100-00000000 [SL 00] CPUID 0000000B 00000004-00000004-00000201-00000000 [SL 01] CPUID 0000000C 00000000-00000000-00000000-00000000 CPUID 0000000D 00000007-00000340-00000340-00000000 [SL 00] CPUID 0000000D 00000001-00000000-00000000-00000000 [SL 01] CPUID 0000000D 00000100-00000240-00000000-00000000 [SL 02] CPUID 80000000 80000008-00000000-00000000-00000000 CPUID 80000001 00000000-00000000-00000001-28100000 CPUID 80000002 20202020-49202020-6C65746E-20295228 [ Intel(R) ] CPUID 80000003 65726F43-294D5428-2D356920-30313432 [Core(TM) i5-2410] CPUID 80000004 5043204D-20402055-30332E32-007A4847 [M CPU @ 2.30GHz] CPUID 80000005 00000000-00000000-00000000-00000000 CPUID 80000006 00000000-00000000-01006040-00000000 CPUID 80000007 00000000-00000000-00000000-00000100 CPUID 80000008 00003024-00000000-00000000-00000000 CPUID Registers (CPU #2 Virtual): CPUID 00000000 0000000D-756E6547-6C65746E-49656E69 [GenuineIntel] CPUID 00000001 000206A7-01100800-1FBAE3BF-BFEBFBFF CPUID 00000002 76035A01-00F0B2FF-00000000-00CA0000 CPUID 00000003 00000000-00000000-00000000-00000000 CPUID 00000004 1C004121-01C0003F-0000003F-00000000 [SL 00] CPUID 00000004 1C004122-01C0003F-0000003F-00000000 [SL 01] CPUID 00000004 1C004143-01C0003F-000001FF-00000000 [SL 02] CPUID 00000004 1C03C163-02C0003F-00000FFF-00000006 [SL 03] CPUID 00000005 00000040-00000040-00000003-00021120 CPUID 00000006 00000077-00000002-00000009-00000000 CPUID 00000007 00000000-00000000-00000000-00000000 CPUID 00000008 00000000-00000000-00000000-00000000 CPUID 00000009 00000000-00000000-00000000-00000000 CPUID 0000000A 07300403-00000000-00000000-00000603 CPUID 0000000B 00000001-00000002-00000100-00000001 [SL 00] CPUID 0000000B 00000004-00000004-00000201-00000001 [SL 01] CPUID 0000000C 00000000-00000000-00000000-00000000 CPUID 0000000D 00000007-00000340-00000340-00000000 [SL 00] CPUID 0000000D 00000001-00000000-00000000-00000000 [SL 01] CPUID 0000000D 00000100-00000240-00000000-00000000 [SL 02] CPUID 80000000 80000008-00000000-00000000-00000000 CPUID 80000001 00000000-00000000-00000001-28100000 CPUID 80000002 20202020-49202020-6C65746E-20295228 [ Intel(R) ] CPUID 80000003 65726F43-294D5428-2D356920-30313432 [Core(TM) i5-2410] CPUID 80000004 5043204D-20402055-30332E32-007A4847 [M CPU @ 2.30GHz] CPUID 80000005 00000000-00000000-00000000-00000000 CPUID 80000006 00000000-00000000-01006040-00000000 CPUID 80000007 00000000-00000000-00000000-00000100 CPUID 80000008 00003024-00000000-00000000-00000000 CPUID Registers (CPU #3): CPUID 00000000 0000000D-756E6547-6C65746E-49656E69 [GenuineIntel] CPUID 00000001 000206A7-02100800-1FBAE3BF-BFEBFBFF CPUID 00000002 76035A01-00F0B2FF-00000000-00CA0000 CPUID 00000003 00000000-00000000-00000000-00000000 CPUID 00000004 1C004121-01C0003F-0000003F-00000000 [SL 00] CPUID 00000004 1C004122-01C0003F-0000003F-00000000 [SL 01] CPUID 00000004 1C004143-01C0003F-000001FF-00000000 [SL 02] CPUID 00000004 1C03C163-02C0003F-00000FFF-00000006 [SL 03] CPUID 00000005 00000040-00000040-00000003-00021120 CPUID 00000006 00000077-00000002-00000009-00000000 CPUID 00000007 00000000-00000000-00000000-00000000 CPUID 00000008 00000000-00000000-00000000-00000000 CPUID 00000009 00000000-00000000-00000000-00000000 CPUID 0000000A 07300403-00000000-00000000-00000603 CPUID 0000000B 00000001-00000002-00000100-00000002 [SL 00] CPUID 0000000B 00000004-00000004-00000201-00000002 [SL 01] CPUID 0000000C 00000000-00000000-00000000-00000000 CPUID 0000000D 00000007-00000340-00000340-00000000 [SL 00] CPUID 0000000D 00000001-00000000-00000000-00000000 [SL 01] CPUID 0000000D 00000100-00000240-00000000-00000000 [SL 02] CPUID 80000000 80000008-00000000-00000000-00000000 CPUID 80000001 00000000-00000000-00000001-28100000 CPUID 80000002 20202020-49202020-6C65746E-20295228 [ Intel(R) ] CPUID 80000003 65726F43-294D5428-2D356920-30313432 [Core(TM) i5-2410] CPUID 80000004 5043204D-20402055-30332E32-007A4847 [M CPU @ 2.30GHz] CPUID 80000005 00000000-00000000-00000000-00000000 CPUID 80000006 00000000-00000000-01006040-00000000 CPUID 80000007 00000000-00000000-00000000-00000100 CPUID 80000008 00003024-00000000-00000000-00000000 CPUID Registers (CPU #4 Virtual): CPUID 00000000 0000000D-756E6547-6C65746E-49656E69 [GenuineIntel] CPUID 00000001 000206A7-03100800-1FBAE3BF-BFEBFBFF CPUID 00000002 76035A01-00F0B2FF-00000000-00CA0000 CPUID 00000003 00000000-00000000-00000000-00000000 CPUID 00000004 1C004121-01C0003F-0000003F-00000000 [SL 00] CPUID 00000004 1C004122-01C0003F-0000003F-00000000 [SL 01] CPUID 00000004 1C004143-01C0003F-000001FF-00000000 [SL 02] CPUID 00000004 1C03C163-02C0003F-00000FFF-00000006 [SL 03] CPUID 00000005 00000040-00000040-00000003-00021120 CPUID 00000006 00000077-00000002-00000009-00000000 CPUID 00000007 00000000-00000000-00000000-00000000 CPUID 00000008 00000000-00000000-00000000-00000000 CPUID 00000009 00000000-00000000-00000000-00000000 CPUID 0000000A 07300403-00000000-00000000-00000603 CPUID 0000000B 00000001-00000002-00000100-00000003 [SL 00] CPUID 0000000B 00000004-00000004-00000201-00000003 [SL 01] CPUID 0000000C 00000000-00000000-00000000-00000000 CPUID 0000000D 00000007-00000340-00000340-00000000 [SL 00] CPUID 0000000D 00000001-00000000-00000000-00000000 [SL 01] CPUID 0000000D 00000100-00000240-00000000-00000000 [SL 02] CPUID 80000000 80000008-00000000-00000000-00000000 CPUID 80000001 00000000-00000000-00000001-28100000 CPUID 80000002 20202020-49202020-6C65746E-20295228 [ Intel(R) ] CPUID 80000003 65726F43-294D5428-2D356920-30313432 [Core(TM) i5-2410] CPUID 80000004 5043204D-20402055-30332E32-007A4847 [M CPU @ 2.30GHz] CPUID 80000005 00000000-00000000-00000000-00000000 CPUID 80000006 00000000-00000000-01006040-00000000 CPUID 80000007 00000000-00000000-00000000-00000100 CPUID 80000008 00003024-00000000-00000000-00000000 MSR Registers: MSR 00000017 0010-0000-0000-0000 [PlatID = 4] MSR 0000001B 0000-0000-FEE0-0900 MSR 00000035 0000-0000-0002-0004 MSR 0000008B 0000-0029-0000-0000 MSR 000000CE 0000-0800-6001-1700 [eD = 0] MSR 000000E7 0000-0000-0005-3789 [S200] MSR 000000E7 0000-0000-000E-E463 MSR 000000E7 0000-0000-00F1-24EA [S200] MSR 000000E8 0000-0000-0001-55DD MSR 000000E8 0000-0000-0006-3D20 [S200] MSR 000000E8 0000-0000-001F-764C [S200] MSR 00000194 0000-0000-0001-0000 MSR 00000198 0000-18D1-0000-0800 MSR 00000198 0000-18D1-0000-0800 [S200] MSR 00000198 0000-18FA-0000-0800 [S200] MSR 00000199 0000-0000-0000-1D00 MSR 0000019A 0000-0000-0000-0000 MSR 0000019B 0000-0000-0000-0010 MSR 0000019C 0000-0000-8836-0008 [S200] MSR 0000019C 0000-0000-8837-0008 MSR 0000019C 0000-0000-8837-0008 [S200] MSR 0000019D 0000-0000-0000-0000 MSR 000001A0 0000-0000-0085-0088 MSR 000001A2 0000-0000-0364-0E00 MSR 000001A4 0000-0000-0000-0000 MSR 000001AA 0000-0000-0040-0000 MSR 000001AC < FAILED > MSR 000001AD 0000-0000-1B1B-1B1D MSR 000001B0 0000-0000-0000-0000 MSR 000001B1 0000-0000-8837-0008 MSR 000001B2 0000-0000-0000-0000 MSR 000001FC 0000-0000-0004-005F MSR 00000300 < FAILED > MSR 0000030A 0000-0000-0000-0000 MSR 0000030A 0000-0000-0000-0000 [S200] MSR 0000030A 0000-0000-0000-0000 [S200] MSR 0000030B 0000-004C-44F8-6E5F [S200] MSR 0000030B 0000-004C-5384-7B61 [S200] MSR 0000030B 0000-004C-5AC6-8E27 MSR 00000480 00DA-0400-0000-0010 MSR 00000481 0000-007F-0000-0016 MSR 00000482 FFF9-FFFE-0401-E172 MSR 00000483 007F-FFFF-0003-6DFF MSR 00000484 0000-FFFF-0000-11FF MSR 00000485 0000-0000-1004-01E5 MSR 00000486 0000-0000-8000-0021 MSR 00000487 0000-0000-FFFF-FFFF MSR 00000488 0000-0000-0000-2000 MSR 00000489 0000-0000-0006-27FF MSR 0000048A 0000-0000-0000-002A MSR 0000048B 0000-00FF-0000-0000 MSR 0000048C 0000-0F01-0611-4141 MSR 0000048D 0000-007F-0000-0016 MSR 0000048E FFF9-FFFE-0400-6172 MSR 0000048F 007F-FFFF-0003-6DFB MSR 00000490 0000-FFFF-0000-11FB MSR 00000601 0010-1494-8000-030C MSR 00000602 0010-1494-8000-0104 MSR 00000603 0000-0000-8030-3030 MSR 00000604 0000-0000-8064-6464 MSR 00000606 0000-0000-000A-1003 MSR 0000060A 0000-0000-0000-8850 MSR 0000060B 0000-0000-0000-8868 MSR 0000060C 0000-0000-0000-886D MSR 0000060D 0000-05A2-FE8F-EFD7 MSR 00000610 8000-815E-0020-8118 MSR 00000611 0000-0000-DCFE-C7C2 [S200] MSR 00000611 0000-0000-DCFF-A784 [S200] MSR 00000611 0000-0000-DD00-7F54 MSR 00000613 < FAILED > MSR 00000614 0010-01C0-00C0-0118 MSR 00000618 < FAILED > MSR 00000619 < FAILED > MSR 0000061B < FAILED > MSR 0000061C < FAILED > MSR 00000638 0000-0000-0000-0000 MSR 00000639 0000-0000-7D7B-B2DB [S200] MSR 00000639 0000-0000-7D7B-EC4B [S200] MSR 00000639 0000-0000-7D7C-2396 MSR 0000063A 0000-0000-0000-0000 MSR 0000063B < FAILED > MSR 00000640 0000-0000-0020-8118 MSR 00000641 0000-0000-96E1-A5CE [S200] MSR 00000641 0000-0000-96E1-AD7B [S200] MSR 00000641 0000-0000-96E1-B667 MSR 00000642 0000-0000-0000-0018 --------[ Motherboard ]------------------------------------------------------------------------------------------------- Motherboard Properties: Motherboard ID Motherboard Name Lenovo ThinkPad T420 Front Side Bus Properties: Bus Type BCLK Real Clock 100 MHz Effective Clock 100 MHz Memory Bus Properties: Bus Type Dual DDR3 SDRAM Bus Width 128-bit DRAM:FSB Ratio 20:3 Real Clock 667 MHz (DDR) Effective Clock 1333 MHz Bandwidth [ TRIAL VERSION ] MB/s Chipset Bus Properties: Bus Type Intel Direct Media Interface v2.0 Motherboard Manufacturer: Company Name Lenovo Product Information http://www.lenovo.com/products/us BIOS Download http://support.lenovo.com/en_US Driver Update http://www.aida64.com/driver-updates BIOS Upgrades http://www.aida64.com/bios-updates --------[ Memory ]------------------------------------------------------------------------------------------------------ Physical Memory: Total [ TRIAL VERSION ] Used [ TRIAL VERSION ] Free 5167 MB Utilization [ TRIAL VERSION ] Virtual Memory: Total 16149 MB Used 2946 MB Free 13202 MB Utilization 18 % Paging File: Paging File D:\pagefile.sys Current Size 8075 MB Current / Peak Usage 197 MB / 247 MB Utilization 2 % Physical Address Extension (PAE): Supported by Operating System Yes Supported by CPU Yes Active Yes --------[ SPD ]--------------------------------------------------------------------------------------------------------- [ DIMM1: Micron 16KTF51264HZ-1G4M1 ] Memory Module Properties: Module Name Micron 16KTF51264HZ-1G4M1 Serial Number 31408D9Ch (2626502705) Manufacture Date Week 42 / 2011 Module Size 4 GB (2 ranks, 8 banks) Module Type SO-DIMM Memory Type DDR3 SDRAM Memory Speed DDR3-1333 (667 MHz) Module Width 64 bit Module Voltage 1.35 V / 1.5 V Error Detection Method None Refresh Rate Normal (7.8 us) DRAM Manufacturer Micron Memory Timings: @ 666 MHz 10-9-9-24 (CL-RCD-RP-RAS) / 33-107-4-10-5-5-20 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 666 MHz 9-9-9-24 (CL-RCD-RP-RAS) / 33-107-4-10-5-5-20 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 609 MHz 8-8-8-22 (CL-RCD-RP-RAS) / 30-98-4-10-5-5-19 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 533 MHz 7-7-7-20 (CL-RCD-RP-RAS) / 27-86-4-8-4-4-16 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 457 MHz 6-6-6-17 (CL-RCD-RP-RAS) / 23-74-3-7-4-4-14 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 380 MHz 5-5-5-14 (CL-RCD-RP-RAS) / 19-61-3-6-3-3-12 (RC-RFC-RRD-WR-WTR-RTP-FAW) Memory Module Features: Auto Self Refresh (ASR) Supported DLL-Off Mode Supported Extended Temperature Range Supported Extended Temperature 1X Refresh Rate Not Supported Module Thermal Sensor Not Supported On-Die Thermal Sensor Readout (ODTS) Not Supported Partial Array Self Refresh (PASR) Not Supported RZQ/6 Supported RZQ/7 Supported Memory Module Manufacturer: Company Name Micron Technology, Inc. Product Information http://www.micron.com/products/dram-modules [ DIMM2: [ TRIAL VERSION ] ] Memory Module Properties: Module Name [ TRIAL VERSION ] Serial Number B20F7548h (1215631282) Manufacture Date Week 30 / 2011 Module Size 4 GB (2 ranks, 8 banks) Module Type [ TRIAL VERSION ] Memory Type DDR3 SDRAM Memory Speed DDR3-1333 (667 MHz) Module Width 64 bit Module Voltage 1.5 V Error Detection Method None Refresh Rate Normal (7.8 us) DRAM Manufacturer Samsung Memory Timings: @ 666 MHz 9-9-9-24 (CL-RCD-RP-RAS) / 33-107-4-10-5-5-20 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 609 MHz 8-8-8-22 (CL-RCD-RP-RAS) / 30-98-4-10-5-5-19 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 533 MHz 7-7-7-20 (CL-RCD-RP-RAS) / 27-86-4-8-4-4-16 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 457 MHz 6-6-6-17 (CL-RCD-RP-RAS) / 23-74-3-7-4-4-14 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 380 MHz 5-5-5-14 (CL-RCD-RP-RAS) / 19-61-3-6-3-3-12 (RC-RFC-RRD-WR-WTR-RTP-FAW) Memory Module Features: Auto Self Refresh (ASR) Not Supported DLL-Off Mode Supported Extended Temperature Range Supported Extended Temperature 1X Refresh Rate Not Supported Module Thermal Sensor Not Supported On-Die Thermal Sensor Readout (ODTS) Not Supported Partial Array Self Refresh (PASR) Not Supported RZQ/6 Supported RZQ/7 Supported Memory Module Manufacturer: Company Name Samsung Product Information http://www.samsung.com/global/business/semiconductor --------[ Chipset ]----------------------------------------------------------------------------------------------------- [ North Bridge: Intel Sandy Bridge-MB IMC ] North Bridge Properties: North Bridge Intel Sandy Bridge-MB IMC Intel Platform Huron River Supported Memory Types DDR3-1066, DDR3-1333 SDRAM Maximum Memory Amount 16 GB Revision 09 Process Technology 32 nm VT-d Not Supported Extended APIC (x2APIC) Supported Memory Controller: Type Dual Channel (128-bit) Active Mode Dual Channel (128-bit) Memory Timings: CAS Latency (CL) 9T RAS To CAS Delay (tRCD) 9T RAS Precharge (tRP) 9T RAS Active Time (tRAS) 24T Row Refresh Cycle Time (tRFC) 107T Command Rate (CR) 1T RAS To RAS Delay (tRRD) 4T Write Recovery Time (tWR) 10T Read To Read Delay (tRTR) Same Rank: 4T, Different Rank: 1T, Different DIMM: 3T Read To Write Delay (tRTW) Same Rank: 3T, Different Rank: 3T, Different DIMM: 3T Write To Read Delay (tWTR) 5T, Different Rank: 1T, Different DIMM: 1T Write To Write Delay (tWTW) Same Rank: 4T, Different Rank: 3T, Different DIMM: 3T Read To Precharge Delay (tRTP) 5T Four Activate Window Delay (tFAW) 20T Write CAS Latency (tWCL) 7T CKE Min. Pulse Width (tCKE) 4T Refresh Period (tREF) 5200T Round Trip Latency (tRTL) DIMM1: 34T, DIMM2: 32T, DIMM3: 34T, DIMM4: 32T I/O Latency (tIOL) DIMM1: 2T, DIMM2: 0T, DIMM4: 0T Burst Length (BL) 8 Error Correction: ECC Not Supported ChipKill ECC Not Supported RAID Not Supported ECC Scrubbing Not Supported Memory Slots: DRAM Slot #1 4 GB (DDR3-1333 DDR3 SDRAM) DRAM Slot #2 4 GB (DDR3-1333 DDR3 SDRAM) Integrated Graphics Controller: Graphics Controller Type Intel HD Graphics 3000 Graphics Controller Status Enabled Graphics Frame Buffer Size 64 MB Chipset Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ South Bridge: [ TRIAL VERSION ] ] South Bridge Properties: South Bridge [ TRIAL VERSION ] Intel Platform Huron River Revision / Stepping 05 / B3 Package Type 989 Pin FC-BGA Package Size 25 mm x 25 mm Process Technology 65 nm Die Size [ TRIAL VERSION ] mm2 Core Voltage 1.05 V TDP 3.9 W High Definition Audio: Codec Name Conexant Cx20590 Codec ID 14F1506Eh / 17AA21CEh Codec Revision 1000h Codec Type Audio High Definition Audio: Codec Name Intel Cougar Point HDMI Codec ID 80862805h / 80860101h Codec Revision 1000h Codec Type Audio PCI Express Controller: PCI-E 2.0 x1 port #1 Empty PCI-E 2.0 x1 port #2 In Use @ x1 (Intel Centrino Advanced-N 6205 AGN 2x2 HMC WiFi Adapter) PCI-E 2.0 x1 port #4 Empty PCI-E 2.0 x1 port #5 In Use @ x1 Chipset Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates --------[ BIOS ]-------------------------------------------------------------------------------------------------------- BIOS Properties: BIOS Type Phoenix EFI BIOS Version 83ET78WW (1.48 ) UEFI Boot No System BIOS Date 01/21/2016 Video BIOS Date 10/30/10 BIOS Manufacturer: Company Name Phoenix Technologies Ltd. Product Information http://www.phoenix.com/pages/products BIOS Upgrades http://www.aida64.com/bios-updates --------[ Processes ]--------------------------------------------------------------------------------------------------- AcDeskBandHlpr.exe C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe 32-bit 14024 KB 4 KB AcPrfMgrSvc.exe C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe 32-bit 10676 KB 4 KB AcSvc.exe C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe 32-bit 14324 KB 5 KB aida64.exe C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe 32-bit 63584 KB 55 KB ApplicationWebServer.exe C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe 32-bit 9636 KB 4 KB audiodg.exe 64-bit 17556 KB 16 KB avp.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe 32-bit 103 MB 165 KB avpui.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avpui.exe 32-bit 2268 KB 68 KB btwdins.exe C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe 64-bit 8272 KB 3 KB CamMute.exe C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe 32-bit 5008 KB 1 KB CDeX.exe C:\Program Files (x86)\Alcatel-Lucent\CDeXservice\CDeX.exe 64-bit 29868 KB 30 KB chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 64-bit 114 MB 112 KB chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 64-bit 6888 KB 2 KB chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 64-bit 34000 KB 22 KB chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 64-bit 177 MB 130 KB chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 64-bit 34164 KB 22 KB chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 64-bit 183 MB 130 KB chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 64-bit 146 MB 131 KB chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 64-bit 6380 KB 2 KB chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 64-bit 50104 KB 36 KB conhost.exe C:\Windows\system32\conhost.exe 64-bit 3080 KB 1 KB conhost.exe C:\Windows\system32\conhost.exe 64-bit 3244 KB 1 KB csrss.exe C:\Windows\system32\csrss.exe 64-bit 5352 KB 2 KB csrss.exe C:\Windows\system32\csrss.exe 64-bit 37092 KB 3 KB dwm.exe C:\Windows\system32\Dwm.exe 64-bit 54556 KB 47 KB EvtEng.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe 64-bit 15048 KB 6 KB explorer.exe C:\Windows\Explorer.EXE 64-bit 118 MB 85 KB GoogleCrashHandler.exe C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe 32-bit 1184 KB 1 KB GoogleCrashHandler64.exe C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe 64-bit 1012 KB 1 KB hkcmd.exe C:\Windows\System32\hkcmd.exe 64-bit 7688 KB 2 KB HWiNFO64.EXE C:\Program Files\HWiNFO64\HWiNFO64.EXE 64-bit 56976 KB 36 KB ibmpmsvc.exe C:\Windows\system32\ibmpmsvc.exe 64-bit 4948 KB 1 KB ICCProxy.exe C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe 32-bit 5288 KB 1 KB igfxpers.exe C:\Windows\System32\igfxpers.exe 64-bit 10384 KB 3 KB igfxtray.exe C:\Windows\System32\igfxtray.exe 64-bit 7900 KB 3 KB ijplmsvc.exe C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE 32-bit 4572 KB 1 KB IntelCpHeciSvc.exe C:\Windows\SysWow64\IntelCpHeciSvc.exe 32-bit 5352 KB 1 KB IPROSetMonitor.exe C:\Windows\system32\IProsetMonitor.exe 64-bit 6728 KB 2 KB jhi_service.exe C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe 32-bit 4996 KB 1 KB jusched.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 32-bit 5584 KB 2 KB lkads.exe C:\Windows\SysWOW64\lkads.exe 32-bit 8200 KB 3 KB lkcitdl.exe C:\Windows\SysWOW64\lkcitdl.exe 32-bit 8952 KB 3 KB lktsrv.exe C:\Windows\SysWOW64\lktsrv.exe 32-bit 8468 KB 4 KB LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 32-bit 5832 KB 2 KB LPlatSvc.exe C:\Windows\system32\LPlatSvc.exe 64-bit 6400 KB 2 KB LPlatSvc.exe C:\Windows\system32\LPlatSvc.exe 64-bit 5612 KB 1 KB lsass.exe C:\Windows\system32\lsass.exe 64-bit 16256 KB 7 KB LSCNotify.exe C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe 32-bit 4888 KB 1 KB lsm.exe C:\Windows\system32\lsm.exe 64-bit 4956 KB 2 KB micmute.exe C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe 32-bit 5692 KB 5 KB nidmsrv.exe C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe 32-bit 8448 KB 3 KB niLxiDiscovery.exe C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe 32-bit 6564 KB 2 KB nimdnsResponder.exe C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe 32-bit 7592 KB 2 KB PresentationFontCache.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 64-bit 20628 KB 25 KB PrintIsolationHost.exe C:\Windows\system32\PrintIsolationHost.exe 64-bit 5236 KB 1 KB PWMDBSVC.exe C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE 32-bit 7512 KB 2 KB RegSrvc.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 64-bit 7308 KB 1 KB rundll32.exe C:\Windows\system32\rundll32.exe 64-bit 4144 KB 1 KB rundll32.exe C:\Windows\system32\rundll32.exe 64-bit 4148 KB 1 KB rundll32.exe C:\Windows\System32\rundll32.exe 64-bit 7120 KB 2 KB rundll32.exe C:\Windows\SysWOW64\rundll32.exe 32-bit 4156 KB 1 KB rundll32.exe C:\Windows\system32\rundll32.exe 64-bit 17532 KB 6 KB SCHTASK.EXE C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe 32-bit 9640 KB 3 KB services.exe C:\Windows\system32\services.exe 64-bit 10888 KB 6 KB shtctky.exe C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE 64-bit 5376 KB 1 KB smss.exe 64-bit 1280 KB 0 KB splwow64.exe C:\Windows\splwow64.exe 64-bit 5276 KB 1 KB spoolsv.exe C:\Windows\System32\spoolsv.exe 64-bit 19468 KB 12 KB STM-Downloader.exe C:\Program Files\NoxBit\STM-Downloader.exe 64-bit 6088 KB 2 KB STM-Hypervisor.exe C:\Program Files\NoxBit\STM-Hypervisor.exe 64-bit 4856 KB 1 KB STM-Service.exe C:\Program Files\NoxBit\STM-Service.exe 64-bit 3140 KB 1 KB SUService.exe C:\Program Files (x86)\Lenovo\System Update\SUService.exe 32-bit 19436 KB 12 KB SvcGuiHlpr.exe C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe 32-bit 9216 KB 3 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 22388 KB 10 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 43908 KB 27 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 8292 KB 3 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 18484 KB 16 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 12656 KB 10 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 6696 KB 2 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 7124 KB 2 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 5676 KB 1 KB svchost.exe C:\Windows\System32\svchost.exe 64-bit 51260 KB 54 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 5376 KB 1 KB svchost.exe C:\Windows\System32\svchost.exe 64-bit 19684 KB 19 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 10012 KB 5 KB svchost.exe C:\Windows\System32\svchost.exe 64-bit 24404 KB 13 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 11876 KB 5 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 5332 KB 1 KB SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 64-bit 8328 KB 9 KB SynTPHelper.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE 64-bit 3888 KB 1 KB SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe 64-bit 5580 KB 2 KB System Idle Process 24 KB 0 KB System 64-bit 800 KB 0 KB SystemWebServer.exe C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe 32-bit 10324 KB 5 KB taskeng.exe C:\Windows\system32\taskeng.exe 64-bit 7480 KB 2 KB taskeng.exe C:\Windows\system32\taskeng.exe 64-bit 5836 KB 2 KB taskhost.exe C:\Windows\system32\taskhost.exe 64-bit 6336 KB 3 KB taskhost.exe C:\Windows\system32\taskhost.exe 64-bit 15776 KB 13 KB TeamViewer_Service.exe C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe 32-bit 16156 KB 5 KB tphkload.exe C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe 64-bit 11856 KB 9 KB TPHKSVC.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe 32-bit 7392 KB 2 KB TpKnrres.exe C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe 32-bit 3832 KB 1 KB TPKNRSVC.exe C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe 32-bit 3520 KB 1 KB tpnumlk.exe C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe 64-bit 5380 KB 1 KB tpnumlkd.exe C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe 64-bit 5108 KB 1 KB TPONSCR.exe C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE 32-bit 5180 KB 1 KB TpScrex.exe C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE 32-bit 5532 KB 2 KB UNS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 32-bit 12112 KB 6 KB unsecapp.exe C:\Windows\system32\wbem\unsecapp.exe 64-bit 5780 KB 1 KB wininit.exe C:\Windows\system32\wininit.exe 64-bit 4880 KB 1 KB winlogon.exe C:\Windows\system32\winlogon.exe 64-bit 7664 KB 3 KB wlanext.exe C:\Windows\system32\WLANExt.exe 64-bit 16676 KB 7 KB WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe 64-bit 9900 KB 3 KB WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe 64-bit 9396 KB 3 KB WoTLauncher.exe D:\WoT\WoTLauncher.exe 32-bit 72092 KB 42 KB WUDFHost.exe C:\Windows\System32\WUDFHost.exe 64-bit 5464 KB 1 KB ZeroConfigService.exe C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe 64-bit 15540 KB 6 KB --------[ System Drivers ]---------------------------------------------------------------------------------------------- 1394ohci 1394 OHCI Compliant Host Controller 1394ohci.sys 6.1.7601.17514 Kernel Driver Stopped ACPI Microsoft ACPI Driver ACPI.sys 6.1.7601.17514 Kernel Driver Running AcpiPmi ACPI Power Meter Driver acpipmi.sys 6.1.7601.17514 Kernel Driver Stopped adp94xx adp94xx adp94xx.sys 1.6.6.4 Kernel Driver Stopped adpahci adpahci adpahci.sys 1.6.6.1 Kernel Driver Stopped adpu320 adpu320 adpu320.sys 7.2.0.0 Kernel Driver Stopped AFD Ancillary Function Driver for Winsock afd.sys 6.1.7601.23761 Kernel Driver Running agp440 Intel AGP Bus Filter agp440.sys 6.1.7600.16385 Kernel Driver Stopped AIDA64Driver FinalWire AIDA64 Kernel Driver kerneld.x64 Kernel Driver Running aliide aliide aliide.sys 1.2.0.0 Kernel Driver Stopped amdide amdide amdide.sys 6.1.7600.16385 Kernel Driver Stopped AmdK8 AMD K8 Processor Driver amdk8.sys 6.1.7600.16385 Kernel Driver Stopped AmdPPM AMD Processor Driver amdppm.sys 6.1.7600.16385 Kernel Driver Stopped amdsata amdsata amdsata.sys 1.1.2.5 Kernel Driver Stopped amdsbs amdsbs amdsbs.sys 3.6.1540.127 Kernel Driver Stopped amdxata amdxata amdxata.sys 1.1.2.5 Kernel Driver Running AppID AppID Driver appid.sys 6.1.7601.23915 Kernel Driver Stopped arc arc arc.sys 5.2.0.10384 Kernel Driver Stopped arcsas arcsas arcsas.sys 5.2.0.16119 Kernel Driver Stopped AsyncMac RAS Asynchronous Media Driver asyncmac.sys 6.1.7600.16385 Kernel Driver Running atapi IDE Channel atapi.sys 6.1.7600.16385 Kernel Driver Running b06bdrv Broadcom NetXtreme II VBD bxvbda.sys 4.8.2.0 Kernel Driver Stopped b57nd60a Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 b57nd60a.sys 10.100.4.0 Kernel Driver Stopped Beep Beep Kernel Driver Running blbdrive blbdrive blbdrive.sys 6.1.7600.16385 Kernel Driver Running bowser Browser Support Driver bowser.sys 6.1.7601.23567 File System Driver Running BrFiltLo Brother USB Mass-Storage Lower Filter Driver BrFiltLo.sys 1.10.0.2 Kernel Driver Stopped BrFiltUp Brother USB Mass-Storage Upper Filter Driver BrFiltUp.sys 1.4.0.1 Kernel Driver Stopped Brserid Brother MFC Serial Port Interface Driver (WDM) Brserid.sys 1.0.1.6 Kernel Driver Stopped BrSerWdm Brother WDM Serial driver BrSerWdm.sys 1.0.0.20 Kernel Driver Stopped BrUsbMdm Brother MFC USB Fax Only Modem BrUsbMdm.sys 1.0.0.12 Kernel Driver Stopped BrUsbSer Brother MFC USB Serial WDM Driver BrUsbSer.sys 1.0.1.3 Kernel Driver Stopped BthEnum Bluetooth Enumerator Service BthEnum.sys 6.1.7600.16385 Kernel Driver Running BTHMODEM Bluetooth Serial Communications Driver bthmodem.sys 6.1.7600.16385 Kernel Driver Stopped BthPan Bluetooth Device (Personal Area Network) bthpan.sys 6.1.7601.23863 Kernel Driver Running BTHPORT Bluetooth Port Driver BTHport.sys 6.1.7601.17889 Kernel Driver Stopped BTHUSB Bluetooth Radio USB Driver BTHUSB.sys 6.1.7601.17607 Kernel Driver Running btwampfl btwampfl Bluetooth filter driver btwampfl.sys 6.5.1.3620 Kernel Driver Running btwaudio Bluetooth Audio Device Service btwaudio.sys 6.5.1.2900 Kernel Driver Running btwavdt Bluetooth AVDT btwavdt.sys 6.5.1.2500 Kernel Driver Running btwl2cap Bluetooth L2CAP Service btwl2cap.sys 6.5.1.100 Kernel Driver Running btwrchid btwrchid btwrchid.sys 6.5.1.2500 Kernel Driver Running cdfs CD/DVD File System Reader cdfs.sys 6.1.7600.16385 File System Driver Stopped cdrom CD-ROM Driver cdrom.sys 6.1.7601.17514 Kernel Driver Running CH341SER_A64 CH341SER_A64 CH341S64.SYS 3.30.2011.11 Kernel Driver Stopped circlass Consumer IR Devices circlass.sys 6.1.7600.16385 Kernel Driver Stopped CLFS Common Log (CLFS) CLFS.sys 6.1.7601.23865 Kernel Driver Running cm_km AO Kaspersky Lab Cryptographic Module x64 (56 bit) cm_km.sys 4.1.28.0 Kernel Driver Running CmBatt Microsoft AC Adapter Driver CmBatt.sys 6.1.7600.16385 Kernel Driver Running cmdide cmdide cmdide.sys 2.0.7.0 Kernel Driver Stopped CNG CNG cng.sys 6.1.7601.23600 Kernel Driver Running CnxtHdAudService Conexant UAA Function Driver for High Definition Audio Service CHDRT64.sys 8.32.23.5 Kernel Driver Running Compbatt Microsoft Composite Battery Driver compbatt.sys 6.1.7600.16385 Kernel Driver Running CompositeBus Composite Bus Enumerator Driver CompositeBus.sys 6.1.7601.17514 Kernel Driver Running crcdisk Crcdisk Filter Driver crcdisk.sys 6.1.7600.16385 Kernel Driver Stopped CSC Offline Files Driver csc.sys 6.1.7601.17514 Kernel Driver Running dc3d MS Hardware Device Detection Driver (USB) dc3d.sys 9.9.114.0 Kernel Driver Running DfsC DFS Namespace Client Driver dfsc.sys 6.1.7601.23542 File System Driver Running dg_ssudbus SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) ssudbus.sys 2.12.5.0 Kernel Driver Stopped discache System Attribute Cache discache.sys 6.1.7600.16385 Kernel Driver Running Disk Disk Driver disk.sys 6.1.7601.19133 Kernel Driver Running dmvsc dmvsc dmvsc.sys 6.1.7601.17514 Kernel Driver Stopped drmkaud Microsoft Trusted Audio Drivers drmkaud.sys 6.1.7601.19091 Kernel Driver Stopped dtsoftbus01 DAEMON Tools Virtual Bus Driver dtsoftbus01.sys 4.49.1.352 Kernel Driver Running DXGKrnl LDDM Graphics Subsystem dxgkrnl.sys 6.1.7601.23809 Kernel Driver Running DzHDD64 DzHDD64 DzHDD64.sys 1.1.3.0 Kernel Driver Running e1cexpress Intel(R) PRO/1000 PCI Express Network Connection Driver C e1c62x64.sys 12.15.30.0 Kernel Driver Running ebdrv Broadcom NetXtreme II 10 GigE VBD evbda.sys 4.8.13.0 Kernel Driver Stopped elxstor elxstor elxstor.sys 7.2.10.211 Kernel Driver Stopped ErrDev Microsoft Hardware Error Device Driver errdev.sys 6.1.7600.16385 Kernel Driver Stopped exfat exFAT File System Driver File System Driver Stopped fastfat FAT12/16/32 File System Driver File System Driver Stopped fdc Floppy Disk Controller Driver fdc.sys 6.1.7600.16385 Kernel Driver Stopped FileInfo File Information FS MiniFilter fileinfo.sys 6.1.7600.16385 File System Driver Running Filetrace Filetrace filetrace.sys 6.1.7600.16385 File System Driver Stopped flpydisk Floppy Disk Driver flpydisk.sys 6.1.7600.16385 Kernel Driver Stopped FltMgr FltMgr fltmgr.sys 6.1.7601.17514 File System Driver Running FsDepends File System Dependency Minifilter FsDepends.sys 6.1.7600.16385 File System Driver Stopped FTDIBUS USB Serial Converter Driver ftdibus.sys 2.12.18.5 Kernel Driver Stopped FTSER2K USB Serial Port Driver ftser2k.sys 2.12.18.5 Kernel Driver Stopped fvevol Bitlocker Drive Encryption Filter Driver fvevol.sys 6.1.7601.18062 Kernel Driver Running gagp30kx Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms gagp30kx.sys 6.1.7600.16385 Kernel Driver Stopped hcw85cir Hauppauge Consumer Infrared Receiver hcw85cir.sys 1.31.27127.0 Kernel Driver Stopped HdAudAddService Microsoft 1.1 UAA Function Driver for High Definition Audio Service HdAudio.sys 6.1.7601.17514 Kernel Driver Stopped HDAudBus Microsoft UAA Bus Driver for High Definition Audio HDAudBus.sys 6.1.7601.17514 Kernel Driver Running HidBatt HID UPS Battery Driver HidBatt.sys 6.1.7600.16385 Kernel Driver Stopped HidBth Microsoft Bluetooth HID Miniport hidbth.sys 6.1.7600.16385 Kernel Driver Stopped HidIr Microsoft Infrared HID Driver hidir.sys 6.1.7600.16385 Kernel Driver Stopped HidUsb Microsoft HID Class Driver hidusb.sys 6.1.7601.17514 Kernel Driver Running HpSAMD HpSAMD HpSAMD.sys 6.12.6.64 Kernel Driver Stopped HTTP HTTP HTTP.sys 6.1.7601.23843 Kernel Driver Running HWiNFO32 HWiNFO32/64 Kernel Driver HWiNFO64A.SYS 8.98.0.0 Kernel Driver Running hwpolicy Hardware Policy Driver hwpolicy.sys 6.1.7601.17514 Kernel Driver Running i8042prt i8042 Keyboard and PS/2 Mouse Port Driver i8042prt.sys 6.1.7600.16385 Kernel Driver Running iANSMiniport Intel(R) Advanced Network Services Virtual Adapter iansw60e.sys 9.8.53.0 Kernel Driver Stopped IANSPROTOCOL Intel(R) Advanced Network Services Protocol iansw60e.sys 9.8.53.0 Kernel Driver Stopped iaStor Intel AHCI Controller iaStor.sys 11.2.0.1006 Kernel Driver Running iaStorV Intel RAID Controller Windows 7 iaStorV.sys 8.6.2.1014 Kernel Driver Running IBMPMDRV IBMPMDRV ibmpmdrv.sys 1.67.13.12 Kernel Driver Running igfx igfx igdkmd64.sys 9.17.10.4229 Kernel Driver Running iirsp iirsp iirsp.sys 5.4.22.0 Kernel Driver Stopped intaud_WaveExtensible Intel WiDi Audio Device intelaud.sys 3.1.27.0 Kernel Driver Stopped IntcDAud Intel(R) Display Audio IntcDAud.sys 6.14.0.3097 Kernel Driver Running intelide intelide intelide.sys 6.1.7600.16385 Kernel Driver Running intelppm Intel Processor Driver intelppm.sys 6.1.7600.16385 Kernel Driver Running IpFilterDriver IP Traffic Filter Driver ipfltdrv.sys 6.1.7601.17514 Kernel Driver Stopped IPMIDRV IPMIDRV IPMIDrv.sys 6.1.7601.17514 Kernel Driver Stopped IPNAT IP Network Address Translator ipnat.sys 6.1.7600.16385 Kernel Driver Stopped IRENUM IR Bus Enumerator irenum.sys 6.1.7600.16385 Kernel Driver Stopped isapnp isapnp isapnp.sys 6.1.7600.16385 Kernel Driver Stopped iScsiPrt iScsiPort Driver msiscsi.sys 6.1.7601.18386 Kernel Driver Stopped iwdbus IWD Bus Enumerator iwdbus.sys 3.1.27.0 Kernel Driver Running kbdclass Keyboard Class Driver kbdclass.sys 6.1.7600.16385 Kernel Driver Running kbdhid Keyboard HID Driver kbdhid.sys 6.1.7601.17514 Kernel Driver Running kl1 kl1 kl1.sys 6.8.0.67 Kernel Driver Running klbackupdisk Kaspersky Lab klbackupdisk klbackupdisk.sys 14.0.0.9 Kernel Driver Running klbackupflt Kaspersky Lab klbackupflt klbackupflt.sys 14.0.0.23 File System Driver Running kldisk kldisk kldisk.sys 12.0.0.1 Kernel Driver Running klflt Kaspersky Lab Kernel DLL klflt.sys 13.0.56.0 Kernel Driver Running KLHK Kaspersky Lab service driver klhk.sys 13.0.136.60 Kernel Driver Running KLIF Kaspersky Lab Driver klif.sys 13.0.349.0 File System Driver Running KLIM6 Kaspersky Anti-Virus NDIS 6 Filter klim6.sys 14.0.0.16 Kernel Driver Running klkbdflt Kaspersky Lab KLKBDFLT klkbdflt.sys 13.0.0.8 Kernel Driver Running klmouflt Kaspersky Lab KLMOUFLT klmouflt.sys 13.0.0.5 Kernel Driver Running klpd Kaspersky Lab format recognizer driver klpd.sys 13.0.0.9 File System Driver Running kltdi kltdi kltdi.sys 13.0.0.12 Kernel Driver Running Klwtp KLwtp - WFP callout traffic inspector klwtp.sys 13.0.0.37 Kernel Driver Running kneps kneps kneps.sys 13.0.0.40 Kernel Driver Running KSecDD KSecDD ksecdd.sys 6.1.7601.23915 Kernel Driver Running KSecPkg KSecPkg ksecpkg.sys 6.1.7601.23915 Kernel Driver Running ksthunk Kernel Streaming Thunks ksthunk.sys 6.1.7600.16385 Kernel Driver Running lenovo.smi Lenovo System Interface Driver smiifx64.sys 6.0.5456.5 Kernel Driver Running LenovoRd LenovoRd LenovoRd.sys 4.1.0.1 Kernel Driver Running lltdio Link-Layer Topology Discovery Mapper I/O Driver lltdio.sys 6.1.7600.16385 Kernel Driver Running LSI_FC LSI_FC lsi_fc.sys 1.28.3.52 Kernel Driver Stopped LSI_SAS LSI_SAS lsi_sas.sys 1.28.3.52 Kernel Driver Stopped LSI_SAS2 LSI_SAS2 lsi_sas2.sys 2.0.2.71 Kernel Driver Stopped LSI_SCSI LSI_SCSI lsi_scsi.sys 1.28.3.67 Kernel Driver Stopped luafv UAC File Virtualization luafv.sys 6.1.7601.23930 File System Driver Running megasas megasas megasas.sys 4.5.1.64 Kernel Driver Stopped MegaSR MegaSR MegaSR.sys 13.5.409.2009 Kernel Driver Stopped MEIx64 Intel(R) Management Engine Interface HECIx64.sys 7.1.70.1198 Kernel Driver Running Modem Modem modem.sys 6.1.7600.16385 Kernel Driver Stopped monitor Microsoft Monitor Class Function Driver Service monitor.sys 6.1.7600.16385 Kernel Driver Running mouclass Mouse Class Driver mouclass.sys 6.1.7600.16385 Kernel Driver Running mouhid Mouse HID Driver mouhid.sys 6.1.7600.16385 Kernel Driver Running mountmgr Mount Point Manager mountmgr.sys 6.1.7601.23803 Kernel Driver Running mpio mpio mpio.sys 6.1.7601.17514 Kernel Driver Stopped mpsdrv Windows Firewall Authorization Driver mpsdrv.sys 6.1.7600.16385 Kernel Driver Stopped MRxDAV WebDav Client Redirector Driver mrxdav.sys 6.1.7601.23542 File System Driver Stopped mrxsmb SMB MiniRedirector Wrapper and Engine mrxsmb.sys 6.1.7601.23915 File System Driver Running mrxsmb10 SMB 1.x MiniRedirector mrxsmb10.sys 6.1.7601.23915 File System Driver Running mrxsmb20 SMB 2.0 MiniRedirector mrxsmb20.sys 6.1.7601.23915 File System Driver Running msahci msahci msahci.sys 6.1.7601.17514 Kernel Driver Running msdsm msdsm msdsm.sys 6.1.7601.17514 Kernel Driver Stopped Msfs Msfs File System Driver Running mshidkmdf Pass-through HID to KMDF Filter Driver mshidkmdf.sys 6.1.7600.16385 Kernel Driver Stopped msisadrv msisadrv msisadrv.sys 6.1.7600.16385 Kernel Driver Running MSKSSRV Microsoft Streaming Service Proxy MSKSSRV.sys 6.1.7600.16385 Kernel Driver Stopped MSPCLOCK Microsoft Streaming Clock Proxy MSPCLOCK.sys 6.1.7600.16385 Kernel Driver Stopped MSPQM Microsoft Streaming Quality Manager Proxy MSPQM.sys 6.1.7600.16385 Kernel Driver Stopped MsRPC MsRPC Kernel Driver Stopped mssmbios Microsoft System Management BIOS Driver mssmbios.sys 6.1.7600.16385 Kernel Driver Running MSTEE Microsoft Streaming Tee/Sink-to-Sink Converter MSTEE.sys 6.1.7600.16385 Kernel Driver Stopped MTConfig Microsoft Input Configuration Driver MTConfig.sys 6.1.7600.16385 Kernel Driver Stopped Mup Mup mup.sys 6.1.7601.18711 File System Driver Running NativeWifiP NativeWiFi Filter nwifi.sys 6.1.7601.23915 Kernel Driver Running NDIS NDIS System Driver ndis.sys 6.1.7601.19030 Kernel Driver Running NdisCap NDIS Capture LightWeight Filter ndiscap.sys 6.1.7600.16385 Kernel Driver Stopped NdisTapi Remote Access NDIS TAPI Driver ndistapi.sys 6.1.7600.16385 Kernel Driver Running Ndisuio NDIS Usermode I/O Protocol ndisuio.sys 6.1.7601.17514 Kernel Driver Running NdisWan Remote Access NDIS WAN Driver ndiswan.sys 6.1.7601.17514 Kernel Driver Running NDProxy NDIS Proxy Kernel Driver Running NetBIOS NetBIOS Interface netbios.sys 6.1.7600.16385 File System Driver Running NetBT NetBT netbt.sys 6.1.7601.23889 Kernel Driver Running NETwNs64 ___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit NETwsw00.sys 15.13.0.1 Kernel Driver Running nfrd960 nfrd960 nfrd960.sys 7.10.0.0 Kernel Driver Stopped niorbk niorbk niorbkl.sys 1.10.0.49152 Kernel Driver Stopped nipalfwedl nipalfwedl nipalfwedl.sys 2.2305.3.0 Kernel Driver Stopped NIPALK NIPALK nipalk.sys 2.2305.3.0 Kernel Driver Running nipalusbedl nipalusbedl nipalusbedl.sys 2.2305.3.0 Kernel Driver Stopped nipbcfk National Instruments Class Upper Filter Driver nipbcfk.sys 1.1.1.49152 Kernel Driver Running Npfs Npfs File System Driver Running nsiproxy NSI proxy service driver. nsiproxy.sys 6.1.7601.23889 Kernel Driver Running Ntfs Ntfs File System Driver Running Null Null Kernel Driver Running nv_agp NVIDIA nForce AGP Bus Filter nv_agp.sys 6.1.7600.16385 Kernel Driver Stopped nvraid nvraid nvraid.sys 10.6.0.18 Kernel Driver Stopped nvstor nvstor nvstor.sys 10.6.0.18 Kernel Driver Stopped ohci1394 1394 OHCI Compliant Host Controller (Legacy) ohci1394.sys 6.1.7600.16385 Kernel Driver Stopped Parport Parallel port driver parport.sys 6.1.7600.16385 Kernel Driver Stopped partmgr Partition Manager partmgr.sys 6.1.7601.17796 Kernel Driver Running pci PCI Bus Driver pci.sys 6.1.7601.17514 Kernel Driver Running pciide pciide pciide.sys 6.1.7600.16385 Kernel Driver Running pcmcia pcmcia pcmcia.sys 6.1.7600.16385 Kernel Driver Stopped pcw Performance Counters for Windows Driver pcw.sys 6.1.7600.16385 Kernel Driver Running PEAUTH PEAUTH peauth.sys 6.1.7601.23471 Kernel Driver Running pmxdrv pmxdrv pmxdrv.sys Kernel Driver Stopped PptpMiniport WAN Miniport (PPTP) raspptp.sys 6.1.7601.17514 Kernel Driver Running Processor Processor Driver processr.sys 6.1.7600.16385 Kernel Driver Stopped Psched QoS Packet Scheduler pacer.sys 6.1.7601.17514 Kernel Driver Running ql2300 ql2300 ql2300.sys 9.1.8.6 Kernel Driver Stopped ql40xx ql40xx ql40xx.sys 2.1.3.20 Kernel Driver Stopped QWAVEdrv QWAVE driver qwavedrv.sys 6.1.7600.16385 Kernel Driver Stopped RasAcd Remote Access Auto Connection Driver rasacd.sys 6.1.7600.16385 Kernel Driver Stopped RasAgileVpn WAN Miniport (IKEv2) AgileVpn.sys 6.1.7600.16385 Kernel Driver Running Rasl2tp WAN Miniport (L2TP) rasl2tp.sys 6.1.7601.17514 Kernel Driver Running RasPppoe Remote Access PPPOE Driver raspppoe.sys 6.1.7600.16385 Kernel Driver Running RasSstp WAN Miniport (SSTP) rassstp.sys 6.1.7600.16385 Kernel Driver Running rdbss Redirected Buffering Sub Sysytem rdbss.sys 6.1.7601.23930 File System Driver Running rdpbus Remote Desktop Device Redirector Bus Driver rdpbus.sys 6.1.7600.16385 Kernel Driver Running RDPCDD RDPCDD RDPCDD.sys 6.1.7600.16385 Kernel Driver Running RDPDR Terminal Server Device Redirector Driver rdpdr.sys 6.1.7601.17514 Kernel Driver Stopped RDPENCDD RDP Encoder Mirror Driver rdpencdd.sys 6.1.7600.16385 Kernel Driver Running RDPREFMP Reflector Display Driver used to gain access to graphics data rdprefmp.sys 6.1.7600.16385 Kernel Driver Running RdpVideoMiniport Remote Desktop Video Miniport Driver rdpvideominiport.sys 6.2.9200.16398 Kernel Driver Stopped RDPWD RDP Winstation Driver Kernel Driver Stopped rdyboost ReadyBoost rdyboost.sys 6.1.7601.17514 Kernel Driver Running RFCOMM Bluetooth Device (RFCOMM Protocol TDI) rfcomm.sys 6.1.7600.16385 Kernel Driver Running risdxc risdxc risdxc64.sys 6.10.10.32 Kernel Driver Running RMCAST Reliable Multicast Protocol RMCAST.sys 6.1.7601.19055 Kernel Driver Running rspndr Link-Layer Topology Discovery Responder rspndr.sys 6.1.7600.16385 Kernel Driver Running RTL8167 Realtek 8167 NT Driver Rt64win7.sys 7.53.216.2012 Kernel Driver Stopped s3cap s3cap vms3cap.sys 6.1.7601.17514 Kernel Driver Stopped sbp2port sbp2port sbp2port.sys 6.1.7601.17514 Kernel Driver Stopped scfilter Smart card PnP Class Filter Driver scfilter.sys 6.1.7601.17514 Kernel Driver Running secdrv Security Driver Kernel Driver Stopped ser2at ATEN USB to Serial port driver ser2at64.sys 3.3.7.131 Kernel Driver Stopped Ser2pl Prolific Serial port driver ser2pl64.sys 3.3.2.102 Kernel Driver Stopped Serenum Serenum Filter Driver serenum.sys 6.1.7600.16385 Kernel Driver Stopped Serial Serial serial.sys 6.1.7600.16385 Kernel Driver Stopped sermouse Serial Mouse Driver sermouse.sys 6.1.7600.16385 Kernel Driver Stopped sffdisk SFF Storage Class Driver sffdisk.sys 6.1.7600.16385 Kernel Driver Stopped sffp_mmc SFF Storage Protocol Driver for MMC sffp_mmc.sys 6.1.7600.16385 Kernel Driver Stopped sffp_sd SFF Storage Protocol Driver for SDBus sffp_sd.sys 6.1.7601.17514 Kernel Driver Stopped sfloppy High-Capacity Floppy Disk Drive sfloppy.sys 6.1.7600.16385 Kernel Driver Stopped silabenm Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver silabenm.sys 1.1.0.0 Kernel Driver Stopped silabser Silicon Labs CP210x USB to UART Bridge Driver silabser.sys 6.7.0.0 Kernel Driver Stopped SiSRaid2 SiSRaid2 SiSRaid2.sys 5.1.1039.2600 Kernel Driver Stopped SiSRaid4 SiSRaid4 sisraid4.sys 5.1.1039.3600 Kernel Driver Stopped Smb Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session) smb.sys 6.1.7600.16385 Kernel Driver Stopped SmbDrvI SmbDrvI Smb_driver_Intel.sys 16.2.19.14 Kernel Driver Running spldr Security Processor Loader Driver Kernel Driver Running srv Server SMB 1.xxx Driver srv.sys 6.1.7601.23913 File System Driver Running srv2 Server SMB 2.xxx Driver srv2.sys 6.1.7601.23913 File System Driver Running srvnet srvnet srvnet.sys 6.1.7601.23913 File System Driver Running ssudmdm SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) ssudmdm.sys 2.12.5.0 Kernel Driver Stopped stexstor stexstor stexstor.sys 5.0.1.1 Kernel Driver Stopped StillCam Still Serial Digital Camera Driver serscan.sys 6.1.7600.16385 Kernel Driver Stopped storflt Disk Virtual Machine Bus Acceleration Filter Driver vmstorfl.sys 6.1.7601.17514 Kernel Driver Running storvsc storvsc storvsc.sys 6.1.7601.17514 Kernel Driver Stopped swenum Software Bus Driver swenum.sys 6.1.7600.16385 Kernel Driver Running SynTP Synaptics TouchPad Driver SynTP.sys 16.2.19.14 Kernel Driver Running Tcpip TCP/IP Protocol Driver tcpip.sys 6.1.7601.23821 Kernel Driver Running TCPIP6 Microsoft IPv6 Protocol Driver tcpip.sys 6.1.7601.23821 Kernel Driver Stopped tcpipreg TCP/IP Registry Compatibility tcpipreg.sys 6.1.7601.23496 Kernel Driver Running TDPIPE TDPIPE tdpipe.sys 6.1.7600.16385 Kernel Driver Stopped TDTCP TDTCP tdtcp.sys 6.1.7601.17779 Kernel Driver Stopped tdx NetIO Legacy TDI Support Driver tdx.sys 6.1.7601.23880 Kernel Driver Running TermDD Terminal Device Driver termdd.sys 6.1.7601.17514 Kernel Driver Running TPM TPM tpm.sys 6.1.7601.19146 Kernel Driver Running TPPWRIF TPPWRIF Tppwr64v.sys 1.0.0.0 Kernel Driver Running tssecsrv Remote Desktop Services Security Filter Driver tssecsrv.sys 6.1.7601.23892 Kernel Driver Stopped TsUsbFlt TsUsbFlt tsusbflt.sys 6.3.9600.16415 Kernel Driver Stopped TsUsbGD Remote Desktop Generic USB Device TsUsbGD.sys 6.2.9200.16398 Kernel Driver Stopped tunnel Microsoft Tunnel Miniport Adapter Driver tunnel.sys 6.1.7601.17514 Kernel Driver Running uagp35 Microsoft AGPv3.5 Filter uagp35.sys 6.1.7600.16385 Kernel Driver Stopped udfs udfs udfs.sys 6.1.7601.17514 File System Driver Stopped uliagpkx Uli AGP Bus Filter uliagpkx.sys 6.1.7600.16385 Kernel Driver Stopped umbus UMBus Enumerator Driver umbus.sys 6.1.7601.17514 Kernel Driver Running UmPass Microsoft UMPass Driver umpass.sys 6.1.7600.16385 Kernel Driver Stopped usb_rndisx USB RNDIS Adapter usb8023x.sys 6.1.7601.18076 Kernel Driver Stopped usb3Hub UoIP Hub usb3Hub.sys 1.0.47.16801 Kernel Driver Running usbccgp Microsoft USB Generic Parent Driver usbccgp.sys 6.1.7601.23933 Kernel Driver Running usbcir eHome Infrared Receiver (USBCIR) usbcir.sys 6.1.7601.18208 Kernel Driver Stopped usbehci Microsoft USB 2.0 Enhanced Host Controller Miniport Driver usbehci.sys 6.1.7601.23933 Kernel Driver Running usbhub Microsoft USB Standard Hub Driver usbhub.sys 6.1.7601.23933 Kernel Driver Running usbohci Microsoft USB Open Host Controller Miniport Driver usbohci.sys 6.1.7601.23933 Kernel Driver Stopped usbprint Microsoft USB PRINTER Class usbprint.sys 6.1.7600.16385 Kernel Driver Stopped usbscan USB Scanner Driver usbscan.sys 6.1.7601.18199 Kernel Driver Stopped USBSTOR USB Mass Storage Driver USBSTOR.SYS 6.1.7601.19144 Kernel Driver Stopped usbuhci Microsoft USB Universal Host Controller Miniport Driver usbuhci.sys 6.1.7601.23933 Kernel Driver Stopped usbvideo USB Video Device (WDM) usbvideo.sys 6.1.7601.18208 Kernel Driver Stopped vdrvroot Microsoft Virtual Drive Enumerator Driver vdrvroot.sys 6.1.7600.16385 Kernel Driver Running vga vga vgapnp.sys 6.1.7600.16385 Kernel Driver Stopped VgaSave VgaSave vga.sys 6.1.7600.16385 Kernel Driver Running vhdmp vhdmp vhdmp.sys 6.1.7601.17514 Kernel Driver Stopped viaide viaide viaide.sys 6.0.6000.170 Kernel Driver Stopped vmbus vmbus vmbus.sys 6.1.7601.17514 Kernel Driver Stopped VMBusHID VMBusHID VMBusHID.sys 6.1.7601.17514 Kernel Driver Stopped volmgr Volume Manager Driver volmgr.sys 6.1.7601.17514 Kernel Driver Running volmgrx Dynamic Volume Manager volmgrx.sys 6.1.7601.23864 Kernel Driver Running volsnap Storage volumes volsnap.sys 6.1.7601.17514 Kernel Driver Running vsmraid vsmraid vsmraid.sys 6.0.6000.6210 Kernel Driver Stopped vwifibus Virtual WiFi Bus Driver vwifibus.sys 6.1.7600.16385 Kernel Driver Running vwififlt Virtual WiFi Filter Driver vwififlt.sys 6.1.7600.16385 Kernel Driver Running vwifimp Microsoft Virtual WiFi Miniport Service vwifimp.sys 6.1.7600.16385 Kernel Driver Running WacomPen Wacom Serial Pen HID Driver wacompen.sys 6.1.7600.16385 Kernel Driver Stopped WANARP Remote Access IP ARP Driver wanarp.sys 6.1.7601.17514 Kernel Driver Stopped Wanarpv6 Remote Access IPv6 ARP Driver wanarp.sys 6.1.7601.17514 Kernel Driver Running Wd Wd wd.sys 6.1.7600.16385 Kernel Driver Stopped Wdf01000 Kernel Mode Driver Frameworks service Wdf01000.sys 1.11.9200.16648 Kernel Driver Running WfpLwf WFP Lightweight Filter wfplwf.sys 6.1.7600.16385 Kernel Driver Running WIMMount WIMMount wimmount.sys 6.1.7600.16385 File System Driver Stopped WinUsb Sony sa0113 ADB Interface WinUSB.sys 6.1.7601.17514 Kernel Driver Stopped WirelessKeyboardFilter Wireless Keyboard Filter Device Service WirelessKeyboardFilter.sys 1.0.103.0 Kernel Driver Running wmdfilter Wetelecom USB Composite Device Filter Driver wmdusbfilter.sys 1.0.1.9 Kernel Driver Stopped wmdusbser Wetelecom USB Device for Legacy Serial Communication wmdusbser.sys 2.1.1.0 Kernel Driver Stopped wmdusbwwan Wetelecom USB-NDIS WWAN miniport wmdusbwwan.sys 4.0.2.2 Kernel Driver Stopped WmiAcpi Microsoft Windows Management Interface for ACPI wmiacpi.sys 6.1.7600.16385 Kernel Driver Running ws2ifsl Winsock IFS Driver ws2ifsl.sys 6.1.7600.16385 Kernel Driver Stopped WSDPrintDevice WSD Print Support via UMB WSDPrint.sys 6.1.7600.16385 Kernel Driver Stopped WSDScan WSD Scan Support via UMB WSDScan.sys 6.1.7600.16385 Kernel Driver Stopped WudfPf User Mode Driver Frameworks Platform Driver WudfPf.sys 6.2.9200.16384 Kernel Driver Running WUDFRd WUDFRd WUDFRd.sys 6.2.9200.16384 Kernel Driver Running --------[ Services ]---------------------------------------------------------------------------------------------------- AcPrfMgrSvc AcPrfMgrSvc AcPrfMgrSvc.exe 6.2.6.85 Own Process Running LocalSystem AcSvc AcSvc AcSvc.exe 6.2.6.85 Own Process Running LocalSystem AdobeFlashPlayerUpdateSvc Adobe Flash Player Update Service FlashPlayerUpdateService.exe 29.0.0.113 Own Process Stopped LocalSystem AeLookupSvc Application Experience svchost.exe 6.1.7600.16385 Share Process Running localSystem ALG Application Layer Gateway Service alg.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\LocalService AppIDSvc Application Identity svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService Appinfo Application Information svchost.exe 6.1.7600.16385 Share Process Running LocalSystem AppMgmt Application Management svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem aspnet_state ASP.NET State Service aspnet_state.exe 4.7.2053.0 Own Process Stopped NT AUTHORITY\NetworkService AudioEndpointBuilder Windows Audio Endpoint Builder svchost.exe 6.1.7600.16385 Share Process Running LocalSystem AudioSrv Windows Audio svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService AVP18.0.0 Kaspersky Anti-Virus Service 18.0.0 avp.exe 18.0.0.405 Own Process Running LocalSystem AxInstSV ActiveX Installer (AxInstSV) svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem BDESVC BitLocker Drive Encryption Service svchost.exe 6.1.7600.16385 Share Process Stopped localSystem BFE Base Filtering Engine svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService BITS Background Intelligent Transfer Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem Browser Computer Browser svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem BrYNSvc BrYNSvc BrYNSvc.exe 1.5.2.0 Own Process Stopped LocalSystem bthserv Bluetooth Support Service svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService btwdins Bluetooth Service btwdins.exe 6.5.1.4500 Own Process Running LocalSystem CDeX CDeX, ALU Data Connection CDeX.exe 1.8.5541.24456 Own Process Running LocalSystem CertPropSvc Certificate Propagation svchost.exe 6.1.7600.16385 Share Process Running LocalSystem clr_optimization_v2.0.50727_32 Microsoft .NET Framework NGEN v2.0.50727_X86 mscorsvw.exe 2.0.50727.5483 Own Process Stopped LocalSystem clr_optimization_v2.0.50727_64 Microsoft .NET Framework NGEN v2.0.50727_X64 mscorsvw.exe 2.0.50727.5483 Own Process Stopped LocalSystem clr_optimization_v4.0.30319_32 Microsoft .NET Framework NGEN v4.0.30319_X86 mscorsvw.exe 4.7.2053.0 Own Process Stopped LocalSystem clr_optimization_v4.0.30319_64 Microsoft .NET Framework NGEN v4.0.30319_X64 mscorsvw.exe 4.7.2053.0 Own Process Stopped LocalSystem COMSysApp COM+ System Application dllhost.exe 6.1.7600.16385 Own Process Stopped LocalSystem cphs Intel(R) Content Protection HECI Service IntelCpHeciSvc.exe 9.0.0.1340 Own Process Running LocalSystem CryptSvc Cryptographic Services svchost.exe 6.1.7600.16385 Share Process Running NT Authority\NetworkService CscService Offline Files svchost.exe 6.1.7600.16385 Share Process Running LocalSystem DcomLaunch DCOM Server Process Launcher svchost.exe 6.1.7600.16385 Share Process Running LocalSystem defragsvc Disk Defragmenter svchost.exe 6.1.7600.16385 Own Process Stopped localSystem Dhcp DHCP Client svchost.exe 6.1.7600.16385 Share Process Running NT Authority\LocalService DiagTrack Diagnostics Tracking Service svchost.exe 6.1.7600.16385 Own Process Stopped LocalSystem Dnscache DNS Client svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService dot3svc Wired AutoConfig svchost.exe 6.1.7600.16385 Share Process Stopped localSystem DozeSvc Lenovo Doze Mode Service DZSVC64.EXE 1.1.4.0 Own Process Stopped LocalSystem DPS Diagnostic Policy Service svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService EapHost Extensible Authentication Protocol svchost.exe 6.1.7600.16385 Share Process Running localSystem EFS Encrypting File System (EFS) lsass.exe 6.1.7601.23915 Share Process Running LocalSystem ehRecvr Windows Media Center Receiver Service ehRecvr.exe 6.1.7601.17514 Own Process Stopped NT AUTHORITY\networkService ehSched Windows Media Center Scheduler Service ehsched.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\networkService eventlog Windows Event Log svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService EventSystem COM+ Event System svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService EvtEng Intel(R) PROSet/Wireless Event Log EvtEng.exe 17.13.11.0 Own Process Running LocalSystem Fax Fax fxssvc.exe 6.1.7601.17514 Own Process Stopped NT AUTHORITY\NetworkService fdPHost Function Discovery Provider Host svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService FDResPub Function Discovery Resource Publication svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService FontCache Windows Font Cache Service svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService FontCache3.0.0.0 Windows Presentation Foundation Font Cache 3.0.0.0 PresentationFontCache.exe 3.0.6920.5011 Own Process Running NT Authority\LocalService gpsvc Group Policy Client svchost.exe 6.1.7600.16385 Own Process Running LocalSystem gupdate Pakalpojums Google atjauninâjums (gupdate) GoogleUpdate.exe 1.3.28.13 Own Process Stopped LocalSystem gupdatem Pakalpojums Google atjauninâjums (gupdatem) GoogleUpdate.exe 1.3.28.13 Own Process Stopped LocalSystem hidserv Human Interface Device Access svchost.exe 6.1.7600.16385 Share Process Running LocalSystem hkmsvc Health Key and Certificate Management svchost.exe 6.1.7600.16385 Share Process Stopped localSystem HomeGroupListener HomeGroup Listener svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem HomeGroupProvider HomeGroup Provider svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService IBMPMSVC Lenovo PM Service ibmpmsvc.exe 1.67.13.12 Own Process Running LocalSystem ICCS Intel(R) Integrated Clock Controller Service - Intel(R) ICCS ICCProxy.exe 1.0.0.1 Own Process Running LocalSystem idsvc Windows CardSpace infocard.exe 3.0.4506.5464 Share Process Stopped LocalSystem IEEtwCollectorService Internet Explorer ETW Collector Service IEEtwCollector.exe 11.0.9600.18838 Own Process Stopped LocalSystem IJPLMSVC Canon Inkjet Printer/Scanner/Fax Extended Survey Program IJPLMSVC.EXE 4.2.0.0 Own Process Running LocalSystem IKEEXT IKE and AuthIP IPsec Keying Modules svchost.exe 6.1.7600.16385 Share Process Running LocalSystem Intel(R) PROSet Monitoring Service Intel(R) PROSet Monitoring Service IProsetMonitor.exe 20.2.3000.0 Own Process Running LocalSystem IPBusEnum PnP-X IP Bus Enumerator svchost.exe 6.1.7600.16385 Share Process Running LocalSystem iphlpsvc IP Helper svchost.exe 6.1.7600.16385 Share Process Running LocalSystem jhi_service Intel(R) Identity Protection Technology Host Interface Service jhi_service.exe 1.2.32.0 Own Process Running LocalSystem KeyIso CNG Key Isolation lsass.exe 6.1.7601.23915 Share Process Running LocalSystem klvssbridge64_18.0.0 klvssbridge64_18.0.0 vssbridge64.exe 18.0.0.495 Own Process Stopped LocalSystem KtmRm KtmRm for Distributed Transaction Coordinator svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService LanmanServer Server svchost.exe 6.1.7600.16385 Share Process Running LocalSystem LanmanWorkstation Workstation svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService LENOVO.CAMMUTE Lenovo Camera Mute CAMMUTE.exe 2.11.0.0 Own Process Running LocalSystem LENOVO.MICMUTE Lenovo Microphone Mute MICMUTE.exe 1.3.2.0 Own Process Running LocalSystem LENOVO.TPKNRSVC Lenovo Keyboard Noise Reduction TPKNRSVC.exe 2.11.0.0 Own Process Running LocalSystem LkCitadelServer Lookout Citadel Server lkcitdl.exe 4.5.2.0 Own Process Running LocalSystem lkClassAds National Instruments PSP Server Locator lkads.exe 5.2.0.49152 Own Process Running LocalSystem lkTimeSync National Instruments Time Synchronization lktsrv.exe 5.2.0.49152 Own Process Running LocalSystem lltdsvc Link-Layer Topology Discovery Mapper svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService lmhosts TCP/IP NetBIOS Helper svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService LMS Intel(R) Management and Security Application Local Management Service LMS.exe 7.1.80.1213 Own Process Running LocalSystem LPlatSvc Lenovo Platform Service LPlatSvc.exe 1.67.13.12 Own Process Running LocalSystem LSC.Services.SystemService Lenovo Solution Center System Service LSC.Services.SystemService.exe 3.3.3.35 Own Process Stopped LocalSystem Mcx2Svc Media Center Extender Service svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService MMCSS Multimedia Class Scheduler svchost.exe 6.1.7600.16385 Share Process Running LocalSystem MpsSvc Windows Firewall svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService MSDTC Distributed Transaction Coordinator msdtc.exe 2001.12.8530.16385 Own Process Stopped NT AUTHORITY\NetworkService MSiSCSI Microsoft iSCSI Initiator Service svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem msiserver Windows Installer msiexec.exe 5.0.7601.23593 Own Process Stopped LocalSystem MyWiFiDHCPDNS Wireless PAN DHCP Server PanDhcpDns.exe 17.13.11.0 Own Process Stopped LocalSystem napagent Network Access Protection Agent svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService Netlogon Netlogon lsass.exe 6.1.7601.23915 Share Process Stopped LocalSystem Netman Network Connections svchost.exe 6.1.7600.16385 Share Process Running LocalSystem NetMsmqActivator Net.Msmq Listener Adapter SMSvcHost.exe 4.7.2053.0 Share Process Stopped NT AUTHORITY\NetworkService NetPipeActivator Net.Pipe Listener Adapter SMSvcHost.exe 4.7.2053.0 Share Process Stopped NT AUTHORITY\LocalService netprofm Network List Service svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService NetTcpActivator Net.Tcp Listener Adapter SMSvcHost.exe 4.7.2053.0 Share Process Stopped NT AUTHORITY\LocalService NetTcpPortSharing Net.Tcp Port Sharing Service SMSvcHost.exe 4.7.2053.0 Share Process Stopped NT AUTHORITY\LocalService NIApplicationWebServer NI Application Web Server ApplicationWebServer.exe 12.0.0.49152 Own Process Running LocalSystem NIApplicationWebServer64 NI Application Web Server (64-bit) ApplicationWebServer.exe 12.0.0.49152 Own Process Stopped LocalSystem NIDomainService National Instruments Domain Service nidmsrv.exe 5.2.0.49152 Own Process Running LocalSystem niLXIDiscovery NI LXI Discovery Service niLxiDiscovery.exe 5.2.0.49152 Own Process Running LocalSystem nimDNSResponder NI mDNS Responder Service nimdnsResponder.exe 214.3.1.49156 Own Process Running LocalSystem niSvcLoc NI System Web Server SystemWebServer.exe 12.0.0.49152 Own Process Running LocalSystem NlaSvc Network Location Awareness svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService NoxBitService NoxBit Service STM-Service.exe 0.1.0.0 Own Process Running LocalSystem nsi Network Store Interface Service svchost.exe 6.1.7600.16385 Share Process Running NT Authority\LocalService ose Office Source Engine OSE.EXE 14.0.7189.5000 Own Process Stopped LocalSystem osppsvc Office Software Protection Platform OSPPSVC.EXE 14.0.370.400 Own Process Stopped NT AUTHORITY\NetworkService p2pimsvc Peer Networking Identity Manager svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService p2psvc Peer Networking Grouping svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService PcaSvc Program Compatibility Assistant Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem PeerDistSvc BranchCache svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService PerfHost Performance Counter DLL Host perfhost.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\LocalService pla Performance Logs & Alerts svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService PlugPlay Plug and Play svchost.exe 6.1.7600.16385 Share Process Running LocalSystem PNRPAutoReg PNRP Machine Name Publication Service svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService PNRPsvc Peer Name Resolution Protocol svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService PolicyAgent IPsec Policy Agent svchost.exe 6.1.7600.16385 Share Process Running NT Authority\NetworkService Power Manager DBC Service Power Manager Service PWMDBSVC.EXE 1.0.0.1 Own Process Running LocalSystem Power Power svchost.exe 6.1.7600.16385 Share Process Running LocalSystem ProfSvc User Profile Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem ProtectedStorage Protected Storage lsass.exe 6.1.7601.23915 Share Process Stopped LocalSystem QWAVE Quality Windows Audio Video Experience svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService RasAuto Remote Access Auto Connection Manager svchost.exe 6.1.7600.16385 Share Process Stopped localSystem RasMan Remote Access Connection Manager svchost.exe 6.1.7600.16385 Share Process Stopped localSystem RegSrvc Intel(R) PROSet/Wireless Registry Service RegSrvc.exe 17.13.11.0 Own Process Running LocalSystem RemoteAccess Routing and Remote Access svchost.exe 6.1.7600.16385 Share Process Stopped localSystem RemoteRegistry Remote Registry svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService RpcEptMapper RPC Endpoint Mapper svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService RpcLocator Remote Procedure Call (RPC) Locator locator.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\NetworkService RpcSs Remote Procedure Call (RPC) svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService SamSs Security Accounts Manager lsass.exe 6.1.7601.23915 Share Process Running LocalSystem SCardSvr Smart Card svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService Schedule Task Scheduler svchost.exe 6.1.7600.16385 Share Process Running LocalSystem SCPolicySvc Smart Card Removal Policy svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem SDRSVC Windows Backup svchost.exe 6.1.7600.16385 Own Process Running localSystem seclogon Secondary Logon svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem SENS System Event Notification Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem SensrSvc Adaptive Brightness svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService SessionEnv Remote Desktop Configuration svchost.exe 6.1.7600.16385 Share Process Stopped localSystem SharedAccess Internet Connection Sharing (ICS) svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem ShellHWDetection Shell Hardware Detection svchost.exe 6.1.7600.16385 Share Process Running LocalSystem SkypeUpdate Skype Updater Updater.exe 7.0.0.441 Own Process Stopped LocalSystem SNMPTRAP SNMP Trap snmptrap.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\LocalService Spooler Print Spooler spoolsv.exe 6.1.7601.17777 Own Process Running LocalSystem sppsvc Software Protection sppsvc.exe 6.1.7601.17514 Own Process Stopped NT AUTHORITY\NetworkService sppuinotify SPP Notification Service svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService SSDPSRV SSDP Discovery svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService SstpSvc Secure Socket Tunneling Protocol Service svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService stisvc Windows Image Acquisition (WIA) svchost.exe 6.1.7600.16385 Own Process Running NT Authority\LocalService StorSvc Storage Service svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem SUService System Update SUService.exe 5.7.0.59 Own Process Running LocalSystem swprv Microsoft Software Shadow Copy Provider svchost.exe 6.1.7600.16385 Own Process Stopped LocalSystem SysMain Superfetch svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem TabletInputService Tablet PC Input Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem TapiSrv Telephony svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService TeamViewer TeamViewer 12 TeamViewer_Service.exe 12.1.5967.0 Own Process Running LocalSystem TermService Remote Desktop Services svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\NetworkService Themes Themes svchost.exe 6.1.7600.16385 Share Process Running LocalSystem THREADORDER Thread Ordering Server svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService TPHKLOAD Lenovo Hotkey Client Loader TPHKLOAD.exe 1.4.3.0 Own Process Running LocalSystem TPHKSVC On Screen Display TPHKSVC.exe 2.3.2.0 Own Process Running LocalSystem TrkWks Distributed Link Tracking Client svchost.exe 6.1.7600.16385 Share Process Running LocalSystem TrustedInstaller Windows Modules Installer TrustedInstaller.exe 6.1.7601.17514 Own Process Stopped localSystem UI0Detect Interactive Services Detection UI0Detect.exe 6.1.7600.16385 Own Process Stopped LocalSystem UmRdpService Remote Desktop Services UserMode Port Redirector svchost.exe 6.1.7600.16385 Share Process Stopped localSystem UNS Intel(R) Management and Security Application User Notification Service UNS.exe 7.1.80.1213 Own Process Running LocalSystem upnphost UPnP Device Host svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService UxSms Desktop Window Manager Session Manager svchost.exe 6.1.7600.16385 Share Process Running localSystem VaultSvc Credential Manager lsass.exe 6.1.7601.23915 Share Process Stopped LocalSystem vds Virtual Disk vds.exe 6.1.7601.17514 Own Process Stopped LocalSystem VSS Volume Shadow Copy vssvc.exe 6.1.7601.17514 Own Process Stopped LocalSystem W32Time Windows Time svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService WatAdminSvc Windows Activation Technologies Service WatAdminSvc.exe 7.1.7600.16395 Own Process Stopped LocalSystem wbengine Block Level Backup Engine Service wbengine.exe 6.1.7601.17514 Own Process Stopped localSystem WbioSrvc Windows Biometric Service svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem wcncsvc Windows Connect Now - Config Registrar svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService WcsPlugInService Windows Color System svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService WdiServiceHost Diagnostic Service Host svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService WdiSystemHost Diagnostic System Host svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem WebClient WebClient svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService Wecsvc Windows Event Collector svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService wercplsupport Problem Reports and Solutions Control Panel Support svchost.exe 6.1.7600.16385 Share Process Stopped localSystem WerSvc Windows Error Reporting Service svchost.exe 6.1.7600.16385 Share Process Stopped localSystem WinDefend Windows Defender svchost.exe 6.1.7600.16385 Share Process Running LocalSystem WinHttpAutoProxySvc WinHTTP Web Proxy Auto-Discovery Service svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService Winmgmt Windows Management Instrumentation svchost.exe 6.1.7600.16385 Share Process Running localSystem WinRM Windows Remote Management (WS-Management) svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService Wlansvc WLAN AutoConfig svchost.exe 6.1.7600.16385 Share Process Running LocalSystem wlidsvc Windows Live ID Sign-in Assistant WLIDSVC.EXE 7.250.4311.0 Own Process Stopped LocalSystem wmiApSrv WMI Performance Adapter WmiApSrv.exe 6.1.7600.16385 Own Process Stopped localSystem WMPNetworkSvc Windows Media Player Network Sharing Service wmpnetwk.exe Own Process Stopped NT AUTHORITY\NetworkService WPCSvc Parental Controls svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService WPDBusEnum Portable Device Enumerator Service svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem wscsvc Security Center svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService WSearch Windows Search SearchIndexer.exe 7.0.7601.23930 Own Process Stopped LocalSystem wuauserv Windows Update svchost.exe 6.1.7600.16385 Share Process Running LocalSystem wudfsvc Windows Driver Foundation - User-mode Driver Framework svchost.exe 6.1.7600.16385 Share Process Running LocalSystem WwanSvc WWAN AutoConfig svchost.exe 6.1.7600.16385 Share Process Running NT Authority\LocalService ZeroConfigService Intel(R) PROSet/Wireless Zero Configuration Service ZeroConfigService.exe 17.13.11.0 Own Process Running LocalSystem --------[ DLL Files ]--------------------------------------------------------------------------------------------------- accessibilitycpl.dll 6.1.7601.17514 Ease of access control panel acctres.dll 6.1.7600.16385 Microsoft Internet Account Manager Resources acledit.dll 6.1.7600.16385 Access Control List Editor aclui.dll 6.1.7600.16385 Security Descriptor Editor acppage.dll 6.1.7601.17514 Compatibility Tab Shell Extension Library actioncenter.dll 6.1.7601.17514 Action Center actioncentercpl.dll 6.1.7601.17514 Action Center Control Panel activeds.dll 6.1.7601.17514 ADs Router Layer DLL actxprxy.dll 6.1.7601.17514 ActiveX Interface Marshaling Library admtmpl.dll 6.1.7601.17514 Administrative Templates Extension adprovider.dll 6.1.7601.18409 adprovider DLL adsldp.dll 6.1.7601.17514 ADs LDAP Provider DLL adsldpc.dll 6.1.7600.16385 ADs LDAP Provider C DLL adsmsext.dll 6.1.7601.23545 ADs LDAP Provider DLL adsnt.dll 6.1.7600.16385 ADs Windows NT Provider DLL adtschema.dll 6.1.7601.23915 Security Audit Schema DLL advapi32.dll 6.1.7601.23915 Advanced Windows 32 Base API advpack.dll 8.0.7600.16385 ADVPACK aecache.dll 6.1.7600.16385 AECache Sysprep Plugin aeevts.dll 6.1.7600.16385 Application Experience Event Resources alttab.dll 6.1.7600.16385 Windows Shell Alt Tab amstream.dll 6.6.7601.17514 DirectShow Runtime. amxread.dll 6.1.7600.16385 API Tracing Manifest Read Library apds.dll 6.1.7600.16385 Microsoft® Help Data Services Module apilogen.dll 6.1.7600.16385 API Tracing Log Engine api-ms-win-core-console-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-datetime-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-debug-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-delayload-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-errorhandling-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-fibers-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-file-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-file-l1-2-0.dll 10.0.10586.1171 ApiSet Stub DLL api-ms-win-core-file-l2-1-0.dll 10.0.10586.1171 ApiSet Stub DLL api-ms-win-core-handle-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-heap-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-interlocked-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-io-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-libraryloader-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-localization-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-localization-l1-2-0.dll 10.0.10586.1171 ApiSet Stub DLL api-ms-win-core-localregistry-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-memory-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-misc-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-namedpipe-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-processenvironment-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-processthreads-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-processthreads-l1-1-1.dll 10.0.10586.1171 ApiSet Stub DLL api-ms-win-core-profile-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-rtlsupport-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-string-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-synch-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-synch-l1-2-0.dll 10.0.10586.1171 ApiSet Stub DLL api-ms-win-core-sysinfo-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-threadpool-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-timezone-l1-1-0.dll 10.0.10586.1171 ApiSet Stub DLL api-ms-win-core-util-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-xstate-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-core-xstate-l2-1-0.dll 10.0.10586.1171 ApiSet Stub DLL api-ms-win-crt-conio-l1-1-0.dll 10.0.10586.1171 ApiSet Stub DLL api-ms-win-crt-convert-l1-1-0.dll 10.0.10586.1171 ApiSet Stub DLL api-ms-win-crt-environment-l1-1-0.dll 10.0.10586.1171 ApiSet Stub DLL api-ms-win-crt-filesystem-l1-1-0.dll 10.0.10586.1171 ApiSet Stub DLL api-ms-win-crt-heap-l1-1-0.dll 10.0.10586.1171 ApiSet Stub DLL api-ms-win-crt-locale-l1-1-0.dll 10.0.10586.1171 ApiSet Stub DLL api-ms-win-crt-math-l1-1-0.dll 10.0.10586.1171 ApiSet Stub DLL api-ms-win-crt-multibyte-l1-1-0.dll 10.0.10586.1171 ApiSet Stub DLL api-ms-win-crt-private-l1-1-0.dll 10.0.10586.1171 ApiSet Stub DLL api-ms-win-crt-process-l1-1-0.dll 10.0.10586.1171 ApiSet Stub DLL api-ms-win-crt-runtime-l1-1-0.dll 10.0.10586.1171 ApiSet Stub DLL api-ms-win-crt-stdio-l1-1-0.dll 10.0.10586.1171 ApiSet Stub DLL api-ms-win-crt-string-l1-1-0.dll 10.0.10586.1171 ApiSet Stub DLL api-ms-win-crt-time-l1-1-0.dll 10.0.10586.1171 ApiSet Stub DLL api-ms-win-crt-utility-l1-1-0.dll 10.0.10586.1171 ApiSet Stub DLL api-ms-win-downlevel-advapi32-l1-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-downlevel-advapi32-l2-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-downlevel-normaliz-l1-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-downlevel-ole32-l1-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-downlevel-shell32-l1-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-downlevel-shlwapi-l1-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-downlevel-shlwapi-l2-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-downlevel-user32-l1-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-downlevel-version-l1-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-security-base-l1-1-0.dll 6.1.7601.23915 ApiSet Stub DLL api-ms-win-security-lsalookup-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL api-ms-win-security-sddl-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL api-ms-win-service-core-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL api-ms-win-service-management-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL api-ms-win-service-management-l2-1-0.dll 6.1.7600.16385 ApiSet Stub DLL api-ms-win-service-winsvc-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL apircl.dll 6.1.7600.16385 Microsoft® InfoTech IR Local DLL apisetschema.dll 6.1.7601.23915 ApiSet Schema DLL apos.dll 1.0.3.40 Latvian (Apostrofs v0.3; komats) Keyboard Layout apphelp.dll 6.1.7601.19050 Application Compatibility Client Library apphlpdm.dll 6.1.7600.16385 Application Compatibility Help Module appidapi.dll 6.1.7601.23915 Application Identity APIs Dll appidpolicyengineapi.dll 6.1.7600.16385 AppId Policy Engine API Module appmgmts.dll 6.1.7600.16385 Software installation Service appmgr.dll 6.1.7601.17514 Software Installation Snapin Extenstion apss.dll 6.1.7600.16385 Microsoft® InfoTech Storage System Library asferror.dll 12.0.7600.16385 ASF Error Definitions aspnet_counters.dll 4.7.2053.0 Microsoft ASP.NET Performance Counter Shim DLL asycfilt.dll 6.1.7601.23713 atl.dll 3.5.2284.0 ATL Module for Windows XP (Unicode) atl100.dll 10.0.40219.325 ATL Module for Windows atl110.dll 11.0.50727.1 ATL Module for Windows atmfd.dll 5.1.2.252 Windows NT OpenType/Type 1 Font Driver atmlib.dll 5.1.2.252 Windows NT OpenType/Type 1 API Library. audiodev.dll 6.1.7601.17514 Portable Media Devices Shell Extension audioeng.dll 6.1.7601.23471 Audio Engine audiokse.dll 6.1.7601.23471 Audio Ks Endpoint audioses.dll 6.1.7601.23471 Audio Session auditnativesnapin.dll 6.1.7600.16385 Audit Policy Group Policy Editor Extension auditpolicygpinterop.dll 6.1.7600.16385 Audit Policy GP Module auditpolmsg.dll 6.1.7600.16385 Audit Policy MMC SnapIn Messages authfwcfg.dll 6.1.7600.16385 Windows Firewall with Advanced Security Configuration Helper authfwgp.dll 6.1.7600.16385 Windows Firewall with Advanced Security Group Policy Editor Extension authfwsnapin.dll 6.1.7601.17514 Microsoft.WindowsFirewall.SnapIn authfwwizfwk.dll 6.1.7600.16385 Wizard Framework authui.dll 6.1.7601.23593 Windows Authentication UI authz.dll 6.1.7600.16385 Authorization Framework autoplay.dll 6.1.7601.17514 AutoPlay Control Panel auxiliarydisplayapi.dll 6.1.7600.16385 Microsoft Windows SideShow API auxiliarydisplaycpl.dll 6.1.7601.17514 Microsoft Windows SideShow Control Panel avicap32.dll 6.1.7600.16385 AVI Capture window class avifil32.dll 6.1.7601.17514 Microsoft AVI File support library avrt.dll 6.1.7600.16385 Multimedia Realtime Runtime azroles.dll 6.1.7601.17514 azroles Module azroleui.dll 6.1.7601.17514 Authorization Manager azsqlext.dll 6.1.7601.17514 AzMan Sql Audit Extended Stored Procedures Dll basecsp.dll 6.1.7601.17514 Microsoft Base Smart Card Crypto Provider batmeter.dll 6.1.7601.17514 Battery Meter Helper DLL bcrypt.dll 6.1.7601.23915 Windows Cryptographic Primitives Library (Wow64) bcryptprimitives.dll 6.1.7601.23451 Windows Cryptographic Primitives Library bidispl.dll 6.1.7600.16385 Bidispl DLL biocredprov.dll 6.1.7600.16385 WinBio Credential Provider bitsperf.dll 7.5.7601.17514 Perfmon Counter Access bitsprx2.dll 7.5.7600.16385 Background Intelligent Transfer Service Proxy bitsprx3.dll 7.5.7600.16385 Background Intelligent Transfer Service 2.0 Proxy bitsprx4.dll 7.5.7600.16385 Background Intelligent Transfer Service 2.5 Proxy bitsprx5.dll 7.5.7600.16385 Background Intelligent Transfer Service 3.0 Proxy bitsprx6.dll 7.5.7600.16385 Background Intelligent Transfer Service 4.0 Proxy blackbox.dll 11.0.7601.23471 BlackBox DLL bootvid.dll 6.1.7600.16385 VGA Boot Driver brdctf2.dll 1.0.0.2 Brother Device Check Tool brdctf2l.dll 1.0.0.0 Brother Device Check Tool L brdctf2s.dll 1.0.12.12 Brother Device Check Tool S brlm03a.dll 1.0.6.4 brlm03a brlmw03a.dll 1.0.0.182 Wraper DLL for brlm03a(NT/2K/XP) / brif03a(9x) brosnmp.dll 1.0.2.0 BrMuSNMP browcli.dll 6.1.7601.17887 Browser Service Client DLL browseui.dll 6.1.7601.17514 Shell Browser UI Library brtcpcon.dll btpanui.dll 6.1.7600.16385 Bluetooth PAN User Interface bwcontexthandler.dll 1.0.0.1 ContextH Application bwunpairelevated.dll 6.1.7600.16385 BWUnpairElevated Proxy Dll c_g18030.dll 6.1.7600.16385 GB18030 DBCS-Unicode Conversion DLL c_is2022.dll 6.1.7600.16385 ISO-2022 Code Page Translation DLL c_iscii.dll 6.1.7601.17514 ISCII Code Page Translation DLL cabinet.dll 6.1.7601.17514 Microsoft® Cabinet File API cabview.dll 6.1.7601.17514 Cabinet File Viewer Shell Extension capiprovider.dll 6.1.7601.18409 capiprovider DLL capisp.dll 6.1.7600.16385 Sysprep cleanup dll for CAPI catsrv.dll 2001.12.8530.16385 COM+ Configuration Catalog Server catsrvps.dll 2001.12.8530.16385 COM+ Configuration Catalog Server Proxy/Stub catsrvut.dll 2001.12.8531.19062 COM+ Configuration Catalog Server Utilities cca.dll 6.6.7601.17514 CCA DirectShow Filter. cdosys.dll 6.6.7601.23789 Microsoft CDO for Windows Library certcli.dll 6.1.7601.23915 Microsoft® Active Directory Certificate Services Client certcredprovider.dll 6.1.7600.16385 Cert Credential Provider certenc.dll 6.1.7601.18151 Active Directory Certificate Services Encoding certenroll.dll 6.1.7601.17514 Microsoft® Active Directory Certificate Services Enrollment Client certenrollui.dll 6.1.7600.16385 X509 Certificate Enrollment UI certmgr.dll 6.1.7601.17514 Certificates snap-in certpoleng.dll 6.1.7601.17514 Certificate Policy Engine cewmdm.dll 12.0.7601.18872 Windows CE WMDM Service Provider cfgbkend.dll 6.1.7600.16385 Configuration Backend Interface cfgmgr32.dll 6.1.7601.17621 Configuration Manager DLL ch341pt.dll 1.0.2005.7 DLL for CH341 port, by W.ch chsbrkr.dll 6.1.7600.16385 Simplified Chinese Word Breaker chtbrkr.dll 6.1.7600.16385 Chinese Traditional Word Breaker chxreadingstringime.dll 6.1.7600.16385 CHxReadingStringIME cic.dll 6.1.7601.23892 CIC - MMC controls for Taskpad clb.dll 6.1.7600.16385 Column List Box clbcatq.dll 2001.12.8530.16385 COM+ Configuration Catalog clfsw32.dll 6.1.7601.18777 Common Log Marshalling Win32 DLL cliconfg.dll 6.1.7600.16385 SQL Client Configuration Utility DLL clusapi.dll 6.1.7601.17514 Cluster API Library cmcfg32.dll 7.2.7600.16385 Microsoft Connection Manager Configuration Dll cmdial32.dll 7.2.7600.16385 Microsoft Connection Manager cmicryptinstall.dll 6.1.7600.16385 Installers for cryptographic elements of CMI objects cmifw.dll 6.1.7600.16385 Windows Firewall rule configuration plug-in cmipnpinstall.dll 6.1.7600.16385 PNP plugin installer for CMI cmlua.dll 7.2.7600.16385 Connection Manager Admin API Helper cmpbk32.dll 7.2.7600.16385 Microsoft Connection Manager Phonebook cmstplua.dll 7.2.7600.16385 Connection Manager Admin API Helper for Setup cmutil.dll 7.2.7600.16385 Microsoft Connection Manager Utility Lib cncenpm6.dll 1.0.6.0 Canon MF Series Network 64bit PM Server Module cngaudit.dll 6.1.7600.16385 Windows Cryptographic Next Generation audit library cngprovider.dll 6.1.7601.18409 cngprovider DLL cnvfat.dll 6.1.7600.16385 FAT File System Conversion Utility DLL colbact.dll 2001.12.8530.16385 COM+ colorcnv.dll 6.1.7601.19091 Windows Media Color Conversion colorui.dll 6.1.7600.16385 Microsoft Color Control Panel comcat.dll 6.1.7601.23889 Microsoft Component Category Manager Library comctl32.dll 5.82.7601.18837 User Experience Controls Library comdlg32.dll 6.1.7601.17514 Common Dialogs DLL compobj.dll 2.10.35.35 OLE 2.1 16/32 Interoperability Library compstui.dll 6.1.7600.16385 Common Property Sheet User Interface DLL comrepl.dll 2001.12.8530.16385 COM+ comres.dll 2001.12.8530.16385 COM+ Resources comsnap.dll 2001.12.8530.16385 COM+ Explorer MMC Snapin comsvcs.dll 2001.12.8531.19062 COM+ Services comuid.dll 2001.12.8530.16385 COM+ Explorer UI connect.dll 6.1.7600.16385 Get Connected Wizards console.dll 6.1.7600.16385 Control Panel Console Applet cpfilters.dll 6.6.7601.19135 PTFilter & Encypter/Decrypter Tagger Filters. credssp.dll 6.1.7601.23915 Credential Delegation Security Package credui.dll 6.1.7601.18276 Credential Manager User Interface crtdll.dll 4.0.1183.1 Microsoft C Runtime Library crypt32.dll 6.1.7601.23769 Crypto API32 cryptbase.dll 6.1.7601.23915 Base cryptographic API DLL cryptdlg.dll 6.1.7601.18150 Microsoft Common Certificate Dialogs cryptdll.dll 6.1.7600.16385 Cryptography Manager cryptext.dll 6.1.7600.16385 Crypto Shell Extensions cryptnet.dll 6.1.7601.23769 Crypto Network Related API cryptsp.dll 6.1.7601.23471 Cryptographic Service Provider API cryptsvc.dll 6.1.7601.23769 Cryptographic Services cryptui.dll 6.1.7601.23471 Microsoft Trust UI Provider cryptxml.dll 6.1.7600.16385 XML DigSig API cscapi.dll 6.1.7601.17514 Offline Files Win32 API cscdll.dll 6.1.7601.17514 Offline Files Temporary Shim cscobj.dll 6.1.7601.17514 In-proc COM object used by clients of CSC API csver.dll 9.3.0.1021 CSVer ctl3d32.dll 2.31.0.0 Ctl3D 3D Windows Controls d2d1.dll 6.2.9200.16765 Microsoft D2D Library d3d10.dll 6.2.9200.16492 Direct3D 10 Runtime d3d10_1.dll 6.2.9200.16492 Direct3D 10.1 Runtime d3d10_1core.dll 6.2.9200.16492 Direct3D 10.1 Runtime d3d10core.dll 6.2.9200.16492 Direct3D 10 Runtime d3d10level9.dll 6.2.9200.21830 Direct3D 10 to Direct3D9 Translation Runtime d3d10warp.dll 6.2.9200.17033 Direct3D 10 Rasterizer d3d11.dll 6.2.9200.16570 Direct3D 11 Runtime d3d8.dll 6.1.7600.16385 Microsoft Direct3D d3d8thk.dll 6.1.7600.16385 Microsoft Direct3D OS Thunk Layer d3d9.dll 6.1.7601.17514 Direct3D 9 Runtime d3dcompiler_33.dll 9.18.904.15 Microsoft Direct3D d3dcompiler_34.dll 9.19.949.46 Microsoft Direct3D d3dcompiler_35.dll 9.19.949.1104 Microsoft Direct3D d3dcompiler_36.dll 9.19.949.2111 Microsoft Direct3D d3dcompiler_37.dll 9.22.949.2248 Microsoft Direct3D d3dcompiler_38.dll 9.23.949.2378 Microsoft Direct3D d3dcompiler_39.dll 9.24.949.2307 Microsoft Direct3D d3dcompiler_40.dll 9.24.950.2656 Direct3D HLSL Compiler d3dcompiler_41.dll 9.26.952.2844 Direct3D HLSL Compiler d3dcompiler_42.dll 9.27.952.3022 Direct3D HLSL Compiler d3dcompiler_43.dll 9.29.952.3111 Direct3D HLSL Compiler d3dcompiler_47.dll 6.3.9600.18611 Direct3D HLSL Compiler for Redistribution d3dcsx_42.dll 9.27.952.3022 Direct3D 10.1 Extensions d3dcsx_43.dll 9.29.952.3111 Direct3D 10.1 Extensions d3dim.dll 6.1.7600.16385 Microsoft Direct3D d3dim700.dll 6.1.7600.16385 Microsoft Direct3D d3dramp.dll 6.1.7600.16385 Microsoft Direct3D d3dx10.dll 9.16.843.0 Microsoft Direct3D d3dx10_33.dll 9.18.904.21 Microsoft Direct3D d3dx10_34.dll 9.19.949.46 Microsoft Direct3D d3dx10_35.dll 9.19.949.1104 Microsoft Direct3D d3dx10_36.dll 9.19.949.2009 Microsoft Direct3D d3dx10_37.dll 9.19.949.2187 Microsoft Direct3D d3dx10_38.dll 9.23.949.2378 Microsoft Direct3D d3dx10_39.dll 9.24.949.2307 Microsoft Direct3D d3dx10_40.dll 9.24.950.2656 Direct3D 10.1 Extensions d3dx10_41.dll 9.26.952.2844 Direct3D 10.1 Extensions d3dx10_42.dll 9.27.952.3001 Direct3D 10.1 Extensions d3dx10_43.dll 9.29.952.3111 Direct3D 10.1 Extensions d3dx11_42.dll 9.27.952.3022 Direct3D 10.1 Extensions d3dx11_43.dll 9.29.952.3111 Direct3D 10.1 Extensions d3dx9_24.dll 9.5.132.0 Microsoft® DirectX for Windows® d3dx9_25.dll 9.6.168.0 Microsoft® DirectX for Windows® d3dx9_26.dll 9.7.239.0 Microsoft® DirectX for Windows® d3dx9_27.dll 9.8.299.0 Microsoft® DirectX for Windows® d3dx9_28.dll 9.10.455.0 Microsoft® DirectX for Windows® d3dx9_29.dll 9.11.519.0 Microsoft® DirectX for Windows® d3dx9_30.dll 9.12.589.0 Microsoft® DirectX for Windows® d3dx9_31.dll 9.15.779.0 Microsoft® DirectX for Windows® d3dx9_32.dll 9.16.843.0 Microsoft® DirectX for Windows® d3dx9_33.dll 9.18.904.15 Microsoft® DirectX for Windows® d3dx9_34.dll 9.19.949.46 Microsoft® DirectX for Windows® d3dx9_35.dll 9.19.949.1104 Microsoft® DirectX for Windows® d3dx9_36.dll 9.19.949.2111 Microsoft® DirectX for Windows® d3dx9_37.dll 9.22.949.2248 Microsoft® DirectX for Windows® d3dx9_38.dll 9.23.949.2378 Microsoft® DirectX for Windows® d3dx9_39.dll 9.24.949.2307 Microsoft® DirectX for Windows® d3dx9_40.dll 9.24.950.2656 Direct3D 9 Extensions d3dx9_41.dll 9.26.952.2844 Direct3D 9 Extensions d3dx9_42.dll 9.27.952.3001 Direct3D 9 Extensions d3dx9_43.dll 9.29.952.3111 Direct3D 9 Extensions d3dxof.dll 6.1.7600.16385 DirectX Files DLL dataclen.dll 6.1.7600.16385 Disk Space Cleaner for Windows davclnt.dll 6.1.7601.23542 Web DAV Client DLL davhlpr.dll 6.1.7600.16385 DAV Helper DLL dbgeng.dll 6.1.7601.17514 Windows Symbolic Debugger Engine dbghelp.dll 6.1.7601.17514 Windows Image Helper dbnetlib.dll 6.1.7600.16385 Winsock Oriented Net DLL for SQL Clients dbnmpntw.dll 6.1.7600.16385 Named Pipes Net DLL for SQL Clients dciman32.dll 6.1.7601.23930 DCI Manager ddaclsys.dll 6.1.7600.16385 SysPrep module for Reseting Data Drive ACL ddoiproxy.dll 6.1.7600.16385 DDOI Interface Proxy ddores.dll 6.1.7600.16385 Device Category information and resources ddraw.dll 6.1.7600.16385 Microsoft DirectDraw ddrawex.dll 6.1.7600.16385 Direct Draw Ex defaultlocationcpl.dll 6.1.7601.17514 Default Location Control Panel deskadp.dll 6.1.7600.16385 Advanced display adapter properties deskmon.dll 6.1.7600.16385 Advanced display monitor properties deskperf.dll 6.1.7600.16385 Advanced display performance properties devenum.dll 6.6.7601.19091 Device enumeration. devicecenter.dll 6.1.7601.17514 Device Center devicedisplaystatusmanager.dll 6.1.7600.16385 Device Display Status Manager devicemetadataparsers.dll 6.1.7600.16385 Common Device Metadata parsers devicepairing.dll 6.1.7600.16385 Shell extensions for Device Pairing devicepairingfolder.dll 6.1.7601.17514 Device Pairing Folder devicepairinghandler.dll 6.1.7600.16385 Device Pairing Handler Dll devicepairingproxy.dll 6.1.7600.16385 Device Pairing Proxy Dll deviceuxres.dll 6.1.7600.16385 Windows Device User Experience Resource File devmgr.dll 6.1.7600.16385 Device Manager MMC Snapin devobj.dll 6.1.7601.17621 Device Information Set DLL devrtl.dll 6.1.7601.17621 Device Management Run Time Library dfscli.dll 6.1.7600.16385 Windows NT Distributed File System Client DLL dfshim.dll 4.0.41210.0 ClickOnce Application Deployment Support Library dfsshlex.dll 6.1.7600.16385 Distributed File System shell extension dhcpcmonitor.dll 6.1.7600.16385 DHCP Client Monitor Dll dhcpcore.dll 6.1.7601.17514 DHCP Client Service dhcpcore6.dll 6.1.7601.17970 DHCPv6 Client dhcpcsvc.dll 6.1.7600.16385 DHCP Client Service dhcpcsvc6.dll 6.1.7601.17970 DHCPv6 Client dhcpqec.dll 6.1.7600.16385 Microsoft DHCP NAP Enforcement Client dhcpsapi.dll 6.1.7600.16385 DHCP Server API Stub DLL difxapi.dll 2.1.0.0 Driver Install Frameworks for API library module dimsjob.dll 6.1.7600.16385 DIMS Job DLL dimsroam.dll 6.1.7601.18409 Key Roaming DIMS Provider DLL dinput.dll 6.1.7600.16385 Microsoft DirectInput dinput8.dll 6.1.7600.16385 Microsoft DirectInput directdb.dll 6.1.7600.16385 Microsoft Direct Database API diskcopy.dll 6.1.7600.16385 Windows DiskCopy dispex.dll 5.8.7600.16385 Microsoft ® DispEx display.dll 6.1.7601.22061 Display Control Panel dmband.dll 6.1.7600.16385 Microsoft DirectMusic Band dmcompos.dll 6.1.7600.16385 Microsoft DirectMusic Composer dmdlgs.dll 6.1.7600.16385 Disk Management Snap-in Dialogs dmdskmgr.dll 6.1.7600.16385 Disk Management Snap-in Support Library dmdskres.dll 6.1.7600.16385 Disk Management Snap-in Resources dmdskres2.dll 6.1.7600.16385 Disk Management Snap-in Resources dmime.dll 6.1.7600.16385 Microsoft DirectMusic Interactive Engine dmintf.dll 6.1.7600.16385 Disk Management DCOM Interface Stub dmloader.dll 6.1.7600.16385 Microsoft DirectMusic Loader dmocx.dll 6.1.7600.16385 TreeView OCX dmrc.dll 6.1.7600.16385 Windows MRC dmscript.dll 6.1.7600.16385 Microsoft DirectMusic Scripting dmstyle.dll 6.1.7600.16385 Microsoft DirectMusic Style Engline dmsynth.dll 6.1.7600.16385 Microsoft DirectMusic Software Synthesizer dmusic.dll 6.1.7600.16385 Microsoft DirectMusic Core Services dmutil.dll 6.1.7600.16385 Logical Disk Manager Utility Library dmvdsitf.dll 6.1.7600.16385 Disk Management Snap-in Support Library dnsapi.dll 6.1.7601.17570 DNS Client API DLL dnscmmc.dll 6.1.7601.17514 DNS Client MMC Snap-in DLL docprop.dll 6.1.7600.16385 OLE DocFile Property Page dot3api.dll 6.1.7601.17514 802.3 Autoconfiguration API dot3cfg.dll 6.1.7601.17514 802.3 Netsh Helper dot3dlg.dll 6.1.7600.16385 802.3 UI Helper dot3gpclnt.dll 6.1.7600.16385 802.3 Group Policy Client dot3gpui.dll 6.1.7600.16385 802.3 Network Policy Management Snap-in dot3hc.dll 6.1.7600.16385 Dot3 Helper Class dot3msm.dll 6.1.7601.17514 802.3 Media Specific Module dot3ui.dll 6.1.7601.17514 802.3 Advanced UI dpapiprovider.dll 6.1.7601.18409 dpapiprovider DLL dplayx.dll 6.1.7600.16385 Microsoft DirectPlay dpmodemx.dll 6.1.7600.16385 Modem and Serial Connection For DirectPlay dpnaddr.dll 6.1.7601.17514 Microsoft DirectPlay8 Address dpnathlp.dll 6.1.7600.16385 Microsoft DirectPlay NAT Helper UPnP dpnet.dll 6.1.7601.17989 Microsoft DirectPlay dpnhpast.dll 6.1.7600.16385 Microsoft DirectPlay NAT Helper PAST dpnhupnp.dll 6.1.7600.16385 Microsoft DirectPlay NAT Helper UPNP dpnlobby.dll 6.1.7600.16385 Microsoft DirectPlay8 Lobby dpwsockx.dll 6.1.7600.16385 Internet TCP/IP and IPX Connection For DirectPlay dpx.dll 6.1.7601.17514 Microsoft(R) Delta Package Expander drmmgrtn.dll 11.0.7601.23471 DRM Migration DLL drmv2clt.dll 11.0.7601.23471 DRMv2 Client DLL drprov.dll 6.1.7600.16385 Microsoft Remote Desktop Session Host Server Network Provider drt.dll 6.1.7600.16385 Distributed Routing Table drtprov.dll 6.1.7600.16385 Distributed Routing Table Providers drttransport.dll 6.1.7600.16385 Distributed Routing Table Transport Provider drvstore.dll 6.1.7601.17514 Driver Store API ds32gt.dll 6.1.7600.16385 ODBC Driver Setup Generic Thunk dsauth.dll 6.1.7601.17514 DS Authorization for Services dsdmo.dll 6.1.7600.16385 DirectSound Effects dshowrdpfilter.dll 1.0.0.0 RDP Renderer Filter (redirector) dskquota.dll 6.1.7600.16385 Windows Shell Disk Quota Support DLL dskquoui.dll 6.1.7601.17514 Windows Shell Disk Quota UI DLL dsound.dll 6.1.7600.16385 DirectSound dsprop.dll 6.1.7600.16385 Windows Active Directory Property Pages dsquery.dll 6.1.7600.16385 Directory Service Find dsrole.dll 6.1.7600.16385 DS Role Client DLL dssec.dll 6.1.7600.16385 Directory Service Security UI dssenh.dll 6.1.7600.16385 Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider dsuiext.dll 6.1.7601.17514 Directory Service Common UI dswave.dll 6.1.7600.16385 Microsoft DirectMusic Wave dtsh.dll 6.1.7600.16385 Detection and Sharing Status API dui70.dll 6.1.7600.16385 Windows DirectUI Engine duser.dll 6.1.7600.16385 Windows DirectUser Engine dwmapi.dll 6.1.7601.18917 Microsoft Desktop Window Manager API dwmcore.dll 6.1.7601.18917 Microsoft DWM Core Library dwrite.dll 6.2.9200.22164 Microsoft DirectX Typography Services dxdiagn.dll 6.1.7601.17514 Microsoft DirectX Diagnostic Tool dxgi.dll 6.2.9200.16492 DirectX Graphics Infrastructure dxmasf.dll 12.0.7601.23930 Microsoft Windows Media Component Removal File. dxptaskringtone.dll 6.1.7601.23864 Microsoft Ringtone Editor dxptasksync.dll 6.1.7601.17514 Microsoft Windows DXP Sync. dxtmsft.dll 11.0.9600.18838 DirectX Media -- Image DirectX Transforms dxtrans.dll 11.0.9600.18838 DirectX Media -- DirectX Transform Core dxva2.dll 6.1.7600.16385 DirectX Video Acceleration 2.0 DLL eapp3hst.dll 6.1.7601.17514 Microsoft ThirdPartyEapDispatcher eappcfg.dll 6.1.7600.16385 Eap Peer Config eappgnui.dll 6.1.7601.17514 EAP Generic UI eapphost.dll 6.1.7601.17514 Microsoft EAPHost Peer service eappprxy.dll 6.1.7600.16385 Microsoft EAPHost Peer Client DLL eapqec.dll 6.1.7600.16385 Microsoft EAP NAP Enforcement Client efsadu.dll 6.1.7600.16385 File Encryption Utility efscore.dll 6.1.7601.17514 EFS Core Library efsutil.dll 6.1.7600.16385 EFS Utility Library ehstorapi.dll 6.1.7601.17514 Windows Enhanced Storage API ehstorpwdmgr.dll 6.1.7600.16385 Windows Enhanced Storage Password Manager ehstorshell.dll 6.1.7600.16385 Windows Enhanced Storage Shell Extension DLL els.dll 6.1.7601.19054 Event Viewer Snapin elscore.dll 6.1.7600.16385 Els Core Platform DLL elshyph.dll 6.3.9600.16428 ELS Hyphenation Service elslad.dll 6.1.7600.16385 ELS Language Detection elstrans.dll 6.1.7601.17514 ELS Transliteration Service encapi.dll 6.1.7600.16385 Encoder API encdec.dll 6.6.7601.19135 XDSCodec & Encypter/Decrypter Tagger Filters. eqossnap.dll 6.1.7600.16385 EQoS Snapin extension es.dll 2001.12.8530.16385 COM+ esent.dll 6.1.7601.17577 Extensible Storage Engine for Microsoft(R) Windows(R) esentprf.dll 6.1.7600.16385 Extensible Storage Engine Performance Monitoring Library for Microsoft(R) Windows(R) eventcls.dll 6.1.7600.16385 Microsoft® Volume Shadow Copy Service event class evr.dll 6.1.7601.23471 Enhanced Video Renderer DLL explorerframe.dll 6.1.7601.23893 ExplorerFrame expsrv.dll 6.0.72.9589 Visual Basic for Applications Runtime - Expression Service f3ahvoas.dll 6.1.7600.16385 JP Japanese Keyboard Layout for Fujitsu FMV oyayubi-shift keyboard faultrep.dll 6.1.7601.17514 Windows User Mode Crash Reporting DLL fdbth.dll 6.1.7600.16385 Function Discovery Bluetooth Provider Dll fdbthproxy.dll 6.1.7600.16385 Bluetooth Provider Proxy Dll fde.dll 6.1.7601.17514 Folder Redirection Snapin Extension fdeploy.dll 6.1.7601.17514 Folder Redirection Group Policy Extension fdpnp.dll 6.1.7600.16385 Pnp Provider Dll fdproxy.dll 6.1.7600.16385 Function Discovery Proxy Dll fdssdp.dll 6.1.7600.16385 Function Discovery SSDP Provider Dll fdwcn.dll 6.1.7600.16385 Windows Connect Now - Config Function Discovery Provider DLL fdwnet.dll 6.1.7600.16385 Function Discovery WNet Provider Dll fdwsd.dll 6.1.7600.16385 Function Discovery WS Discovery Provider Dll feclient.dll 6.1.7600.16385 Windows NT File Encryption Client Interfaces ff_vfw.dll 1.3.4532.0 ffdshow VFW filemgmt.dll 6.1.7600.16385 Services and Shared Folders findnetprinters.dll 6.1.7600.16385 Find Network Printers COM Component firewallapi.dll 6.1.7600.16385 Windows Firewall API firewallcontrolpanel.dll 6.1.7601.17514 Windows Firewall Control Panel fltlib.dll 6.1.7600.16385 Filter Library fm20.dll 14.0.7153.5001 Microsoft® Forms DLL fm20enu.dll 14.0.4747.1000 Microsoft® Forms International DLL fmifs.dll 6.1.7600.16385 FM IFS Utility DLL fms.dll 1.1.6000.16384 Font Management Services fontext.dll 6.1.7601.17514 Windows Font Folder fontsub.dll 6.1.7601.23930 Font Subsetting DLL fphc.dll 6.1.7601.17514 Filtering Platform Helper Class framedyn.dll 6.1.7601.17514 WMI SDK Provider Framework framedynos.dll 6.1.7601.17514 WMI SDK Provider Framework ftd2xx.dll 3.2.12.0 FTD2XX Dynamic Link Library fthsvc.dll 6.1.7600.16385 Microsoft Windows Fault Tolerant Heap Diagnostic Module ftlx0411.dll 4.0.0.4550 Microsoft(R) Japanese Word Breaker ftlx041e.dll 50.1.7600.16386 Thai Wordbreaker ftsrch.dll 4.0.0.4553 Microsoft® Full-Text Search fundisc.dll 6.1.7600.16385 Function Discovery Dll fwcfg.dll 6.1.7600.16385 Windows Firewall Configuration Helper fwpuclnt.dll 6.1.7601.18283 FWP/IPsec User-Mode API fwremotesvr.dll 6.1.7601.23452 Windows Firewall Remote APIs Server fxsapi.dll 6.1.7600.16385 Microsoft Fax API Support DLL fxscom.dll 6.1.7600.16385 Microsoft Fax Server COM Client Interface fxscomex.dll 6.1.7600.16385 Microsoft Fax Server Extended COM Client Interface fxsext32.dll 6.1.7600.16385 Microsoft Fax Exchange Command Extension fxsresm.dll 6.1.7600.16385 Microsoft Fax Resource DLL fxsxp32.dll 6.1.7600.16385 Microsoft Fax Transport Provider gameux.dll 6.1.7601.18020 Games Explorer gameuxlegacygdfs.dll 1.0.0.1 Legacy GDF resource DLL gcdef.dll 6.1.7600.16385 Game Controllers Default Sheets gdi32.dll 6.1.7601.23914 GDI Client DLL getuname.dll 6.1.7600.16385 Unicode name Dll for UCE glmf32.dll 6.1.7600.16385 OpenGL Metafiling DLL glu32.dll 6.1.7600.16385 OpenGL Utility Library DLL gpapi.dll 6.1.7601.23452 Group Policy Client API gpedit.dll 6.1.7601.23932 GPEdit gpprefcl.dll 6.1.7601.23452 Group Policy Preference Client gpprnext.dll 6.1.7600.16385 Group Policy Printer Extension gpscript.dll 6.1.7601.23452 Script Client Side Extension gptext.dll 6.1.7600.16385 GPTExt hbaapi.dll 6.1.7601.17514 HBA API data interface dll for HBA_API_Rev_2-18_2002MAR1.doc hcproviders.dll 6.1.7600.16385 Action Center Providers helppaneproxy.dll 6.1.7600.16385 Microsoft® Help Proxy hgcpl.dll 6.1.7601.17514 HomeGroup Control Panel hhsetup.dll 6.1.7600.16385 Microsoft® HTML Help hid.dll 6.1.7600.16385 Hid User Library hidserv.dll 6.1.7600.16385 HID Service hlink.dll 6.1.7601.23601 Microsoft Office 2000 component hnetcfg.dll 6.1.7600.16385 Home Networking Configuration Manager hnetmon.dll 6.1.7600.16385 Home Networking Monitor DLL httpapi.dll 6.1.7601.17514 HTTP Protocol Stack API htui.dll 6.1.7600.16385 Common halftone Color Adjustment Dialogs huffyuv.dll 2.1.1.1 Huffyuv lossless video codec ias.dll 6.1.7600.16385 Network Policy Server iasacct.dll 6.1.7601.17514 NPS Accounting Provider iasads.dll 6.1.7600.16385 NPS Active Directory Data Store iasdatastore.dll 6.1.7600.16385 NPS Datastore server iashlpr.dll 6.1.7600.16385 NPS Surrogate Component iasmigplugin.dll 6.1.7600.16385 NPS Migration DLL iasnap.dll 6.1.7600.16385 NPS NAP Provider iaspolcy.dll 6.1.7600.16385 NPS Pipeline iasrad.dll 6.1.7601.17514 NPS RADIUS Protocol Component iasrecst.dll 6.1.7601.17514 NPS XML Datastore Access iassam.dll 6.1.7600.16385 NPS NT SAM Provider iassdo.dll 6.1.7600.16385 NPS SDO Component iassvcs.dll 6.1.7600.16385 NPS Services Component icardie.dll 11.0.9600.16428 Microsoft Information Card IE Helper icardres.dll 3.0.4506.5464 Windows CardSpace iccvid.dll 1.10.0.13 Cinepak® Codec icm32.dll 6.1.7601.23677 Microsoft Color Management Module (CMM) icmp.dll 6.1.7600.16385 ICMP DLL icmui.dll 6.1.7600.16385 Microsoft Color Matching System User Interface DLL iconcodecservice.dll 6.1.7600.16385 Converts a PNG part of the icon to a legacy bmp icon icsigd.dll 6.1.7600.16385 Internet Gateway Device properties idndl.dll 6.1.7600.16385 Downlevel DLL idstore.dll 6.1.7600.16385 Identity Store ieadvpack.dll 11.0.9600.16428 ADVPACK ieapfltr.dll 11.0.9600.18838 Microsoft SmartScreen Filter iedkcs32.dll 18.0.9600.18838 IEAK branding ieetwproxystub.dll 11.0.9600.18838 IE ETW Collector Proxy Stub Resources ieframe.dll 11.0.9600.18838 Internet Browser iepeers.dll 11.0.9600.16428 Internet Explorer Peer Objects iernonce.dll 11.0.9600.18838 Extended RunOnce processing with UI iertutil.dll 11.0.9600.18838 Run time utility for Internet Explorer iesetup.dll 11.0.9600.18838 IOD Version Map iesysprep.dll 11.0.9600.16428 IE Sysprep Provider ieui.dll 11.0.9600.18838 Internet Explorer UI Engine ifmon.dll 6.1.7600.16385 IF Monitor DLL ifsutil.dll 6.1.7601.17514 IFS Utility DLL ifsutilx.dll 6.1.7600.16385 IFS Utility Extension DLL ig4icd32.dll 9.17.10.4229 OpenGL(R) Driver for Intel(R) Graphics Accelerator ig7icd32.dll 9.17.10.4229 OpenGL(R) Driver for Intel(R) Graphics Accelerator igd10umd32.dll 9.17.10.4229 LDDM User Mode Driver for Intel(R) Graphics Technology igdbcl32.dll 9.17.10.4229 OpenCL User Mode Driver for Intel(R) Graphics Technology igdde32.dll igdfcl32.dll 8.1.0.4229 OpenCL Driver for Intel(R) Graphics Technology igdrcl32.dll 9.17.10.4229 OpenCL User Mode Driver for Intel(R) Graphics Technology igdumd32.dll 9.17.10.4229 LDDM User Mode Driver for Intel(R) Graphics Technology igfx11cmrt32.dll 2.4.0.1020 CM Runtime Dynamic Link Library (DX11) igfxcmjit32.dll 2.4.0.1020 CM JIT Dynamic Link Library igfxcmrt32.dll 2.4.0.1020 CM Runtime Dynamic Link Library igfxdv32.dll 8.15.10.4229 igfxdev Module igfxexps32.dll 8.15.10.4229 igfxext Module iglhcp32.dll 3.0.1.15 iglhcp32 Dynamic Link Library iglhsip32.dll 3.0.0.12 iglhsip32 Dynamic Link Library imagehlp.dll 6.1.7601.18288 Windows NT Image Helper imageres.dll 6.1.7600.16385 Windows Image Resource imagesp1.dll 6.1.7600.16385 Windows SP1 Image Resource imapi.dll 6.1.7600.16385 Image Mastering API imapi2.dll 6.1.7601.17514 Image Mastering API v2 imapi2fs.dll 6.1.7601.17514 Image Mastering File System Imaging API v2 imgutil.dll 11.0.9600.16428 IE plugin image decoder support DLL imjp10k.dll 10.1.7601.23572 Microsoft IME imm32.dll 6.1.7601.17514 Multi-User Windows IMM32 API Client DLL inetcomm.dll 6.1.7601.23651 Microsoft Internet Messaging API Resources inetmib1.dll 6.1.7601.17514 Microsoft MIB-II subagent inetres.dll 6.1.7601.23651 Microsoft Internet Messaging API Resources infocardapi.dll 3.0.4506.5461 Microsoft InfoCards inked.dll 6.1.7601.23375 Microsoft Tablet PC InkEdit Control input.dll 6.1.7601.23572 InputSetting DLL inseng.dll 11.0.9600.18838 Install engine intel_opencl_icd32.dll 1.2.1.0 OpenCL Client DLL intelopencl32.dll 1.1.0.1003 Intel(R) OpenCL(TM) Runtime iologmsg.dll 6.1.7601.18386 IO Logging DLL ipbusenumproxy.dll 6.1.7600.16385 Associated Device Presence Proxy Dll iphlpapi.dll 6.1.7601.17514 IP Helper API iprop.dll 6.1.7600.16385 OLE PropertySet Implementation iprtprio.dll 6.1.7600.16385 IP Routing Protocol Priority DLL iprtrmgr.dll 6.1.7601.17514 IP Router Manager ipsecsnp.dll 6.1.7600.16385 IP Security Policy Management Snap-in ipsmsnap.dll 6.1.7601.17514 IP Security Monitor Snap-in ir32_32.dll 3.24.15.3 Intel Indeo(R) Video R3.2 32-bit Driver ir41_qc.dll 4.30.62.2 Intel Indeo® Video Interactive Quick Compressor ir41_qcx.dll 4.30.62.2 Intel Indeo® Video Interactive Quick Compressor ir50_32.dll 5.2562.15.55 Intel Indeo® video 5.10 ir50_qc.dll 5.0.63.48 Intel Indeo® video 5.10 Quick Compressor ir50_qcx.dll 5.0.63.48 Intel Indeo® video 5.10 Quick Compressor irclass.dll 6.1.7600.16385 Infrared Class Coinstaller iscsicpl.dll 5.2.3790.1830 iSCSI Initiator Control Panel Applet iscsidsc.dll 6.1.7600.16385 iSCSI Discovery api iscsied.dll 6.1.7600.16385 iSCSI Extension DLL iscsium.dll 6.1.7601.17514 iSCSI Discovery api iscsiwmi.dll 6.1.7600.16385 MS iSCSI Initiator WMI Provider itircl.dll 6.1.7601.17514 Microsoft® InfoTech IR Local DLL itss.dll 6.1.7600.16385 Microsoft® InfoTech Storage System Library itvdata.dll 6.6.7601.17514 iTV Data Filters. iyuv_32.dll 6.1.7601.17514 Intel Indeo(R) Video YUV Codec javascriptcollectionagent.dll 11.0.9600.18838 JavaScript Performance Collection Agent jscript.dll 5.8.9600.18838 Microsoft ® JScript jscript9.dll 11.0.9600.18838 Microsoft ® JScript jscript9diag.dll 11.0.9600.18838 Microsoft ® JScript Diagnostics jsintl.dll 6.3.9600.16428 Windows Globalization jsproxy.dll 11.0.9600.18838 JScript Proxy Auto-Configuration kbd101.dll 6.1.7600.16385 JP Japanese Keyboard Layout for 101 kbd101a.dll 6.1.7600.16385 KO Hangeul Keyboard Layout for 101 (Type A) kbd101b.dll 6.1.7600.16385 KO Hangeul Keyboard Layout for 101(Type B) kbd101c.dll 6.1.7600.16385 KO Hangeul Keyboard Layout for 101(Type C) kbd103.dll 6.1.7600.16385 KO Hangeul Keyboard Layout for 103 kbd106.dll 6.1.7600.16385 JP Japanese Keyboard Layout for 106 kbd106n.dll 6.1.7600.16385 JP Japanese Keyboard Layout for 106 kbda1.dll 6.1.7600.16385 Arabic_English_101 Keyboard Layout kbda2.dll 6.1.7600.16385 Arabic_2 Keyboard Layout kbda3.dll 6.1.7600.16385 Arabic_French_102 Keyboard Layout kbdal.dll 6.1.7600.16385 Albania Keyboard Layout kbdarme.dll 6.1.7600.16385 Eastern Armenian Keyboard Layout kbdarmw.dll 6.1.7600.16385 Western Armenian Keyboard Layout kbdax2.dll 6.1.7600.16385 JP Japanese Keyboard Layout for AX2 kbdaze.dll 6.1.7601.19106 Azerbaijan_Cyrillic Keyboard Layout kbdazel.dll 6.1.7601.19106 Azeri-Latin Keyboard Layout kbdbash.dll 6.1.7601.18528 Bashkir Keyboard Layout kbdbe.dll 6.1.7600.16385 Belgian Keyboard Layout kbdbene.dll 6.1.7600.16385 Belgian Dutch Keyboard Layout kbdbgph.dll 6.1.7600.16385 Bulgarian Phonetic Keyboard Layout kbdbgph1.dll 6.1.7600.16385 Bulgarian (Phonetic Traditional) Keyboard Layout kbdbhc.dll 6.1.7600.16385 Bosnian (Cyrillic) Keyboard Layout kbdblr.dll 6.1.7601.17514 Belarusian Keyboard Layout kbdbr.dll 6.1.7600.16385 Brazilian Keyboard Layout kbdbu.dll 6.1.7600.16385 Bulgarian (Typewriter) Keyboard Layout kbdbulg.dll 6.1.7601.17514 Bulgarian Keyboard Layout kbdca.dll 6.1.7600.16385 Canadian Multilingual Keyboard Layout kbdcan.dll 6.1.7600.16385 Canadian Multilingual Standard Keyboard Layout kbdcr.dll 6.1.7600.16385 Croatian/Slovenian Keyboard Layout kbdcz.dll 6.1.7600.16385 Czech Keyboard Layout kbdcz1.dll 6.1.7601.17514 Czech_101 Keyboard Layout kbdcz2.dll 6.1.7600.16385 Czech_Programmer's Keyboard Layout kbdda.dll 6.1.7600.16385 Danish Keyboard Layout kbddiv1.dll 6.1.7600.16385 Divehi Phonetic Keyboard Layout kbddiv2.dll 6.1.7600.16385 Divehi Typewriter Keyboard Layout kbddv.dll 6.1.7600.16385 Dvorak US English Keyboard Layout kbdes.dll 6.1.7600.16385 Spanish Alernate Keyboard Layout kbdest.dll 6.1.7600.16385 Estonia Keyboard Layout kbdfa.dll 6.1.7600.16385 Persian Keyboard Layout kbdfc.dll 6.1.7600.16385 Canadian French Keyboard Layout kbdfi.dll 6.1.7600.16385 Finnish Keyboard Layout kbdfi1.dll 6.1.7600.16385 Finnish-Swedish with Sami Keyboard Layout kbdfo.dll 6.1.7600.16385 F¿roese Keyboard Layout kbdfr.dll 6.1.7600.16385 French Keyboard Layout kbdgae.dll 6.1.7600.16385 Gaelic Keyboard Layout kbdgeo.dll 6.1.7601.17514 Georgian Keyboard Layout kbdgeoer.dll 6.1.7600.16385 Georgian (Ergonomic) Keyboard Layout kbdgeoqw.dll 6.1.7601.19106 Georgian (QWERTY) Keyboard Layout kbdgkl.dll 6.1.7601.17514 Greek_Latin Keyboard Layout kbdgr.dll 6.1.7600.16385 German Keyboard Layout kbdgr1.dll 6.1.7601.17514 German_IBM Keyboard Layout kbdgrlnd.dll 6.1.7600.16385 Greenlandic Keyboard Layout kbdhau.dll 6.1.7600.16385 Hausa Keyboard Layout kbdhe.dll 6.1.7600.16385 Greek Keyboard Layout kbdhe220.dll 6.1.7600.16385 Greek IBM 220 Keyboard Layout kbdhe319.dll 6.1.7600.16385 Greek IBM 319 Keyboard Layout kbdheb.dll 6.1.7600.16385 KBDHEB Keyboard Layout kbdhela2.dll 6.1.7600.16385 Greek IBM 220 Latin Keyboard Layout kbdhela3.dll 6.1.7600.16385 Greek IBM 319 Latin Keyboard Layout kbdhept.dll 6.1.7600.16385 Greek_Polytonic Keyboard Layout kbdhu.dll 6.1.7600.16385 Hungarian Keyboard Layout kbdhu1.dll 6.1.7600.16385 Hungarian 101-key Keyboard Layout kbdibm02.dll 6.1.7600.16385 JP Japanese Keyboard Layout for IBM 5576-002/003 kbdibo.dll 6.1.7600.16385 Igbo Keyboard Layout kbdic.dll 6.1.7600.16385 Icelandic Keyboard Layout kbdinasa.dll 6.1.7600.16385 Assamese (Inscript) Keyboard Layout kbdinbe1.dll 6.1.7600.16385 Bengali - Inscript (Legacy) Keyboard Layout kbdinbe2.dll 6.1.7600.16385 Bengali (Inscript) Keyboard Layout kbdinben.dll 6.1.7601.17514 Bengali Keyboard Layout kbdindev.dll 6.1.7600.16385 Devanagari Keyboard Layout kbdinguj.dll 6.1.7600.16385 Gujarati Keyboard Layout kbdinhin.dll 6.1.7601.17514 Hindi Keyboard Layout kbdinkan.dll 6.1.7601.17514 Kannada Keyboard Layout kbdinmal.dll 6.1.7600.16385 Malayalam Keyboard Layout Keyboard Layout kbdinmar.dll 6.1.7601.17514 Marathi Keyboard Layout kbdinori.dll 6.1.7601.17514 Oriya Keyboard Layout kbdinpun.dll 6.1.7600.16385 Punjabi/Gurmukhi Keyboard Layout kbdintam.dll 6.1.7601.17514 Tamil Keyboard Layout kbdintel.dll 6.1.7601.17514 Telugu Keyboard Layout kbdinuk2.dll 6.1.7600.16385 Inuktitut Naqittaut Keyboard Layout kbdir.dll 6.1.7600.16385 Irish Keyboard Layout kbdit.dll 6.1.7600.16385 Italian Keyboard Layout kbdit142.dll 6.1.7600.16385 Italian 142 Keyboard Layout kbdiulat.dll 6.1.7600.16385 Inuktitut Latin Keyboard Layout kbdjpn.dll 6.1.7600.16385 JP Japanese Keyboard Layout Stub driver kbdkaz.dll 6.1.7600.16385 Kazak_Cyrillic Keyboard Layout kbdkhmr.dll 6.1.7600.16385 Cambodian Standard Keyboard Layout kbdkor.dll 6.1.7600.16385 KO Hangeul Keyboard Layout Stub driver kbdkyr.dll 6.1.7600.16385 Kyrgyz Keyboard Layout kbdla.dll 6.1.7600.16385 Latin-American Spanish Keyboard Layout kbdlao.dll 6.1.7600.16385 Lao Standard Keyboard Layout kbdlk41a.dll 6.1.7601.17514 DEC LK411-AJ Keyboard Layout kbdlt.dll 6.1.7600.16385 Lithuania Keyboard Layout kbdlt1.dll 6.1.7601.17514 Lithuanian Keyboard Layout kbdlt2.dll 6.1.7600.16385 Lithuanian Standard Keyboard Layout kbdlv.dll 6.1.7600.16385 Latvia Keyboard Layout kbdlv1.dll 6.1.7600.16385 Latvia-QWERTY Keyboard Layout kbdmac.dll 6.1.7600.16385 Macedonian (FYROM) Keyboard Layout kbdmacst.dll 6.1.7600.16385 Macedonian (FYROM) - Standard Keyboard Layout kbdmaori.dll 6.1.7601.17514 Maori Keyboard Layout kbdmlt47.dll 6.1.7600.16385 Maltese 47-key Keyboard Layout kbdmlt48.dll 6.1.7600.16385 Maltese 48-key Keyboard Layout kbdmon.dll 6.1.7601.17514 Mongolian Keyboard Layout kbdmonmo.dll 6.1.7600.16385 Mongolian (Mongolian Script) Keyboard Layout kbdne.dll 6.1.7600.16385 Dutch Keyboard Layout kbdnec.dll 6.1.7600.16385 JP Japanese Keyboard Layout for (NEC PC-9800) kbdnec95.dll 6.1.7600.16385 JP Japanese Keyboard Layout for (NEC PC-9800 Windows 95) kbdnecat.dll 6.1.7600.16385 JP Japanese Keyboard Layout for (NEC PC-9800 on PC98-NX) kbdnecnt.dll 6.1.7600.16385 JP Japanese NEC PC-9800 Keyboard Layout kbdnepr.dll 6.1.7601.17514 Nepali Keyboard Layout kbdno.dll 6.1.7600.16385 Norwegian Keyboard Layout kbdno1.dll 6.1.7600.16385 Norwegian with Sami Keyboard Layout kbdnso.dll 6.1.7600.16385 Sesotho sa Leboa Keyboard Layout kbdpash.dll 6.1.7600.16385 Pashto (Afghanistan) Keyboard Layout kbdpl.dll 6.1.7600.16385 Polish Keyboard Layout kbdpl1.dll 6.1.7600.16385 Polish Programmer's Keyboard Layout kbdpo.dll 6.1.7601.17514 Portuguese Keyboard Layout kbdro.dll 6.1.7600.16385 Romanian (Legacy) Keyboard Layout kbdropr.dll 6.1.7600.16385 Romanian (Programmers) Keyboard Layout kbdrost.dll 6.1.7600.16385 Romanian (Standard) Keyboard Layout kbdru.dll 6.1.7601.18528 Russian Keyboard Layout kbdru1.dll 6.1.7601.18528 Russia(Typewriter) Keyboard Layout kbdsf.dll 6.1.7601.17514 Swiss French Keyboard Layout kbdsg.dll 6.1.7601.17514 Swiss German Keyboard Layout kbdsl.dll 6.1.7600.16385 Slovak Keyboard Layout kbdsl1.dll 6.1.7600.16385 Slovak(QWERTY) Keyboard Layout kbdsmsfi.dll 6.1.7600.16385 Sami Extended Finland-Sweden Keyboard Layout kbdsmsno.dll 6.1.7600.16385 Sami Extended Norway Keyboard Layout kbdsn1.dll 6.1.7600.16385 Sinhala Keyboard Layout kbdsorex.dll 6.1.7600.16385 Sorbian Extended Keyboard Layout kbdsors1.dll 6.1.7600.16385 Sorbian Standard Keyboard Layout kbdsorst.dll 6.1.7600.16385 Sorbian Standard (Legacy) Keyboard Layout kbdsp.dll 6.1.7600.16385 Spanish Keyboard Layout kbdsw.dll 6.1.7600.16385 Swedish Keyboard Layout kbdsw09.dll 6.1.7600.16385 Sinhala - Wij 9 Keyboard Layout kbdsyr1.dll 6.1.7600.16385 Syriac Standard Keyboard Layout kbdsyr2.dll 6.1.7600.16385 Syriac Phoenetic Keyboard Layout kbdtajik.dll 6.1.7601.17514 Tajik Keyboard Layout kbdtat.dll 6.1.7601.18528 Tatar (Legacy) Keyboard Layout kbdth0.dll 6.1.7600.16385 Thai Kedmanee Keyboard Layout kbdth1.dll 6.1.7600.16385 Thai Pattachote Keyboard Layout kbdth2.dll 6.1.7600.16385 Thai Kedmanee (non-ShiftLock) Keyboard Layout kbdth3.dll 6.1.7600.16385 Thai Pattachote (non-ShiftLock) Keyboard Layout kbdtiprc.dll 6.1.7600.16385 Tibetan (PRC) Keyboard Layout kbdtuf.dll 6.1.7601.17514 Turkish F Keyboard Layout kbdtuq.dll 6.1.7601.17514 Turkish Q Keyboard Layout kbdturme.dll 6.1.7601.17514 Turkmen Keyboard Layout kbdughr.dll 6.1.7600.16385 Uyghur (Legacy) Keyboard Layout kbdughr1.dll 6.1.7601.17514 Uyghur Keyboard Layout kbduk.dll 6.1.7600.16385 United Kingdom Keyboard Layout kbdukx.dll 6.1.7600.16385 United Kingdom Extended Keyboard Layout kbdur.dll 6.1.7600.16385 Ukrainian Keyboard Layout kbdur1.dll 6.1.7600.16385 Ukrainian (Enhanced) Keyboard Layout kbdurdu.dll 6.1.7600.16385 Urdu Keyboard Layout kbdus.dll 6.1.7601.17514 United States Keyboard Layout kbdusa.dll 6.1.7600.16385 US IBM Arabic 238_L Keyboard Layout kbdusl.dll 6.1.7600.16385 Dvorak Left-Hand US English Keyboard Layout kbdusr.dll 6.1.7600.16385 Dvorak Right-Hand US English Keyboard Layout kbdusx.dll 6.1.7600.16385 US Multinational Keyboard Layout kbduzb.dll 6.1.7600.16385 Uzbek_Cyrillic Keyboard Layout kbdvntc.dll 6.1.7600.16385 Vietnamese Keyboard Layout kbdwol.dll 6.1.7600.16385 Wolof Keyboard Layout kbdyak.dll 6.1.7601.18528 Sakha - Russia Keyboard Layout kbdyba.dll 6.1.7600.16385 Yoruba Keyboard Layout kbdycc.dll 6.1.7600.16385 Serbian (Cyrillic) Keyboard Layout kbdycl.dll 6.1.7600.16385 Serbian (Latin) Keyboard Layout kerberos.dll 6.1.7601.23915 Kerberos Security Package kernel32.dll 6.1.7601.23915 Windows NT BASE API Client DLL kernelbase.dll 6.1.7601.23915 Windows NT BASE API Client DLL keyiso.dll 6.1.7600.16385 CNG Key Isolation Service keymgr.dll 6.1.7600.16385 Stored User Names and Passwords korwbrkr.dll 6.1.7600.16385 korwbrkr ksuser.dll 6.1.7601.19091 User CSA Library ktmw32.dll 6.1.7600.16385 Windows KTM Win32 Client DLL l2gpstore.dll 6.1.7600.16385 Policy Storage dll l2nacp.dll 6.1.7600.16385 Windows Onex Credential Provider l2sechc.dll 6.1.7600.16385 Layer 2 Security Diagnostics Helper Classes lagarith.dll 1.3.27.0 Lagarith laprxy.dll 12.0.7600.16385 Windows Media Logagent Proxy licmgr10.dll 11.0.9600.16428 Microsoft® License Manager DLL linkinfo.dll 6.1.7600.16385 Windows Volume Tracking livessp.dll 7.250.4311.0 LiveSSP lkbrow.dll 5.2.0.49152 lkbrow lkdynam.dll 5.2.0.49152 lkdynam lkhist.dll 4.5.2.0 Part of Logos lkmgrtn.dll 4.5.2.0 Part of Logos lkobenv.dll 5.2.0.49152 lkobenv lkproc.dll 5.2.0.49152 lkproc lkrealt.dll 5.2.0.49152 lkrealt lksec.dll 5.2.0.49152 lksec lksock.dll 5.2.0.49152 lksock lkstime.dll 5.2.0.49152 lkstime loadperf.dll 6.1.7600.16385 Load & Unload Performance Counters localsec.dll 6.1.7601.17514 Local Users and Groups MMC Snapin locationapi.dll 6.1.7600.16385 Microsoft Windows Location API loghours.dll 6.1.7600.16385 Schedule Dialog logoncli.dll 6.1.7601.17514 Net Logon Client DLL lpk.dll 6.1.7601.23930 Language Pack lsmproxy.dll 6.1.7601.17514 LSM interfaces proxy Dll luainstall.dll 6.1.7601.17514 Lua manifest install lz32.dll 6.1.7600.16385 LZ Expand/Compress API DLL magnification.dll 6.1.7600.16385 Microsoft Magnification API mapi32.dll 1.0.2536.0 Extended MAPI 1.0 for Windows NT mapistub.dll 1.0.2536.0 Extended MAPI 1.0 for Windows NT mcewmdrmndbootstrap.dll 1.3.2302.0 Windows® Media Center WMDRM-ND Receiver Bridge Bootstrap DLL mciavi32.dll 6.1.7601.17514 Video For Windows MCI driver mcicda.dll 6.1.7600.16385 MCI driver for cdaudio devices mciqtz32.dll 6.6.7601.17514 DirectShow MCI Driver mciseq.dll 6.1.7600.16385 MCI driver for MIDI sequencer mciwave.dll 6.1.7600.16385 MCI driver for waveform audio mctres.dll 6.1.7600.16385 MCT resource DLL mdminst.dll 6.1.7600.16385 Modem Class Installer mediametadatahandler.dll 6.1.7601.17514 Media Metadata Handler mf.dll 12.0.7601.23896 Media Foundation DLL mf3216.dll 6.1.7600.16385 32-bit to 16-bit Metafile Conversion DLL mfaacenc.dll 6.1.7600.16385 Media Foundation AAC Encoder mfc100.dll 10.0.40219.325 MFCDLL Shared Library - Retail Version mfc100chs.dll 10.0.40219.325 MFC Language Specific Resources mfc100cht.dll 10.0.40219.325 MFC Language Specific Resources mfc100deu.dll 10.0.40219.325 MFC Language Specific Resources mfc100enu.dll 10.0.40219.325 MFC Language Specific Resources mfc100esn.dll 10.0.40219.325 MFC Language Specific Resources mfc100fra.dll 10.0.40219.325 MFC Language Specific Resources mfc100ita.dll 10.0.40219.325 MFC Language Specific Resources mfc100jpn.dll 10.0.40219.325 MFC Language Specific Resources mfc100kor.dll 10.0.40219.325 MFC Language Specific Resources mfc100rus.dll 10.0.40219.325 MFC Language Specific Resources mfc100u.dll 10.0.40219.325 MFCDLL Shared Library - Retail Version mfc110.dll 11.0.60610.1 MFCDLL Shared Library - Retail Version mfc110u.dll 11.0.60610.1 MFCDLL Shared Library - Retail Version mfc40.dll 4.1.0.6151 MFCDLL Shared Library - Retail Version mfc40u.dll 4.1.0.6151 MFCDLL Shared Library - Retail Version mfc42.dll 6.6.8064.0 MFCDLL Shared Library - Retail Version mfc42u.dll 6.6.8064.0 MFCDLL Shared Library - Retail Version mfcm100.dll 10.0.40219.325 MFC Managed Library - Retail Version mfcm100u.dll 10.0.40219.325 MFC Managed Library - Retail Version mfcm110.dll 11.0.60610.1 MFC Managed Library - Retail Version mfcm110u.dll 11.0.60610.1 MFC Managed Library - Retail Version mfcsubs.dll 2001.12.8530.16385 COM+ mfds.dll 12.0.7601.19145 Media Foundation Direct Show wrapper DLL mfdvdec.dll 6.1.7600.16385 Media Foundation DV Decoder mferror.dll 12.0.7601.23896 Media Foundation Error DLL mfh264enc.dll 6.1.7600.16385 Media Foundation H264 Encoder mfmjpegdec.dll 6.1.7601.23709 Media Foundation MJPEG Decoder mfplat.dll 12.0.7601.23471 Media Foundation Platform DLL mfplay.dll 12.0.7601.17514 Media Foundation Playback API DLL mfps.dll 12.0.7601.23896 Media Foundation Proxy DLL mfreadwrite.dll 12.0.7601.17514 Media Foundation ReadWrite DLL mfvdsp.dll 6.1.7601.19091 Windows Media Foundation Video DSP Components mfwmaaec.dll 6.1.7601.19091 Windows Media Audio AEC for Media Foundation mgmtapi.dll 6.1.7600.16385 Microsoft SNMP Manager API (uses WinSNMP) midimap.dll 6.1.7600.16385 Microsoft MIDI Mapper migisol.dll 6.1.7601.17514 Migration System Isolation Layer miguiresource.dll 6.1.7600.16385 MIG wini32 resources mimefilt.dll 2008.0.7601.17514 MIME Filter mlang.dll 6.1.7600.16385 Multi Language Support DLL mmcbase.dll 6.1.7601.23892 MMC Base DLL mmci.dll 6.1.7600.16385 Media class installer mmcico.dll 6.1.7600.16385 Media class co-installer mmcndmgr.dll 6.1.7601.23892 MMC Node Manager DLL mmcshext.dll 6.1.7601.23892 MMC Shell Extension DLL mmdevapi.dll 6.1.7601.17514 MMDevice API mmres.dll 6.1.7600.16385 General Audio Resources modemui.dll 6.1.7600.16385 Windows Modem Properties moricons.dll 6.1.7600.16385 Windows NT Setup Icon Resources Library mp3dmod.dll 6.1.7601.19091 Microsoft MP3 Decoder DMO mp43decd.dll 6.1.7601.19091 Windows Media MPEG-4 Video Decoder mp4sdecd.dll 6.1.7601.19091 Windows Media MPEG-4 S Video Decoder mpg4decd.dll 6.1.7601.19091 Windows Media MPEG-4 Video Decoder mpr.dll 6.1.7600.16385 Multiple Provider Router DLL mprapi.dll 6.1.7601.17514 Windows NT MP Router Administration DLL mprddm.dll 6.1.7601.17514 Demand Dial Manager Supervisor mprdim.dll 6.1.7600.16385 Dynamic Interface Manager mprmsg.dll 6.1.7600.16385 Multi-Protocol Router Service Messages DLL msaatext.dll 2.0.10413.0 Active Accessibility text support msac3enc.dll 6.1.7601.17514 Microsoft AC-3 Encoder msacm32.dll 6.1.7600.16385 Microsoft ACM Audio Filter msadce.dll 6.1.7601.17514 OLE DB Cursor Engine msadcer.dll 6.1.7600.16385 OLE DB Cursor Engine Resources msadcf.dll 6.1.7601.23789 Remote Data Services Data Factory msadcfr.dll 6.1.7600.16385 Remote Data Services Data Factory Resources msadco.dll 6.1.7601.17857 Remote Data Services Data Control msadcor.dll 6.1.7600.16385 Remote Data Services Data Control Resources msadcs.dll 6.1.7601.23789 Remote Data Services ISAPI Library msadds.dll 6.1.7600.16385 OLE DB Data Shape Provider msaddsr.dll 6.1.7600.16385 OLE DB Data Shape Provider Resources msader15.dll 6.1.7600.16385 ActiveX Data Objects Resources msado15.dll 6.1.7601.23789 ActiveX Data Objects msadomd.dll 6.1.7601.17857 ActiveX Data Objects (Multi-Dimensional) msador15.dll 6.1.7601.17857 Microsoft ActiveX Data Objects Recordset msadox.dll 6.1.7601.17857 ActiveX Data Objects Extensions msadrh15.dll 6.1.7600.16385 ActiveX Data Objects Rowset Helper msafd.dll 6.1.7600.16385 Microsoft Windows Sockets 2.0 Service Provider msasn1.dll 6.1.7601.17514 ASN.1 Runtime APIs msaudite.dll 6.1.7601.23915 Security Audit Events DLL mscandui.dll 6.1.7600.16385 MSCANDUI Server DLL mscat32.dll 6.1.7600.16385 MSCAT32 Forwarder DLL msclmd.dll 6.1.7601.17514 Microsoft Class Mini-driver mscms.dll 6.1.7601.23677 Microsoft Color Matching System DLL mscoree.dll 4.0.40305.0 Microsoft .NET Runtime Execution Engine mscorier.dll 2.0.50727.5483 Microsoft .NET Runtime IE resources mscories.dll 2.0.50727.5483 Microsoft .NET IE SECURITY REGISTRATION mscpx32r.dll 6.1.7600.16385 ODBC Code Page Translator Resources mscpxl32.dll 6.1.7600.16385 ODBC Code Page Translator msctf.dll 6.1.7601.23915 MSCTF Server DLL msctfmonitor.dll 6.1.7600.16385 MsCtfMonitor DLL msctfp.dll 6.1.7600.16385 MSCTFP Server DLL msctfui.dll 6.1.7600.16385 MSCTFUI Server DLL msdadc.dll 6.1.7600.16385 OLE DB Data Conversion Stub msdadiag.dll 6.1.7600.16385 Built-In Diagnostics msdaenum.dll 6.1.7600.16385 OLE DB Root Enumerator Stub msdaer.dll 6.1.7600.16385 OLE DB Error Collection Stub msdaora.dll 6.1.7601.23391 OLE DB Provider for Oracle msdaorar.dll 6.1.7600.16385 OLE DB Provider for Oracle Resources msdaosp.dll 6.1.7601.17632 OLE DB Simple Provider msdaprsr.dll 6.1.7600.16385 OLE DB Persistence Services Resources msdaprst.dll 6.1.7600.16385 OLE DB Persistence Services msdaps.dll 6.1.7600.16385 OLE DB Interface Proxies/Stubs msdarem.dll 6.1.7601.23789 OLE DB Remote Provider msdaremr.dll 6.1.7600.16385 OLE DB Remote Provider Resources msdart.dll 6.1.7600.16385 OLE DB Runtime Routines msdasc.dll 6.1.7600.16385 OLE DB Service Components Stub msdasql.dll 6.1.7601.17514 OLE DB Provider for ODBC Drivers msdasqlr.dll 6.1.7600.16385 OLE DB Provider for ODBC Drivers Resources msdatl3.dll 6.1.7600.16385 OLE DB Implementation Support Routines msdatt.dll 6.1.7600.16385 OLE DB Temporary Table Services msdaurl.dll 6.1.7600.16385 OLE DB RootBinder Stub msdelta.dll 6.1.7600.16385 Microsoft Patch Engine msdfmap.dll 6.1.7601.17514 Data Factory Handler msdmo.dll 6.6.7601.17514 DMO Runtime msdrm.dll 6.1.7601.18332 Windows Rights Management client msdtcprx.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator OLE Transactions Interface Proxy DLL msdtcuiu.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator Administrative DLL msdtcvsp1res.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator Resources for Vista SP1 msexch40.dll 4.0.9756.0 Microsoft Jet Exchange Isam msexcl40.dll 4.0.9801.2 Microsoft Jet Excel Isam msfeeds.dll 11.0.9600.18838 Microsoft Feeds Manager msfeedsbs.dll 11.0.9600.16428 Microsoft Feeds Background Sync msftedit.dll 5.41.21.2510 Rich Text Edit Control, v4.1 mshtml.dll 11.0.9600.18838 Microsoft (R) HTML Viewer mshtmldac.dll 11.0.9600.18838 DAC for Trident DOM mshtmled.dll 11.0.9600.18838 Microsoft® HTML Editing Component mshtmler.dll 11.0.9600.16428 Microsoft® HTML Editing Component's Resource DLL mshtmlmedia.dll 11.0.9600.18838 Microsoft (R) HTML Media DLL msi.dll 5.0.7601.23593 Windows Installer msidcrl30.dll 6.1.7600.16385 IDCRL Dynamic Link Library msident.dll 6.1.7600.16385 Microsoft Identity Manager msidle.dll 6.1.7600.16385 User Idle Monitor msidntld.dll 6.1.7600.16385 Microsoft Identity Manager msieftp.dll 6.1.7601.18300 Microsoft Internet Explorer FTP Folder Shell Extension msihnd.dll 5.0.7601.23593 Windows® installer msiltcfg.dll 5.0.7600.16385 Windows Installer Configuration API Stub msimg32.dll 6.1.7600.16385 GDIEXT Client DLL msimsg.dll 5.0.7601.23593 Windows® Installer International Messages msimtf.dll 6.1.7600.16385 Active IMM Server DLL msisip.dll 5.0.7600.16385 MSI Signature SIP Provider msjet40.dll 4.0.9801.0 Microsoft Jet Engine Library msjetoledb40.dll 4.0.9801.0 msjint40.dll 4.0.9801.1 Microsoft Jet Database Engine International DLL msjro.dll 6.1.7601.17857 Jet and Replication Objects msjter40.dll 4.0.9801.0 Microsoft Jet Database Engine Error DLL msjtes40.dll 4.0.9801.0 Microsoft Jet Expression Service msls31.dll 3.10.349.0 Microsoft Line Services library file msltus40.dll 4.0.9801.0 Microsoft Jet Lotus 1-2-3 Isam msmapi32.dll 14.0.7180.5000 Extended MAPI 1.0 for Windows NT msmpeg2adec.dll 6.1.7601.23285 Microsoft DTV-DVD Audio Decoder msmpeg2enc.dll 6.1.7601.19091 Microsoft MPEG-2 Encoder msmpeg2vdec.dll 12.0.9200.17037 Microsoft DTV-DVD Video Decoder msnetobj.dll 11.0.7601.23471 DRM ActiveX Network Object msobjs.dll 6.1.7601.23915 System object audit names msoeacct.dll 6.1.7600.16385 Microsoft Internet Account Manager msoert2.dll 6.1.7600.16385 Microsoft Windows Mail RT Lib msorc32r.dll 6.1.7600.16385 ODBC Driver for Oracle Resources msorcl32.dll 6.1.7601.23391 ODBC Driver for Oracle mspatcha.dll 6.1.7600.16385 Microsoft File Patch Application API mspbde40.dll 4.0.9801.0 Microsoft Jet Paradox Isam msports.dll 6.1.7600.16385 Ports Class Installer msrating.dll 11.0.9600.18838 Internet Ratings and Local User Management DLL msrd2x40.dll 4.0.9801.0 Microsoft (R) Red ISAM msrd3x40.dll 4.0.9801.0 Microsoft (R) Red ISAM msrdc.dll 6.1.7600.16385 Remote Differential Compression COM server msrdpwebaccess.dll 6.3.9600.16415 Microsoft Remote Desktop Services Web Access Control msrepl40.dll 4.0.9801.0 Microsoft Replication Library msrle32.dll 6.1.7601.17514 Microsoft RLE Compressor msscntrs.dll 7.0.7601.23930 msscntrs.dll msscp.dll 11.0.7601.23471 Windows Media Secure Content Provider mssha.dll 6.1.7600.16385 Windows Security Health Agent msshavmsg.dll 6.1.7600.16385 Windows Security Health Agent Validator Message msshooks.dll 7.0.7601.23930 MSSHooks.dll mssign32.dll 6.1.7600.16385 Microsoft Trust Signing APIs mssip32.dll 6.1.7600.16385 MSSIP32 Forwarder DLL mssitlb.dll 7.0.7601.23930 mssitlb mssph.dll 7.0.7601.23930 Microsoft Search Protocol Handler mssphtb.dll 7.0.7601.23930 Outlook MSSearch Connector mssprxy.dll 7.0.7601.23930 Microsoft Search Proxy mssrch.dll 7.0.7601.23930 mssrch.dll msstkprp.dll 6.0.81.69 msprop32.ocx mssvp.dll 7.0.7601.23930 MSSearch Vista Platform msswch.dll 6.1.7600.16385 msswch mstask.dll 6.1.7601.17514 Task Scheduler interface DLL mstext40.dll 4.0.9756.0 Microsoft Jet Text Isam mstscax.dll 6.3.9600.17930 Remote Desktop Services ActiveX Client msutb.dll 6.1.7601.17514 MSUTB Server DLL msv1_0.dll 6.1.7601.23915 Microsoft Authentication Package v1.0 msvbvm60.dll 6.0.98.15 Visual Basic Virtual Machine msvcirt.dll 7.0.7600.16385 Windows NT IOStreams DLL msvcp100.dll 10.0.40219.325 Microsoft® C Runtime Library msvcp110.dll 11.0.50727.1 Microsoft® C Runtime Library msvcp110_clr0400.dll 14.7.2053.0 Microsoft® .NET Framework msvcp120.dll 12.0.21005.1 Microsoft® C Runtime Library msvcp120_clr0400.dll 12.0.52519.0 Microsoft® C Runtime Library msvcp60.dll 7.0.7600.16385 Windows NT C++ Runtime Library DLL msvcp71.dll 7.10.3077.0 Microsoft® C++ Runtime Library msvcr100.dll 10.0.40219.325 Microsoft® C Runtime Library msvcr100_clr0400.dll 14.7.2053.0 Microsoft® .NET Framework msvcr110.dll 11.0.50727.1 Microsoft® C Runtime Library msvcr110_clr0400.dll 14.7.2053.0 Microsoft® .NET Framework msvcr120.dll 12.0.21005.1 Microsoft® C Runtime Library msvcr120_clr0400.dll 12.0.52519.0 Microsoft® C Runtime Library msvcr71.dll 7.10.6030.0 Microsoft® C Runtime Library msvcrt.dll 7.0.7601.17744 Windows NT CRT DLL msvcrt20.dll 2.12.0.0 Microsoft® C Runtime Library msvcrt40.dll 6.1.7600.16385 VC 4.x CRT DLL (Forwarded to msvcrt.dll) msvfw32.dll 6.1.7601.17514 Microsoft Video for Windows DLL msvidc32.dll 6.1.7601.17514 Microsoft Video 1 Compressor msvidctl.dll 6.5.7601.23569 ActiveX control for streaming video mswdat10.dll 4.0.9801.0 Microsoft Jet Sort Tables mswmdm.dll 12.0.7600.16385 Windows Media Device Manager Core mswsock.dll 6.1.7601.23451 Microsoft Windows Sockets 2.0 Service Provider mswstr10.dll 4.0.9801.1 Microsoft Jet Sort Library msxactps.dll 6.1.7600.16385 OLE DB Transaction Proxies/Stubs msxbde40.dll 4.0.9801.0 Microsoft Jet xBASE Isam msxml3.dll 8.110.7601.23648 MSXML 3.0 SP11 msxml3r.dll 8.110.7601.23648 XML Resources msxml4.dll 4.30.2117.0 MSXML 4.0 SP3 msxml4r.dll 4.30.2100.0 MSXML 4.0 SP3 Resources msxml6.dll 6.30.7601.18980 MSXML 6.0 SP3 msxml6r.dll 6.30.7601.18980 XML Resources msyuv.dll 6.1.7601.17514 Microsoft UYVY Video Decompressor mtxclu.dll 2001.12.8531.17514 Microsoft Distributed Transaction Coordinator Failover Clustering Support DLL mtxdm.dll 2001.12.8530.16385 COM+ mtxex.dll 2001.12.8530.16385 COM+ mtxlegih.dll 2001.12.8530.16385 COM+ mtxoci.dll 2001.12.8531.23391 Microsoft Distributed Transaction Coordinator Database Support DLL for Oracle muifontsetup.dll 6.1.7601.17514 MUI Callback for font registry settings mycomput.dll 6.1.7600.16385 Computer Management mydocs.dll 6.1.7601.17514 My Documents Folder UI napcrypt.dll 6.1.7601.17514 NAP Cryptographic API helper napdsnap.dll 6.1.7601.17514 NAP GPEdit Extension naphlpr.dll 6.1.7601.17514 NAP client config API helper napinsp.dll 6.1.7600.16385 E-mail Naming Shim Provider napipsec.dll 6.1.7600.16385 NAP IPSec Enforcement Client napmontr.dll 6.1.7600.16385 NAP Netsh Helper nativehooks.dll 6.1.7600.16385 Microsoft Narrator Native hook handler naturallanguage6.dll 6.1.7601.17514 Natural Language Development Platform 6 ncdprop.dll 6.1.7600.16385 Advanced network device properties nci.dll 6.1.7601.17514 CoInstaller: NET ncobjapi.dll 6.1.7600.16385 Microsoft® Windows® Operating System ncrypt.dll 6.1.7601.23915 Windows cryptographic library ncryptui.dll 6.1.7601.17514 Windows cryptographic key protection UI library ncsi.dll 6.1.7601.18685 Network Connectivity Status Indicator nddeapi.dll 6.1.7600.16385 Network DDE Share Management APIs ndfapi.dll 6.1.7600.16385 Network Diagnostic Framework Client API ndfetw.dll 6.1.7600.16385 Network Diagnostic Engine Event Interface ndfhcdiscovery.dll 6.1.7600.16385 Network Diagnostic Framework HC Discovery API ndiscapcfg.dll 6.1.7600.16385 NdisCap Notify Object ndishc.dll 6.1.7600.16385 NDIS Helper Classes ndproxystub.dll 6.1.7600.16385 Network Diagnostic Engine Proxy/Stub negoexts.dll 6.1.7600.16385 NegoExtender Security Package netapi32.dll 6.1.7601.17887 Net Win32 API DLL netbios.dll 6.1.7600.16385 NetBIOS Interface Library netcenter.dll 6.1.7601.17514 Network Center control panel netcfgx.dll 6.1.7601.17514 Network Configuration Objects netcorehc.dll 6.1.7601.17964 Networking Core Diagnostics Helper Classes netdiagfx.dll 6.1.7601.17514 Network Diagnostic Framework netevent.dll 6.1.7601.17964 Net Event Handler netfxperf.dll 4.0.40305.0 Extensible Performance Counter Shim neth.dll 6.1.7600.16385 Net Help Messages DLL netid.dll 6.1.7601.17514 System Control Panel Applet; Network ID Page netiohlp.dll 6.1.7601.17514 Netio Helper DLL netjoin.dll 6.1.7601.17514 Domain Join DLL netlogon.dll 6.1.7601.17514 Net Logon Services DLL netmsg.dll 6.1.7600.16385 Net Messages DLL netplwiz.dll 6.1.7601.17514 Map Network Drives/Network Places Wizard netprof.dll 6.1.7600.16385 Network Profile Management UI netprofm.dll 6.1.7600.16385 Network List Manager netshell.dll 6.1.7601.17514 Network Connections Shell netutils.dll 6.1.7601.17514 Net Win32 API Helpers DLL networkexplorer.dll 6.1.7601.17514 Network Explorer networkitemfactory.dll 6.1.7600.16385 NetworkItem Factory networkmap.dll 6.1.7601.17514 Network Map newdev.dll 6.0.5054.0 Add Hardware Device Library nidscmem.dll 1.7.0.49152 nidscmem nimdnsresponder.dll 214.3.1.49156 National Instruments Zeroconf Library niorbu.dll 1.10.0.49152 NI Object Request Broker nipal32.dll 2.2305.3.0 NI-PAL SS Library for Windows XP nipalsys.dll 1.0.3.49152 NI-PAL System API Expert nipalu.dll 2.2305.3.0 NI-PAL Library for Windows nipalut.dll 2.2305.3.0 NI-PAL Thread Library for Windows nirpc.dll 4.768.3.0 NI-RPC Library for Windows nivisv32.dll 5.3.0.49152 NI-VISA Library Services nlaapi.dll 6.1.7601.18685 Network Location Awareness 2 nlhtml.dll 2008.0.7600.16385 HTML filter nlmgp.dll 6.1.7600.16385 Network List Manager Snapin nlmsprep.dll 6.1.7600.16385 Network List Manager Sysprep Module nlsbres.dll 6.1.7601.23572 NLSBuild resource DLL nlsdata0000.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0001.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0002.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0003.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0007.dll 6.1.7600.16385 Microsoft German Natural Language Server Data and Code nlsdata0009.dll 6.1.7600.16385 Microsoft English Natural Language Server Data and Code nlsdata000a.dll 6.1.7600.16385 Microsoft Spanish Natural Language Server Data and Code nlsdata000c.dll 6.1.7600.16385 Microsoft French Natural Language Server Data and Code nlsdata000d.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata000f.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0010.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0011.dll 6.1.7600.16385 Microsoft Japanese Natural Language Server Data and Code nlsdata0013.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0018.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0019.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata001a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata001b.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata001d.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0020.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0021.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0022.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0024.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0026.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0027.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata002a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0039.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata003e.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0045.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0046.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0047.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0049.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata004a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata004b.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata004c.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata004e.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0414.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0416.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0816.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata081a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0c1a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdl.dll 6.1.7600.16385 Nls Downlevel DLL nlslexicons0001.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0002.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0003.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0007.dll 6.1.7600.16385 Microsoft German Natural Language Server Data and Code nlslexicons0009.dll 6.1.7600.16385 Microsoft English Natural Language Server Data and Code nlslexicons000a.dll 6.1.7600.16385 Microsoft Spanish Natural Language Server Data and Code nlslexicons000c.dll 6.1.7600.16385 Microsoft French Natural Language Server Data and Code nlslexicons000d.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons000f.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0010.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0011.dll 6.1.7600.16385 Microsoft Japanese Natural Language Server Data and Code nlslexicons0013.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0018.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0019.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons001a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons001b.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons001d.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0020.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0021.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0022.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0024.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0026.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0027.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons002a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0039.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons003e.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0045.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0046.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0047.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0049.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons004a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons004b.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons004c.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons004e.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0414.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0416.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0816.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons081a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0c1a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsmodels0011.dll 6.1.7600.16385 Microsoft Japanese Natural Language Server Data and Code normaliz.dll 6.1.7600.16385 Unicode Normalization DLL npmproxy.dll 6.1.7600.16385 Network List Manager Proxy nshhttp.dll 6.1.7600.16385 HTTP netsh DLL nshipsec.dll 6.1.7601.17514 Net Shell IP Security helper DLL nshwfp.dll 6.1.7601.18283 Windows Filtering Platform Netsh Helper nsi.dll 6.1.7601.23889 NSI User-mode interface DLL nssearch.dll 1.1.0.13 NSSearch ntdll.dll 6.1.7601.23915 NT Layer DLL ntdsapi.dll 6.1.7600.16385 Active Directory Domain Services API ntlanman.dll 6.1.7601.17514 Microsoft® Lan Manager ntlanui2.dll 6.1.7600.16385 Network object shell UI ntmarta.dll 6.1.7600.16385 Windows NT MARTA provider ntprint.dll 6.1.7601.23889 Spooler Setup DLL ntshrui.dll 6.1.7601.17755 Shell extensions for sharing ntvdm64.dll 6.1.7601.23915 16-bit Emulation on NT64 objsel.dll 6.1.7601.18409 Object Picker Dialog occache.dll 11.0.9600.18838 Object Control Viewer ocsetapi.dll 6.1.7601.17514 Windows Optional Component Setup API odbc32.dll 6.1.7601.17514 ODBC Driver Manager odbc32gt.dll 6.1.7600.16385 ODBC Driver Generic Thunk odbcbcp.dll 6.1.7600.16385 BCP for ODBC odbcconf.dll 6.1.7601.17514 ODBC Driver Configuration Program odbccp32.dll 6.1.7601.17632 ODBC Installer odbccr32.dll 6.1.7601.17632 ODBC Cursor Library odbccu32.dll 6.1.7601.17632 ODBC Cursor Library odbcint.dll 6.1.7600.16385 ODBC Resources odbcji32.dll 6.1.7600.16385 Microsoft ODBC Desktop Driver Pack 3.5 odbcjt32.dll 6.1.7601.17632 Microsoft ODBC Desktop Driver Pack 3.5 odbctrac.dll 6.1.7601.17632 ODBC Driver Manager Trace oddbse32.dll 6.1.7600.16385 ODBC (3.0) driver for DBase odexl32.dll 6.1.7600.16385 ODBC (3.0) driver for Excel odfox32.dll 6.1.7600.16385 ODBC (3.0) driver for FoxPro odpdx32.dll 6.1.7600.16385 ODBC (3.0) driver for Paradox odtext32.dll 6.1.7600.16385 ODBC (3.0) driver for text files offfilt.dll 2008.0.7600.16385 OFFICE Filter ogldrv.dll 6.1.7600.16385 MSOGL ole2.dll 2.10.35.35 OLE 2.1 16/32 Interoperability Library ole2disp.dll 2.10.3050.1 OLE 2.1 16/32 Interoperability Library ole2nls.dll 2.10.3050.1 OLE 2.1 16/32 Interoperability Library ole32.dll 6.1.7601.23889 Microsoft OLE for Windows oleacc.dll 7.0.0.0 Active Accessibility Core Component oleacchooks.dll 7.0.0.0 Active Accessibility Event Hooks Library oleaccrc.dll 7.0.0.0 Active Accessibility Resource DLL oleaut32.dll 6.1.7601.23775 olecli32.dll 6.1.7600.16385 Object Linking and Embedding Client Library oledb32.dll 6.1.7601.17514 OLE DB Core Services oledb32r.dll 6.1.7600.16385 OLE DB Core Services Resources oledlg.dll 6.1.7600.16385 OLE User Interface Support oleprn.dll 6.1.7600.16385 Oleprn DLL olepro32.dll 6.1.7601.23452 oleres.dll 6.1.7601.23889 Ole resource dll olesvr32.dll 6.1.7600.16385 Object Linking and Embedding Server Library olethk32.dll 6.1.7601.17514 Microsoft OLE for Windows onex.dll 6.1.7601.17514 IEEE 802.1X supplicant library onexui.dll 6.1.7601.17514 IEEE 802.1X supplicant UI library onlineidcpl.dll 6.1.7601.17514 Online IDs Control Panel oobefldr.dll 6.1.7601.17514 Getting Started opcservices.dll 6.1.7601.17514 Native Code OPC Services Library opencl.dll 1.2.1.0 OpenCL Client DLL opengl32.dll 6.1.7600.16385 OpenGL Client DLL osbaseln.dll 6.1.7600.16385 Service Reporting API osuninst.dll 6.1.7600.16385 Uninstall Interface p2p.dll 6.1.7600.16385 Peer-to-Peer Grouping p2pcollab.dll 6.1.7600.16385 Peer-to-Peer Collaboration p2pgraph.dll 6.1.7600.16385 Peer-to-Peer Graphing p2pnetsh.dll 6.1.7600.16385 Peer-to-Peer NetSh Helper packager.dll 6.1.7601.18645 Object Packager2 panmap.dll 6.1.7600.16385 PANOSE(tm) Font Mapper pautoenr.dll 6.1.7600.16385 Auto Enrollment DLL pcaui.dll 6.1.7600.16385 Program Compatibility Assistant User Interface Module pcomm.dll 2.3.3.0 pComm communication driver pcwum.dll 6.1.7600.16385 Performance Counters for Windows Native DLL pdh.dll 6.1.7601.23717 Windows Performance Data Helper DLL pdhui.dll 6.1.7601.23841 PDH UI peerdist.dll 6.1.7600.16385 BranchCache Client Library peerdistsh.dll 6.1.7600.16385 BranchCache Netshell Helper perfcentercpl.dll 6.1.7601.17514 Performance Center perfctrs.dll 6.1.7600.16385 Performance Counters perfdisk.dll 6.1.7600.16385 Windows Disk Performance Objects DLL perfnet.dll 6.1.7600.16385 Windows Network Service Performance Objects DLL perfos.dll 6.1.7600.16385 Windows System Performance Objects DLL perfproc.dll 6.1.7600.16385 Windows System Process Performance Objects DLL perfts.dll 6.1.7601.17514 Windows Remote Desktop Services Performance Objects photometadatahandler.dll 6.1.7600.16385 Photo Metadata Handler photowiz.dll 6.1.7601.17514 Photo Printing Wizard pid.dll 6.1.7600.16385 Microsoft PID pidgenx.dll 6.1.7600.16385 Pid Generation pifmgr.dll 6.1.7601.17514 Windows NT PIF Manager Icon Resources Library pku2u.dll 6.1.7601.18658 Pku2u Security Package pla.dll 6.1.7601.23717 Performance Logs & Alerts playsndsrv.dll 6.1.7600.16385 PlaySound Service pmcsnap.dll 6.1.7600.16385 pmcsnap dll pngfilt.dll 11.0.9600.16428 IE PNG plugin image decoder pnidui.dll 6.1.7601.17514 Network System Icon pnpsetup.dll 6.1.7600.16385 Pnp installer for CMI pnrpnsp.dll 6.1.7600.16385 PNRP Name Space Provider polstore.dll 6.1.7601.23452 Policy Storage dll portabledeviceapi.dll 6.1.7601.17514 Windows Portable Device API Components portabledeviceclassextension.dll 6.1.7600.16385 Windows Portable Device Class Extension Component portabledeviceconnectapi.dll 6.1.7600.16385 Portable Device Connection API Components portabledevicestatus.dll 6.1.7601.17514 Microsoft Windows Portable Device Status Provider portabledevicesyncprovider.dll 6.1.7601.17514 Microsoft Windows Portable Device Provider. portabledevicetypes.dll 6.1.7600.16385 Windows Portable Device (Parameter) Types Component portabledevicewiacompat.dll 6.1.7600.16385 PortableDevice WIA Compatibility Driver portabledevicewmdrm.dll 6.1.7600.16385 Windows Portable Device WMDRM Component pots.dll 6.1.7600.16385 Power Troubleshooter powercpl.dll 6.1.7601.17514 Power Options Control Panel powrprof.dll 6.1.7600.16385 Power Profile Helper DLL ppcsnap.dll 6.1.7600.16385 ppcsnap DLL presentationcffrasterizernative_v0300.dll 3.0.6920.5469 WinFX OpenType/CFF Rasterizer presentationhostproxy.dll 4.0.40305.0 Windows Presentation Foundation Host Proxy presentationnative_v0300.dll 3.0.6920.4902 PresentationNative_v0300.dll prflbmsg.dll 6.1.7600.16385 Perflib Event Messages printui.dll 6.1.7601.17514 Printer Settings User Interface prncache.dll 6.1.7601.17514 Print UI Cache prnfldr.dll 6.1.7601.17514 prnfldr dll prnntfy.dll 6.1.7600.16385 prnntfy DLL prntvpt.dll 6.1.7601.17514 Print Ticket Services Module profapi.dll 6.1.7600.16385 User Profile Basic API propsys.dll 7.0.7601.17514 Microsoft Property System provsvc.dll 6.1.7601.17514 Windows HomeGroup provthrd.dll 6.1.7600.16385 WMI Provider Thread & Log Library psapi.dll 6.1.7600.16385 Process Status Helper psbase.dll 6.1.7600.16385 Protected Storage default provider pshed.dll 6.1.7600.16385 Platform Specific Hardware Error Driver psisdecd.dll 6.6.7601.17669 Microsoft SI/PSI parser for MPEG2 based networks. pstorec.dll 6.1.7600.16385 Protected Storage COM interfaces pstorsvc.dll 6.1.7600.16385 Protected storage server puiapi.dll 6.1.7600.16385 puiapi DLL puiobj.dll 6.1.7601.17514 PrintUI Objects DLL pwrshplugin.dll 6.1.7600.16385 pwrshplugin.dll qagent.dll 6.1.7601.17514 Quarantine Agent Proxy qasf.dll 12.0.7601.19091 DirectShow ASF Support qcap.dll 6.6.7601.17514 DirectShow Runtime. qcliprov.dll 6.1.7601.17514 Quarantine Client WMI Provider qdv.dll 6.6.7601.17514 DirectShow Runtime. qdvd.dll 6.6.7601.23471 DirectShow DVD PlayBack Runtime. qedit.dll 6.6.7601.19091 DirectShow Editing. qedwipes.dll 6.6.7600.16385 DirectShow Editing SMPTE Wipes qmgrprxy.dll 7.5.7600.16385 Background Intelligent Transfer Service Proxy qshvhost.dll 6.1.7601.17514 Quarantine SHV Host qsvrmgmt.dll 6.1.7601.17514 Quarantine Server Management quartz.dll 6.6.7601.23709 DirectShow Runtime. query.dll 6.1.7601.23930 Content Index Utility DLL qutil.dll 6.1.7601.17514 Quarantine Utilities qwave.dll 6.1.7600.16385 Windows NT racengn.dll 6.1.7601.17514 Reliability analysis metrics calculation engine racpldlg.dll 6.1.7600.16385 Remote Assistance Contact List radardt.dll 6.1.7600.16385 Microsoft Windows Resource Exhaustion Detector radarrs.dll 6.1.7600.16385 Microsoft Windows Resource Exhaustion Resolver rasadhlp.dll 6.1.7600.16385 Remote Access AutoDial Helper rasapi32.dll 6.1.7600.16385 Remote Access API rascfg.dll 6.1.7600.16385 RAS Configuration Objects raschap.dll 6.1.7601.17514 Remote Access PPP CHAP rasctrs.dll 6.1.7600.16385 Windows NT Remote Access Perfmon Counter dll rasdiag.dll 6.1.7600.16385 RAS Diagnostics Helper Classes rasdlg.dll 6.1.7600.16385 Remote Access Common Dialog API rasgcw.dll 6.1.7600.16385 RAS Wizard Pages rasman.dll 6.1.7600.16385 Remote Access Connection Manager rasmm.dll 6.1.7600.16385 RAS Media Manager rasmontr.dll 6.1.7600.16385 RAS Monitor DLL rasmxs.dll 6.1.7600.16385 Remote Access Device DLL for modems, PADs and switches rasplap.dll 6.1.7600.16385 RAS PLAP Credential Provider rasppp.dll 6.1.7601.17514 Remote Access PPP rasser.dll 6.1.7600.16385 Remote Access Media DLL for COM ports rastapi.dll 6.1.7601.17514 Remote Access TAPI Compliance Layer rastls.dll 6.1.7601.18584 Remote Access PPP EAP-TLS rdpcore.dll 6.1.7601.23892 RDP Core DLL rdpd3d.dll 6.1.7601.17514 RDP Direct3D Remoting DLL rdpencom.dll 6.1.7601.17514 RDPSRAPI COM Objects rdpendp.dll 6.1.7601.17514 RDP Audio Endpoint rdpendp_winip.dll 6.2.9200.16398 RDP Audio Endpoint rdprefdrvapi.dll 6.1.7601.17514 Reflector Driver API rdvidcrl.dll 6.3.9600.16415 Remote Desktop Services Client for Microsoft Online Services reagent.dll 6.1.7601.17514 Microsoft Windows Recovery Agent DLL regapi.dll 6.1.7601.17514 Registry Configuration APIs regctrl.dll 6.1.7600.16385 RegCtrl remotepg.dll 6.1.7601.17514 Remote Sessions CPL Extension resampledmo.dll 6.1.7601.19091 Windows Media Resampler resutils.dll 6.1.7601.17514 Microsoft Cluster Resource Utility DLL rgb9rast.dll 6.1.7600.16385 Microsoft® Windows® Operating System riched20.dll 5.31.23.1230 Rich Text Edit Control, v3.1 riched32.dll 6.1.7601.17514 Wrapper Dll for Richedit 1.0 rnr20.dll 6.1.7600.16385 Windows Socket2 NameSpace DLL rpcdiag.dll 6.1.7600.16385 RPC Diagnostics rpchttp.dll 6.1.7601.23915 RPC HTTP DLL rpcndfp.dll 1.0.0.1 RPC NDF Helper Class rpcns4.dll 6.1.7600.16385 Remote Procedure Call Name Service Client rpcnsh.dll 6.1.7600.16385 RPC Netshell Helper rpcrt4.dll 6.1.7601.23915 Remote Procedure Call Runtime rpcrtremote.dll 6.1.7601.17514 Remote RPC Extension rsaenh.dll 6.1.7600.16385 Microsoft Enhanced Cryptographic Provider rshx32.dll 6.1.7600.16385 Security Shell Extension rstrtmgr.dll 6.1.7600.16385 Restart Manager rtffilt.dll 2008.0.7600.16385 RTF Filter rtm.dll 6.1.7600.16385 Routing Table Manager rtutils.dll 6.1.7601.17514 Routing Utilities samcli.dll 6.1.7601.17514 Security Accounts Manager Client DLL samlib.dll 6.1.7601.23677 SAM Library DLL sampleres.dll 6.1.7600.16385 Microsoft Samples sas.dll 6.1.7600.16385 WinLogon Software SAS Library sbe.dll 6.6.7601.17528 DirectShow Stream Buffer Filter. sbeio.dll 12.0.7600.16385 Stream Buffer IO DLL sberes.dll 6.6.7600.16385 DirectShow Stream Buffer Filter Resouces. scansetting.dll 6.1.7601.17514 Microsoft® Windows(TM) ScanSettings Profile and Scanning implementation scarddlg.dll 6.1.7600.16385 SCardDlg - Smart Card Common Dialog scecli.dll 6.1.7601.17514 Windows Security Configuration Editor Client Engine scesrv.dll 6.1.7601.18686 Windows Security Configuration Editor Engine schannel.dll 6.1.7601.23915 TLS / SSL Security Provider schedcli.dll 6.1.7601.17514 Scheduler Service Client DLL scksp.dll 6.1.7600.16385 Microsoft Smart Card Key Storage Provider scripto.dll 6.6.7600.16385 Microsoft ScriptO scrobj.dll 5.8.7600.16385 Windows ® Script Component Runtime scrptadm.dll 6.1.7601.17514 Script Adm Extension scrrun.dll 5.8.7601.18283 Microsoft ® Script Runtime sdiageng.dll 6.1.7600.16385 Scripted Diagnostics Execution Engine sdiagprv.dll 6.1.7600.16385 Windows Scripted Diagnostic Provider API sdohlp.dll 6.1.7600.16385 NPS SDO Helper Component searchfolder.dll 6.1.7601.17514 SearchFolder sechost.dll 6.1.7601.18869 Host for SCM/SDDL/LSA Lookup APIs secproc.dll 6.1.7601.18332 Windows Rights Management Desktop Security Processor secproc_isv.dll 6.1.7601.18332 Windows Rights Management Desktop Security Processor secproc_ssp.dll 6.1.7601.18332 Windows Rights Management Services Server Security Processor secproc_ssp_isv.dll 6.1.7601.18332 Windows Rights Management Services Server Security Processor (Pre-production) secur32.dll 6.1.7601.23915 Security Support Provider Interface security.dll 6.1.7600.16385 Security Support Provider Interface sendmail.dll 6.1.7600.16385 Send Mail sens.dll 6.1.7600.16385 System Event Notification Service (SENS) sensapi.dll 6.1.7600.16385 SENS Connectivity API DLL sensorsapi.dll 6.1.7600.16385 Sensor API sensorscpl.dll 6.1.7601.17514 Open Location and Other Sensors serialui.dll 6.1.7600.16385 Serial Port Property Pages serwvdrv.dll 6.1.7600.16385 Unimodem Serial Wave driver sessenv.dll 6.1.7601.17514 Remote Desktop Configuration service setupapi.dll 6.1.7601.17514 Windows Setup API setupcln.dll 6.1.7601.17514 Setup Files Cleanup sfc.dll 6.1.7600.16385 Windows File Protection sfc_os.dll 6.1.7600.16385 Windows File Protection shacct.dll 6.1.7601.17514 Shell Accounts Classes shdocvw.dll 6.1.7601.23896 Shell Doc Object and Control Library shell32.dll 6.1.7601.23893 Windows Shell Common Dll shellstyle.dll 6.1.7600.16385 Windows Shell Style Resource Dll shfolder.dll 6.1.7600.16385 Shell Folder Service shgina.dll 6.1.7601.17514 Windows Shell User Logon shimeng.dll 6.1.7601.19050 Shim Engine DLL shimgvw.dll 6.1.7601.17514 Photo Gallery Viewer shlwapi.dll 6.1.7601.17514 Shell Light-weight Utility Library shpafact.dll 6.1.7600.16385 Windows Shell LUA/PA Elevation Factory Dll shsetup.dll 6.1.7601.17514 Shell setup helper shsvcs.dll 6.1.7601.17514 Windows Shell Services Dll shunimpl.dll 6.1.7601.17514 Windows Shell Obsolete APIs shwebsvc.dll 6.1.7601.17514 Windows Shell Web Services signdrv.dll 6.1.7600.16385 WMI provider for Signed Drivers sisbkup.dll 6.1.7601.17514 Single-Instance Store Backup Support Functions slc.dll 6.1.7600.16385 Software Licensing Client Dll slcext.dll 6.1.7600.16385 Software Licensing Client Extension Dll slwga.dll 6.1.7601.17514 Software Licensing WGA API smartcardcredentialprovider.dll 6.1.7601.18276 Windows Smartcard Credential Provider smbhelperclass.dll 1.0.0.1 SMB (File Sharing) Helper Class for Network Diagnostic Framework sndvolsso.dll 6.1.7601.17514 SCA Volume snmpapi.dll 6.1.7600.16385 SNMP Utility Library softkbd.dll 6.1.7600.16385 Soft Keyboard Server and Tip softpub.dll 6.1.7600.16385 Softpub Forwarder DLL sortserver2003compat.dll 6.1.7600.16385 Sort Version Server 2003 sortwindows6compat.dll 6.1.7600.16385 Sort Version Windows 6.0 spbcd.dll 6.1.7601.17514 BCD Sysprep Plugin spfileq.dll 6.1.7600.16385 Windows SPFILEQ spinf.dll 6.1.7600.16385 Windows SPINF spnet.dll 6.1.7600.16385 Net Sysprep Plugin spopk.dll 6.1.7601.17514 OPK Sysprep Plugin spp.dll 6.1.7601.17514 Microsoft® Windows Shared Protection Point Library sppc.dll 6.1.7601.17514 Software Licensing Client Dll sppcc.dll 6.1.7600.16385 Software Licensing Commerce Client sppcext.dll 6.1.7600.16385 Software Protection Platform Client Extension Dll sppcomapi.dll 6.1.7601.17514 Software Licensing Library sppcommdlg.dll 6.1.7600.16385 Software Licensing UI API sppinst.dll 6.1.7601.17514 SPP CMI Installer Plug-in DLL sppwmi.dll 6.1.7600.16385 Software Protection Platform WMI provider spwinsat.dll 6.1.7600.16385 WinSAT Sysprep Plugin spwizeng.dll 6.1.7601.17514 Setup Wizard Framework spwizimg.dll 6.1.7600.16385 Setup Wizard Framework Resources spwizres.dll 6.1.7601.17514 Setup Wizard Framework Resources spwmp.dll 6.1.7601.23930 Windows Media Player System Preparation DLL sqlceoledb30.dll 3.0.7600.0 Microsoft SQL Mobile sqlceqp30.dll 3.0.7600.0 Microsoft SQL Mobile sqlcese30.dll 3.0.7601.0 Microsoft SQL Mobile sqloledb.dll 6.1.7601.17514 OLE DB Provider for SQL Server sqlsrv32.dll 6.1.7601.17514 SQL Server ODBC Driver sqlunirl.dll 2000.80.728.0 String Function .DLL for SQL Enterprise Components sqlwid.dll 1999.10.20.0 Unicode Function .DLL for SQL Enterprise Components sqlwoa.dll 1999.10.20.0 Unicode/ANSI Function .DLL for SQL Enterprise Components sqlxmlx.dll 6.1.7600.16385 XML extensions for SQL Server sqmapi.dll 6.1.7601.17514 SQM Client srchadmin.dll 7.0.7601.17514 Indexing Options srclient.dll 6.1.7601.23915 Microsoft® Windows System Restore Client Library srhelper.dll 6.1.7600.16385 Microsoft® Windows driver and windows update enumeration library srpuxnativesnapin.dll 6.1.7600.16385 Application Control Policies Group Policy Editor Extension srvcli.dll 6.1.7601.17514 Server Service Client DLL sscore.dll 6.1.7601.17514 Server Service Core DLL ssdpapi.dll 6.1.7600.16385 SSDP Client API DLL sspicli.dll 6.1.7601.23915 Security Support Provider Interface ssshim.dll 6.1.7600.16385 Windows Componentization Platform Servicing API stclient.dll 2001.12.8530.16385 COM+ Configuration Catalog Client sti.dll 6.1.7600.16385 Still Image Devices client DLL stobject.dll 6.1.7601.17514 Systray shell service object storage.dll 2.10.35.35 OLE 2.1 16/32 Interoperability Library storagecontexthandler.dll 6.1.7600.16385 Device Center Storage Context Menu Handler storprop.dll 6.1.7600.16385 Property Pages for Storage Devices structuredquery.dll 7.0.7601.23451 Structured Query sud.dll 6.1.7601.17514 SUD Control Panel sxproxy.dll 6.1.7600.16385 Microsoft® Windows System Protection Proxy Library sxs.dll 6.1.7601.17514 Fusion 2.5 sxshared.dll 6.1.7600.16385 Microsoft® Windows SX Shared Library sxsstore.dll 6.1.7600.16385 Sxs Store DLL synccenter.dll 6.1.7601.17514 Microsoft Sync Center synceng.dll 6.1.7601.17959 Windows Briefcase Engine synchostps.dll 6.1.7600.16385 Proxystub for sync host syncinfrastructure.dll 6.1.7600.16385 Microsoft Windows Sync Infrastructure. syncinfrastructureps.dll 6.1.7600.16385 Microsoft Windows sync infrastructure proxy stub. syncom.dll 16.2.19.14 SynCOM syncreg.dll 2007.94.7600.16385 Microsoft Synchronization Framework Registration syncui.dll 6.1.7601.17514 Windows Briefcase syntpcom.dll 16.2.19.14 Synaptics TouchPad Interfaces syssetup.dll 6.1.7601.17514 Windows NT System Setup systemcpl.dll 6.1.7601.17514 My System CPL t2embed.dll 6.1.7601.23930 Microsoft T2Embed Font Embedding tapi3.dll 6.1.7600.16385 Microsoft TAPI3 tapi32.dll 6.1.7600.16385 Microsoft® Windows(TM) Telephony API Client DLL tapimigplugin.dll 6.1.7600.16385 Microsoft® Windows(TM) TAPI Migration Plugin Dll tapiperf.dll 6.1.7600.16385 Microsoft® Windows(TM) Telephony Performance Monitor tapisrv.dll 6.1.7601.17514 Microsoft® Windows(TM) Telephony Server tapisysprep.dll 6.1.7600.16385 Microsoft® Windows(TM) Telephony Sysprep Work tapiui.dll 6.1.7600.16385 Microsoft® Windows(TM) Telephony API UI DLL taskcomp.dll 6.1.7601.17514 Task Scheduler Backward Compatibility Plug-in taskschd.dll 6.1.7601.17514 Task Scheduler COM API taskschdps.dll 6.1.7600.16385 Task Scheduler Interfaces Proxy tbs.dll 6.1.7601.19146 TBS tcpipcfg.dll 6.1.7601.17514 Network Configuration Objects tcpmonui.dll 6.1.7600.16385 Standard TCP/IP Port Monitor UI DLL tdh.dll 6.1.7601.18939 Event Trace Helper Library termmgr.dll 6.1.7601.17514 Microsoft TAPI3 Terminal Manager thawbrkr.dll 6.1.7600.16385 Thai Word Breaker themecpl.dll 6.1.7601.17514 Personalization CPL themeui.dll 6.1.7601.23913 Windows Theme API thumbcache.dll 6.1.7601.17514 Microsoft Thumbnail Cache timedatemuicallback.dll 6.1.7600.16385 Time Date Control UI Language Change plugin tlscsp.dll 6.1.7601.17514 Microsoft® Remote Desktop Services Cryptographic Utility tpmcompc.dll 6.1.7600.16385 Computer Chooser Dialog tquery.dll 7.0.7601.23930 tquery.dll traffic.dll 6.1.7600.16385 Microsoft Traffic Control 1.0 DLL trapi.dll 6.1.7601.17514 Microsoft Narrator Text Renderer tsbyuv.dll 6.1.7601.17514 Toshiba Video Codec tschannel.dll 6.1.7600.16385 Task Scheduler Proxy tsgqec.dll 6.3.9600.16415 RD Gateway QEC tsmf.dll 6.1.7601.17514 RDP MF Plugin tspkg.dll 6.1.7601.23915 Web Service Security Package tsworkspace.dll 6.1.7601.18546 RemoteApp and Desktop Connection Component tvratings.dll 6.6.7600.16385 Module for managing TV ratings twext.dll 6.1.7601.17514 Previous Versions property page txflog.dll 2001.12.8530.16385 COM+ txfw32.dll 6.1.7600.16385 TxF Win32 DLL typelib.dll 2.10.3029.1 OLE 2.1 16/32 Interoperability Library tzres.dll 6.1.7601.23930 Time Zones resource DLL ubpm.dll 6.1.7601.18741 Unified Background Process Manager DLL ucmhc.dll 6.1.7600.16385 UCM Helper Class ucrtbase.dll 10.0.10586.1171 Microsoft® C Runtime Library udhisapi.dll 6.1.7600.16385 UPnP Device Host ISAPI Extension uexfat.dll 6.1.7600.16385 eXfat Utility DLL ufat.dll 6.1.7600.16385 FAT Utility DLL uianimation.dll 6.2.9200.22005 Windows Animation Manager uiautomationcore.dll 7.0.0.0 Microsoft UI Automation Core uicom.dll 6.1.7600.16385 Add/Remove Modems uiribbon.dll 6.1.7601.17514 Windows Ribbon Framework uiribbonres.dll 6.1.7601.17514 Windows Ribbon Framework Resources ulib.dll 6.1.7600.16385 File Utilities Support DLL umdmxfrm.dll 6.1.7600.16385 Unimodem Tranform Module unimdmat.dll 6.1.7601.17514 Unimodem Service Provider AT Mini Driver uniplat.dll 6.1.7600.16385 Unimodem AT Mini Driver Platform Driver for Windows NT unrar.dll 5.10.100.1259 untfs.dll 6.1.7601.17514 NTFS Utility DLL upnp.dll 6.1.7601.17514 UPnP Control Point API upnphost.dll 6.1.7600.16385 UPnP Device Host ureg.dll 6.1.7600.16385 Registry Utility DLL url.dll 11.0.9600.16428 Internet Shortcut Shell Extension DLL urlmon.dll 11.0.9600.18838 OLE32 Extensions for Win32 usbceip.dll 6.1.7600.16385 USBCEIP Task usbperf.dll 6.1.7600.16385 USB Performance Objects DLL usbui.dll 6.1.7600.16385 USB UI Dll user32.dll 6.1.7601.23594 Multi-User Windows USER API Client DLL useraccountcontrolsettings.dll 6.1.7601.17514 UserAccountControlSettings usercpl.dll 6.1.7601.17514 User control panel userenv.dll 6.1.7601.17514 Userenv usp10.dll 1.626.7601.23894 Uniscribe Unicode script processor utildll.dll 6.1.7601.17514 WinStation utility support DLL uudf.dll 6.1.7600.16385 UDF Utility DLL uxinit.dll 6.1.7600.16385 Windows User Experience Session Initialization Dll uxlib.dll 6.1.7601.17514 Setup Wizard Framework uxlibres.dll 6.1.7600.16385 UXLib Resources uxtheme.dll 6.1.7600.16385 Microsoft UxTheme Library van.dll 6.1.7601.17514 View Available Networks vault.dll 6.1.7601.17514 Windows vault Control Panel vaultcli.dll 6.1.7600.16385 Credential Vault Client Library vbajet32.dll 6.0.1.9431 Visual Basic for Applications Development Environment - Expression Service Loader vbame.dll 14.0.4746.1000 Microsoft Visual Basic component vbscript.dll 5.8.9600.18838 Microsoft ® VBScript vccorlib110.dll 11.0.50727.1 Microsoft ® VC WinRT core library vccorlib120.dll 12.0.21005.1 Microsoft ® VC WinRT core library vcomp100.dll 10.0.40219.325 Microsoft® C/C++ OpenMP Runtime vcomp110.dll 11.0.50727.1 Microsoft® C/C++ OpenMP Runtime vdmdbg.dll 6.1.7600.16385 VDMDBG.DLL vds_ps.dll 6.1.7600.16385 Microsoft® Virtual Disk Service proxy/stub vdsbas.dll 6.1.7601.17514 Virtual Disk Service Basic Provider vdsdyn.dll 6.1.7600.16385 VDS Dynamic Volume Provider, Version 2.1.0.1 vdsvd.dll 6.1.7600.16385 VDS Virtual Disk Provider, Version 1.0 verifier.dll 6.1.7600.16385 Standard application verifier provider dll version.dll 6.1.7600.16385 Version Checking and File Installation Libraries vfpodbc.dll 1.0.2.0 vfpodbc vfwwdm32.dll 6.1.7601.17514 VfW MM Driver for WDM Video Capture Devices vidreszr.dll 6.1.7601.19091 Windows Media Resizer virtdisk.dll 6.1.7600.16385 Virtual Disk API DLL visa32.dll 5.3.0.49152 NI-VISA Library visaconfmgr.dll 5.1.0.1 VISA Conflict Manager vpnikeapi.dll 6.1.7601.17514 VPN IKE API's vss_ps.dll 6.1.7600.16385 Microsoft® Volume Shadow Copy Service proxy/stub vssapi.dll 6.1.7601.17514 Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL vsstrace.dll 6.1.7600.16385 Microsoft® Volume Shadow Copy Service Tracing Library w32topl.dll 6.1.7600.16385 Windows NT Topology Maintenance Tool wab32.dll 6.1.7601.17699 Microsoft (R) Contacts DLL wab32res.dll 6.1.7600.16385 Microsoft (R) Contacts DLL wabsyncprovider.dll 6.1.7600.16385 Microsoft Windows Contacts Sync Provider wavemsp.dll 6.1.7601.17514 Microsoft Wave MSP wbemcomn.dll 6.1.7601.17514 WMI wcnapi.dll 6.1.7600.16385 Windows Connect Now - API Helper DLL wcncsvc.dll 6.1.7601.17514 Windows Connect Now - Config Registrar Service wcneapauthproxy.dll 6.1.7600.16385 Windows Connect Now - WCN EAP Authenticator Proxy wcneappeerproxy.dll 6.1.7600.16385 Windows Connect Now - WCN EAP PEER Proxy wcnwiz.dll 6.1.7600.16385 Windows Connect Now Wizards wcspluginservice.dll 6.1.7601.23677 WcsPlugInService DLL wdc.dll 6.1.7601.23841 Performance Monitor wdi.dll 6.1.7601.18713 Windows Diagnostic Infrastructure wdigest.dll 6.1.7601.23915 Microsoft Digest Access wdscore.dll 6.1.7601.17514 Panther Engine Module webcheck.dll 11.0.9600.18838 Web Site Monitor webclnt.dll 6.1.7601.23542 Web DAV Service DLL webio.dll 6.1.7601.23375 Web Transfer Protocols API webservices.dll 6.1.7601.17514 Windows Web Services Runtime wecapi.dll 6.1.7600.16385 Event Collector Configuration API wer.dll 6.1.7601.23877 Windows Error Reporting DLL werdiagcontroller.dll 6.1.7601.23877 WER Diagnostic Controller werui.dll 6.1.7600.16385 Windows Error Reporting UI DLL wevtapi.dll 6.1.7600.16385 Eventing Consumption and Configuration API wevtfwd.dll 6.1.7600.16385 WS-Management Event Forwarding Plug-in wfapigp.dll 6.1.7600.16385 Windows Firewall GPO Helper dll wfhc.dll 6.1.7600.16385 Windows Firewall Helper Class whealogr.dll 6.1.7600.16385 WHEA Troubleshooter whhelper.dll 6.1.7600.16385 Net shell helper DLL for winHttp wiaaut.dll 6.1.7600.16385 WIA Automation Layer wiadefui.dll 6.1.7601.17514 WIA Scanner Default UI wiadss.dll 6.1.7600.16385 WIA TWAIN compatibility layer wiaextensionhost64.dll 6.1.7600.16385 WIA Extension Host for thunking APIs from 32-bit to 64-bit process wiascanprofiles.dll 6.1.7600.16385 Microsoft Windows ScanProfiles wiashext.dll 6.1.7600.16385 Imaging Devices Shell Folder UI wiatrace.dll 6.1.7600.16385 WIA Tracing wiavideo.dll 6.1.7601.17514 WIA Video wimgapi.dll 6.1.7601.17514 Windows Imaging Library win32spl.dll 6.1.7601.23889 Client Side Rendering Print Provider winbio.dll 6.1.7600.16385 Windows Biometrics Client API winbrand.dll 6.1.7600.16385 Windows Branding Resources wincredprovider.dll 6.1.7601.18409 wincredprovider DLL windowsaccessbridge-32.dll 8.0.1610.12 Java(TM) Platform SE binary windowscodecs.dll 6.2.9200.21830 Microsoft Windows Codecs Library windowscodecsext.dll 6.2.9200.16492 Microsoft Windows Codecs Extended Library winfax.dll 6.1.7600.16385 Microsoft Fax API Support DLL winhttp.dll 6.1.7601.23451 Windows HTTP Services wininet.dll 11.0.9600.18838 Internet Extensions for Win32 winipsec.dll 6.1.7601.23452 Windows IPsec SPD Client DLL winmm.dll 6.1.7601.17514 MCI API DLL winnsi.dll 6.1.7601.23889 Network Store Information RPC interface winrnr.dll 6.1.7600.16385 LDAP RnR Provider DLL winrscmd.dll 6.1.7600.16385 remtsvc winrsmgr.dll 6.1.7600.16385 WSMan Shell API winrssrv.dll 6.1.7600.16385 winrssrv winsatapi.dll 6.1.7601.17514 Windows System Assessment Tool API winscard.dll 6.1.7601.17514 Microsoft Smart Card API winshfhc.dll 6.1.7600.16385 File Risk Estimation winsockhc.dll 6.1.7600.16385 Winsock Network Diagnostic Helper Class winsrpc.dll 6.1.7600.16385 WINS RPC LIBRARY winsta.dll 6.1.7601.18540 Winstation Library winsync.dll 2007.94.7600.16385 Synchronization Framework winsyncmetastore.dll 2007.94.7600.16385 Windows Synchronization Metadata Store winsyncproviders.dll 2007.94.7600.16385 Windows Synchronization Provider Framework wintrust.dll 6.1.7601.23769 Microsoft Trust Verification APIs winusb.dll 6.1.7600.16385 Windows USB Driver User Library wkscli.dll 6.1.7601.17514 Workstation Service Client DLL wksprtps.dll 6.3.9600.16415 WorkspaceRuntime ProxyStub DLL wlanapi.dll 6.1.7601.23915 Windows WLAN AutoConfig Client Side API DLL wlancfg.dll 6.1.7600.16385 Wlan Netsh Helper DLL wlanconn.dll 6.1.7600.16385 Dot11 Connection Flows wlandlg.dll 6.1.7600.16385 Wireless Lan Dialog Wizards wlangpui.dll 6.1.7601.17514 Wireless Network Policy Management Snap-in wlanhlp.dll 6.1.7601.23915 Windows Wireless LAN 802.11 Client Side Helper API wlaninst.dll 6.1.7600.16385 Windows NET Device Class Co-Installer for Wireless LAN wlanmm.dll 6.1.7600.16385 Dot11 Media and AdHoc Managers wlanmsm.dll 6.1.7601.23915 Windows Wireless LAN 802.11 MSM DLL wlanpref.dll 6.1.7601.17514 Wireless Preferred Networks wlansec.dll 6.1.7601.23915 Windows Wireless LAN 802.11 MSM Security Module DLL wlanui.dll 6.1.7601.17514 Wireless Profile UI wlanutil.dll 6.1.7600.16385 Windows Wireless LAN 802.11 Utility DLL wldap32.dll 6.1.7601.23889 Win32 LDAP API DLL wlgpclnt.dll 6.1.7600.16385 802.11 Group Policy Client wls0wndh.dll 6.1.7600.16385 Session0 Viewer Window Hook DLL wmadmod.dll 6.1.7601.19091 Windows Media Audio Decoder wmadmoe.dll 6.1.7601.19091 Windows Media Audio 10 Encoder/Transcoder wmasf.dll 12.0.7600.16385 Windows Media ASF DLL wmcodecdspps.dll 6.1.7600.16385 Windows Media CodecDSP Proxy Stub Dll wmdmlog.dll 12.0.7600.16385 Windows Media Device Manager Logger wmdmps.dll 12.0.7600.16385 Windows Media Device Manager Proxy Stub wmdrmdev.dll 12.0.7601.17514 Windows Media DRM for Network Devices Registration DLL wmdrmnet.dll 12.0.7601.17514 Windows Media DRM for Network Devices DLL wmdrmsdk.dll 11.0.7601.23471 Windows Media DRM SDK DLL wmerror.dll 12.0.7600.16385 Windows Media Error Definitions (English) wmi.dll 6.1.7601.17787 WMI DC and DP functionality wmidx.dll 12.0.7600.16385 Windows Media Indexer DLL wmiprop.dll 6.1.7600.16385 WDM Provider Dynamic Property Page CoInstaller wmnetmgr.dll 12.0.7601.17514 Windows Media Network Plugin Manager DLL wmp.dll 12.0.7601.23930 Windows Media Player wmpcm.dll 12.0.7600.16385 Windows Media Player Compositing Mixer wmpdui.dll 12.0.7600.16385 Windows DirectUser Engine wmpdxm.dll 12.0.7601.17514 Windows Media Player Extension wmpeffects.dll 12.0.7601.17514 Windows Media Player Effects wmpencen.dll 12.0.7601.17514 Windows Media Player Encoding Module wmphoto.dll 6.2.9200.17254 Windows Media Photo Codec wmploc.dll 12.0.7601.23930 Windows Media Player Resources wmpmde.dll 12.0.7601.19091 WMPMDE DLL wmpps.dll 12.0.7601.17514 Windows Media Player Proxy Stub Dll wmpshell.dll 12.0.7601.17514 Windows Media Player Launcher wmpsrcwp.dll 12.0.7601.17514 WMPSrcWp Module wmsgapi.dll 6.1.7600.16385 WinLogon IPC Client wmspdmod.dll 6.1.7601.19091 Windows Media Audio Voice Decoder wmspdmoe.dll 6.1.7601.19091 Windows Media Audio Voice Encoder wmvcore.dll 12.0.7601.17514 Windows Media Playback/Authoring DLL wmvdecod.dll 6.1.7601.19091 Windows Media Video Decoder wmvdspa.dll 6.1.7600.16385 Windows Media Video DSP Components - Advanced wmvencod.dll 6.1.7601.19091 Windows Media Video 9 Encoder wmvsdecd.dll 6.1.7601.19091 Windows Media Screen Decoder wmvsencd.dll 6.1.7601.19091 Windows Media Screen Encoder wmvxencd.dll 6.1.7601.19091 Windows Media Video Encoder wow32.dll 6.1.7601.23915 Wow32 wpc.dll 1.0.0.1 WPC Settings Library wpcao.dll 6.1.7600.16385 WPC Administrator Override wpcsvc.dll 1.0.0.1 WPC Filtering Service wpdshext.dll 6.1.7601.18738 Portable Devices Shell Extension wpdshserviceobj.dll 6.1.7601.17514 Windows Portable Device Shell Service Object wpdsp.dll 6.1.7601.17514 WMDM Service Provider for Windows Portable Devices wpdwcn.dll 6.1.7601.17514 Windows Portable Device WCN Wizard ws2_32.dll 6.1.7601.23451 Windows Socket 2.0 32-Bit DLL ws2help.dll 6.1.7600.16385 Windows Socket 2.0 Helper for Windows NT wscapi.dll 6.1.7601.17514 Windows Security Center API wscinterop.dll 6.1.7600.16385 Windows Health Center WSC Interop wscisvif.dll 6.1.7600.16385 Windows Security Center ISV API wscmisetup.dll 6.1.7600.16385 Installers for Winsock Transport and Name Space Providers wscproxystub.dll 6.1.7600.16385 Windows Security Center ISV Proxy Stub wsdapi.dll 6.1.7601.17514 Web Services for Devices API DLL wsdchngr.dll 6.1.7601.17514 WSD Challenge Component wsecedit.dll 6.1.7600.16385 Security Configuration UI Module wshbth.dll 6.1.7601.17514 Windows Sockets Helper DLL wshcon.dll 5.8.7600.16385 Microsoft ® Windows Script Controller wshelper.dll 6.1.7600.16385 Winsock Net shell helper DLL for winsock wshext.dll 5.8.7600.16385 Microsoft ® Shell Extension for Windows Script Host wship6.dll 6.1.7600.16385 Winsock2 Helper DLL (TL/IPv6) wshirda.dll 6.1.7601.17514 Windows Sockets Helper DLL wshqos.dll 6.1.7600.16385 QoS Winsock2 Helper DLL wshrm.dll 6.1.7601.19055 Windows Sockets Helper DLL for PGM wshtcpip.dll 6.1.7600.16385 Winsock2 Helper DLL (TL/IPv4) wsmanmigrationplugin.dll 6.1.7601.23512 WinRM Migration Plugin wsmauto.dll 6.1.7601.23512 WSMAN Automation wsmplpxy.dll 6.1.7601.23512 wsmplpxy wsmres.dll 6.1.7601.23512 WSMan Resource DLL wsmsvc.dll 6.1.7601.23512 WSMan Service wsmwmipl.dll 6.1.7601.23512 WSMAN WMI Provider wsnmp32.dll 6.1.7601.17514 Microsoft WinSNMP v2.0 Manager API wsock32.dll 6.1.7600.16385 Windows Socket 32-Bit DLL wtsapi32.dll 6.1.7601.17514 Windows Remote Desktop Session Host Server SDK APIs wuapi.dll 7.6.7601.23806 Windows Update Client API wudriver.dll 7.6.7601.23806 Windows Update WUDriver Stub wups.dll 7.6.7601.23806 Windows Update client proxy stub wuwebv.dll 7.6.7601.23806 Windows Update Vista Web Control wvc.dll 6.1.7601.23841 Windows Visual Components wwanapi.dll 6.1.7600.16385 Mbnapi wwapi.dll 8.1.2.0 WWAN API wzcdlg.dll 6.1.7600.16385 Windows Connect Now - Flash Config Enrollee x264vfw.dll 39.2453.40246.0 x264vfw - H.264/MPEG-4 AVC codec x3daudio1_0.dll 9.11.519.0 X3DAudio x3daudio1_1.dll 9.15.779.0 X3DAudio x3daudio1_2.dll 9.21.1148.0 X3DAudio x3daudio1_3.dll 9.22.1284.0 X3DAudio x3daudio1_4.dll 9.23.1350.0 X3DAudio x3daudio1_5.dll 9.25.1476.0 X3DAudio x3daudio1_6.dll 9.26.1590.0 3D Audio Library x3daudio1_7.dll 9.28.1886.0 3D Audio Library xactengine2_0.dll 9.11.519.0 XACT Engine API xactengine2_1.dll 9.12.589.0 XACT Engine API xactengine2_10.dll 9.21.1148.0 XACT Engine API xactengine2_2.dll 9.13.644.0 XACT Engine API xactengine2_3.dll 9.14.701.0 XACT Engine API xactengine2_4.dll 9.15.779.0 XACT Engine API xactengine2_5.dll 9.16.857.0 XACT Engine API xactengine2_6.dll 9.17.892.0 XACT Engine API xactengine2_7.dll 9.18.944.0 XACT Engine API xactengine2_8.dll 9.19.1007.0 XACT Engine API xactengine2_9.dll 9.20.1057.0 XACT Engine API xactengine3_0.dll 9.22.1284.0 XACT Engine API xactengine3_1.dll 9.23.1350.0 XACT Engine API xactengine3_2.dll 9.24.1400.0 XACT Engine API xactengine3_3.dll 9.25.1476.0 XACT Engine API xactengine3_4.dll 9.26.1590.0 XACT Engine API xactengine3_5.dll 9.27.1734.0 XACT Engine API xactengine3_6.dll 9.28.1886.0 XACT Engine API xactengine3_7.dll 9.29.1962.0 XACT Engine API xapofx1_0.dll 9.23.1350.0 XAPOFX xapofx1_1.dll 9.24.1400.0 XAPOFX xapofx1_2.dll 9.25.1476.0 XAPOFX xapofx1_3.dll 9.26.1590.0 Audio Effect Library xapofx1_4.dll 9.28.1886.0 Audio Effect Library xapofx1_5.dll 9.29.1962.0 Audio Effect Library xaudio2_0.dll 9.22.1284.0 XAudio2 Game Audio API xaudio2_1.dll 9.23.1350.0 XAudio2 Game Audio API xaudio2_2.dll 9.24.1400.0 XAudio2 Game Audio API xaudio2_3.dll 9.25.1476.0 XAudio2 Game Audio API xaudio2_4.dll 9.26.1590.0 XAudio2 Game Audio API xaudio2_5.dll 9.27.1734.0 XAudio2 Game Audio API xaudio2_6.dll 9.28.1886.0 XAudio2 Game Audio API xaudio2_7.dll 9.29.1962.0 XAudio2 Game Audio API xinput1_1.dll 9.12.589.0 Microsoft Common Controller API xinput1_2.dll 9.14.701.0 Microsoft Common Controller API xinput1_3.dll 9.18.944.0 Microsoft Common Controller API xinput9_1_0.dll 6.1.7600.16385 XNA Common Controller xmlfilter.dll 2008.0.7600.16385 XML Filter xmllite.dll 1.3.1001.0 Microsoft XmlLite Library xmlprovi.dll 6.1.7600.16385 Network Provisioning Service Client API xmlrw.dll 2.0.3609.0 Microsoft XML Slim Library xmlrwbin.dll 2.0.3609.0 Microsoft XML Slim Library xolehlp.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator Helper APIs DLL xpsfilt.dll 6.1.7600.16385 XML Paper Specification Document IFilter xpsgdiconverter.dll 6.2.9200.16492 XPS to GDI Converter xpsprint.dll 6.2.9200.16492 XPS Printing DLL xpsrasterservice.dll 6.1.7601.17514 XPS Rasterization Service Component xpsservices.dll 6.1.7601.17514 Xps Object Model in memory creation and deserialization xpsshhdr.dll 6.1.7600.16385 Package Document Shell Extension Handler xpssvcs.dll 6.1.7600.16385 Native Code Xps Services Library xvidcore.dll xvidvfw.dll xwizards.dll 6.1.7600.16385 Extensible Wizards Manager Module xwreg.dll 6.1.7600.16385 Extensible Wizard Registration Manager Module xwtpdui.dll 6.1.7600.16385 Extensible Wizard Type Plugin for DUI xwtpw32.dll 6.1.7600.16385 Extensible Wizard Type Plugin for Win32 zipfldr.dll 6.1.7601.17514 Compressed (zipped) Folders --------[ UpTime ]------------------------------------------------------------------------------------------------------ Current Session: Last Shutdown Time 25.03.2018 18:12:44 Last Boot Time 25.03.2018 14:09:43 Current Time 25.03.2018 18:18:24 UpTime 14921 sec (0 days, 4 hours, 8 min, 41 sec) UpTime Statistics: First Boot Time 14.10.2017 10:32:44 First Shutdown Time 14.10.2017 1:19:43 Total UpTime 6759260 sec (78 days, 5 hours, 34 min, 20 sec) Total DownTime 7298652 sec (84 days, 11 hours, 24 min, 12 sec) Longest UpTime 78422 sec (0 days, 21 hours, 47 min, 2 sec) Longest DownTime 985541 sec (11 days, 9 hours, 45 min, 41 sec) Total Reboots 192 System Availability 48.08% Bluescreen Statistics: Total Bluescreens 0 Information: Information The above statistics are based on System Event Log entries --------[ Share ]------------------------------------------------------------------------------------------------------- ADMIN$ Folder Remote Admin C:\Windows C$ Folder Default share C:\ [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] IPC$ IPC Remote IPC --------[ Logon ]------------------------------------------------------------------------------------------------------- User ANIK ANIK User ANIK ANIK --------[ Users ]------------------------------------------------------------------------------------------------------- [ Administrator ] User Properties: User Name Administrator Full Name Administrator Comment Built-in account for administering the computer/domain Member Of Groups Administrators Logon Count 6 Disk Quota - User Features: Logon Script Executed Yes Account Disabled Yes Locked Out User No Home Folder Required No Password Required Yes Read-Only Password No Password Never Expires Yes [ Guest ] User Properties: User Name Guest Full Name Guest Comment Built-in account for guest access to the computer/domain Member Of Groups Guests Logon Count 0 Disk Quota - User Features: Logon Script Executed Yes Account Disabled Yes Locked Out User No Home Folder Required No Password Required No Read-Only Password Yes Password Never Expires Yes [ User ] User Properties: User Name User Full Name User Member Of Groups Administrators Logon Count 1548 Disk Quota - User Features: Logon Script Executed Yes Account Disabled No Locked Out User No Home Folder Required No Password Required No Read-Only Password No Password Never Expires Yes --------[ Windows Video ]----------------------------------------------------------------------------------------------- [ Intel(R) HD Graphics 3000 ] Video Adapter Properties: Device Description Intel(R) HD Graphics 3000 Adapter String Intel(R) HD Graphics 3000 BIOS String Intel Video BIOS Chip Type Intel(R) HD Graphics Family DAC Type Internal Driver Date 26.05.2015 Driver Version 9.17.10.4229 Driver Provider Intel Corporation Memory Size 2108 MB Installed Drivers: igdumd64 9.17.10.4229 igd10umd64 9.17.10.4229 igd10umd64 9.17.10.4229 igdumd32 9.17.10.4229 igd10umd32 9.17.10.4229 igd10umd32 9.17.10.4229 Video Adapter Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/graphics Driver Update http://www.aida64.com/driver-updates [ Intel(R) HD Graphics 3000 ] Video Adapter Properties: Device Description Intel(R) HD Graphics 3000 Adapter String Intel(R) HD Graphics 3000 BIOS String Intel Video BIOS Chip Type Intel(R) HD Graphics Family DAC Type Internal Driver Date 26.05.2015 Driver Version 9.17.10.4229 Driver Provider Intel Corporation Memory Size 2108 MB Installed Drivers: igdumd64 9.17.10.4229 igd10umd64 9.17.10.4229 igd10umd64 9.17.10.4229 igdumd32 9.17.10.4229 igd10umd32 9.17.10.4229 igd10umd32 9.17.10.4229 Video Adapter Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/graphics Driver Update http://www.aida64.com/driver-updates --------[ PCI / AGP Video ]--------------------------------------------------------------------------------------------- Intel HD Graphics 3000 Video Adapter Intel HD Graphics 3000 3D Accelerator --------[ GPU ]--------------------------------------------------------------------------------------------------------- [ Integrated: Intel Sandy Bridge-MB - Integrated Graphics Controller (MB GT2) ] Graphics Processor Properties: Video Adapter Intel Sandy Bridge-MB - Integrated Graphics Controller (MB GT2) BIOS Version Build Number: 2089(768_960) PC 14.34 10/30/2010 03:43:33 BIOS Date 30.10.2010 GPU Code Name Sandy Bridge-MB GT2 PCI Device 8086-0116 / 17AA-21CE (Rev 09) Process Technology 32 nm Bus Type Integrated GPU Clock 648 MHz (original: 648 MHz) GPU Clock (Turbo) 648 - 1196 MHz RAMDAC Clock 350 MHz Pixel Pipelines 4 TMU Per Pipeline 1 Unified Shaders 48 (v4.1) DirectX Hardware Support DirectX v10.1 WDDM Version WDDM 1.1 Architecture: Architecture Intel Gen6 Execution Units (EU) 12 L1 Instruction Cache 4 KB L1 Texture Cache 4 KB L2 Instruction Cache 24 KB L2 Texture Cache 16 KB Unified Return Buffer 64 KB Theoretical Peak Performance: Pixel Fillrate 2592 MPixel/s @ 648 MHz Texel Fillrate [ TRIAL VERSION ] Double-Precision FLOPS [ TRIAL VERSION ] Utilization: Dedicated Memory 8 MB Dynamic Memory 123 MB Graphics Processor Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/graphics Driver Update http://www.aida64.com/driver-updates --------[ Monitor ]----------------------------------------------------------------------------------------------------- [ Lenovo LP140WH2-TLM2 ] Monitor Properties: Monitor Name Lenovo LP140WH2-TLM2 Monitor ID LEN40A0 Manufacturer LP140WH2-TLM2 Monitor Type 14" LCD (WXGA) Manufacture Date 2010 Serial Number None Max. Visible Display Size 310 mm x 174 mm (14.0") Picture Aspect Ratio 16:9 Maximum Resolution 1366 x 768 Gamma 2.20 DPMS Mode Support Standby, Suspend, Active-Off Supported Video Modes: 1366 x 768 Pixel Clock: 57.77 MHz 1366 x 768 Pixel Clock: 69.30 MHz --------[ Desktop ]----------------------------------------------------------------------------------------------------- Desktop Properties: Device Technology Raster Display Resolution 1366 x 768 Color Depth 32-bit Color Planes 1 Font Resolution 96 dpi Pixel Width / Height 36 / 36 Pixel Diagonal 51 Vertical Refresh Rate 50 Hz Desktop Wallpaper C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Desktop Effects: Combo-Box Animation Enabled Drop Shadow Effect Enabled Flat Menu Effect Enabled Font Smoothing Enabled ClearType Enabled Full Window Dragging Enabled Gradient Window Title Bars Enabled Hide Menu Access Keys Enabled Hot Tracking Effect Enabled Icon Title Wrapping Enabled List-Box Smooth Scrolling Enabled Menu Animation Enabled Menu Fade Effect Enabled Minimize/Restore Animation Enabled Mouse Cursor Shadow Enabled Selection Fade Effect Enabled ShowSounds Accessibility Feature Disabled ToolTip Animation Enabled ToolTip Fade Effect Enabled Windows Aero Enabled Windows Plus! Extension Disabled --------[ Multi-Monitor ]----------------------------------------------------------------------------------------------- \\.\DISPLAY1 Yes (0,0) (1366,768) --------[ Video Modes ]------------------------------------------------------------------------------------------------- 320 x 200 8-bit 50 Hz 320 x 200 8-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 320 x 200 8-bit 60 Hz 320 x 200 8-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 320 x 200 16-bit 50 Hz 320 x 200 16-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 320 x 200 16-bit 60 Hz 320 x 200 16-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 320 x 200 32-bit 50 Hz 320 x 200 32-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 320 x 200 32-bit 60 Hz 320 x 200 32-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 320 x 240 8-bit 50 Hz 320 x 240 8-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 320 x 240 8-bit 60 Hz 320 x 240 8-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 320 x 240 16-bit 50 Hz 320 x 240 16-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 320 x 240 16-bit 60 Hz 320 x 240 16-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 320 x 240 32-bit 50 Hz 320 x 240 32-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 320 x 240 32-bit 60 Hz 320 x 240 32-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 400 x 300 8-bit 50 Hz 400 x 300 8-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 400 x 300 8-bit 60 Hz 400 x 300 8-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 400 x 300 16-bit 50 Hz 400 x 300 16-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 400 x 300 16-bit 60 Hz 400 x 300 16-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 400 x 300 32-bit 50 Hz 400 x 300 32-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 400 x 300 32-bit 60 Hz 400 x 300 32-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 512 x 384 8-bit 50 Hz 512 x 384 8-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 512 x 384 8-bit 60 Hz 512 x 384 8-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 512 x 384 16-bit 50 Hz 512 x 384 16-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 512 x 384 16-bit 60 Hz 512 x 384 16-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 512 x 384 32-bit 50 Hz 512 x 384 32-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 512 x 384 32-bit 60 Hz 512 x 384 32-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 640 x 400 8-bit 50 Hz 640 x 400 8-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 640 x 400 8-bit 60 Hz 640 x 400 8-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 640 x 400 16-bit 50 Hz 640 x 400 16-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 640 x 400 16-bit 60 Hz 640 x 400 16-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 640 x 400 32-bit 50 Hz 640 x 400 32-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 640 x 400 32-bit 60 Hz 640 x 400 32-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 640 x 480 8-bit 50 Hz 640 x 480 8-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 640 x 480 8-bit 60 Hz 640 x 480 8-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 640 x 480 16-bit 50 Hz 640 x 480 16-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 640 x 480 16-bit 60 Hz 640 x 480 16-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 640 x 480 32-bit 50 Hz 640 x 480 32-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 640 x 480 32-bit 60 Hz 640 x 480 32-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 768 x 480 8-bit 50 Hz 768 x 480 8-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 768 x 480 8-bit 60 Hz 768 x 480 8-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 768 x 480 16-bit 50 Hz 768 x 480 16-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 768 x 480 16-bit 60 Hz 768 x 480 16-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 768 x 480 32-bit 50 Hz 768 x 480 32-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 768 x 480 32-bit 60 Hz 768 x 480 32-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 800 x 600 8-bit 50 Hz 800 x 600 8-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 800 x 600 8-bit 60 Hz 800 x 600 8-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 800 x 600 16-bit 50 Hz 800 x 600 16-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 800 x 600 16-bit 60 Hz 800 x 600 16-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 800 x 600 32-bit 50 Hz 800 x 600 32-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 800 x 600 32-bit 60 Hz 800 x 600 32-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 960 x 600 8-bit 50 Hz 960 x 600 8-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 960 x 600 8-bit 60 Hz 960 x 600 8-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 960 x 600 16-bit 50 Hz 960 x 600 16-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 960 x 600 16-bit 60 Hz 960 x 600 16-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 960 x 600 32-bit 50 Hz 960 x 600 32-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 960 x 600 32-bit 60 Hz 960 x 600 32-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1024 x 768 8-bit 50 Hz 1024 x 768 8-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1024 x 768 8-bit 60 Hz 1024 x 768 8-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1024 x 768 16-bit 50 Hz 1024 x 768 16-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1024 x 768 16-bit 60 Hz 1024 x 768 16-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1024 x 768 32-bit 50 Hz 1024 x 768 32-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1024 x 768 32-bit 60 Hz 1024 x 768 32-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 720 8-bit 50 Hz 1280 x 720 8-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 720 8-bit 60 Hz 1280 x 720 8-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 720 16-bit 50 Hz 1280 x 720 16-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 720 16-bit 60 Hz 1280 x 720 16-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 720 32-bit 50 Hz 1280 x 720 32-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 720 32-bit 60 Hz 1280 x 720 32-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 768 8-bit 50 Hz 1280 x 768 8-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 768 8-bit 60 Hz 1280 x 768 8-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 768 16-bit 50 Hz 1280 x 768 16-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 768 16-bit 60 Hz 1280 x 768 16-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 768 32-bit 50 Hz 1280 x 768 32-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1280 x 768 32-bit 60 Hz 1280 x 768 32-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1360 x 768 8-bit 50 Hz 1360 x 768 8-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1360 x 768 8-bit 60 Hz 1360 x 768 8-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1360 x 768 16-bit 50 Hz 1360 x 768 16-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1360 x 768 16-bit 60 Hz 1360 x 768 16-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1360 x 768 32-bit 50 Hz 1360 x 768 32-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1360 x 768 32-bit 60 Hz 1360 x 768 32-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1366 x 768 8-bit 50 Hz 1366 x 768 8-bit 60 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 1366 x 768 16-bit 60 Hz 1366 x 768 32-bit 50 Hz [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] --------[ GPGPU ]------------------------------------------------------------------------------------------------------- [ OpenCL: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz ] OpenCL Properties: Platform Name Intel(R) OpenCL Platform Vendor Intel(R) Corporation Platform Version OpenCL 1.1 Platform Profile Full Device Properties: Device Name Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz Device Type CPU Device Vendor Intel(R) Corporation Device Version OpenCL 1.1 (Build 37149.37214) Device Profile Full Driver Version 1.1 OpenCL C Version OpenCL C 1.1 Clock Rate 2299 MHz Compute Units 4 Address Space Size 32-bit Max 2D Image Size 8192 x 8192 Max 3D Image Size 2048 x 2048 x 2048 Max Samplers 480 Max Work-Item Size 1024 x 1024 x 1024 Max Work-Group Size 1024 Max Argument Size 3840 bytes Max Constant Buffer Size 128 KB Max Constant Arguments 480 Native ISA Vector Widths char16, short8, int2, float4, double2 Preferred Native Vector Widths char16, short8, int4, long2, float4, double2 Profiling Timer Resolution 446 ns OpenCL DLL opencl.dll (1.2.2.0) Memory Properties: Global Memory 2047 MB Global Memory Cache 256 KB (Read/Write, 64-byte line) Local Memory 32 KB Max Memory Object Allocation Size 524256 KB Memory Base Address Alignment 1024-bit Min Data Type Alignment 128 bytes OpenCL Compliancy: OpenCL 1.1 Yes (100%) OpenCL 1.2 Yes (100%) OpenCL 2.0 No (62%) Device Features: Command-Queue Out Of Order Execution Enabled Command-Queue Profiling Enabled Compiler Available Yes Error Correction Not Supported Images Supported Kernel Execution Supported Linker Available No Little-Endian Device Yes Native Kernel Execution Supported Sub-Group Independent Forward Progress Not Supported SVM Atomics Not Supported SVM Coarse Grain Buffer Not Supported SVM Fine Grain Buffer Not Supported SVM Fine Grain System Not Supported Thread Trace Not Supported Unified Memory Yes Half-Precision Floating-Point Capabilities: Correctly Rounded Divide and Sqrt Not Supported Denorms Not Supported IEEE754-2008 FMA Not Supported INF and NaNs Not Supported Rounding to Infinity Not Supported Rounding to Nearest Even Not Supported Rounding to Zero Not Supported Software Basic Floating-Point Operations No Single-Precision Floating-Point Capabilities: Correctly Rounded Divide and Sqrt Not Supported Denorms Supported IEEE754-2008 FMA Not Supported INF and NaNs Supported Rounding to Infinity Not Supported Rounding to Nearest Even Supported Rounding to Zero Not Supported Software Basic Floating-Point Operations No Double-Precision Floating-Point Capabilities: Correctly Rounded Divide and Sqrt Not Supported Denorms Supported IEEE754-2008 FMA Supported INF and NaNs Supported Rounding to Infinity Supported Rounding to Nearest Even Supported Rounding to Zero Supported Software Basic Floating-Point Operations No Device Extensions: Total / Supported Extensions 93 / 12 cl_altera_compiler_mode Not Supported cl_altera_device_temperature Not Supported cl_altera_live_object_tracking Not Supported cl_amd_bus_addressable_memory Not Supported cl_amd_c1x_atomics Not Supported cl_amd_compile_options Not Supported cl_amd_core_id Not Supported cl_amd_d3d10_interop Not Supported cl_amd_d3d9_interop Not Supported cl_amd_device_attribute_query Not Supported cl_amd_device_board_name Not Supported cl_amd_device_memory_flags Not Supported cl_amd_device_persistent_memory Not Supported cl_amd_device_profiling_timer_offset Not Supported cl_amd_device_topology Not Supported cl_amd_event_callback Not Supported cl_amd_fp64 Not Supported cl_amd_hsa Not Supported cl_amd_image2d_from_buffer_read_only Not Supported cl_amd_media_ops Not Supported cl_amd_media_ops2 Not Supported cl_amd_offline_devices Not Supported cl_amd_popcnt Not Supported cl_amd_predefined_macros Not Supported cl_amd_printf Not Supported cl_amd_svm Not Supported cl_amd_vec3 Not Supported cl_apple_contextloggingfunctions Not Supported cl_apple_gl_sharing Not Supported cl_apple_setmemobjectdestructor Not Supported cl_arm_core_id Not Supported cl_arm_printf Not Supported cl_ext_atomic_counters_32 Not Supported cl_ext_atomic_counters_64 Not Supported cl_ext_device_fission Supported cl_ext_migrate_memobject Not Supported cl_intel_accelerator Not Supported cl_intel_advanced_motion_estimation Not Supported cl_intel_ctz Not Supported cl_intel_d3d11_nv12_media_sharing Not Supported cl_intel_device_partition_by_names Not Supported cl_intel_dx9_media_sharing Supported cl_intel_exec_by_local_thread Supported cl_intel_motion_estimation Not Supported cl_intel_printf Supported cl_intel_simultaneous_sharing Not Supported cl_intel_subgroups Not Supported cl_intel_thread_local_exec Not Supported cl_intel_va_api_media_sharing Not Supported cl_intel_visual_analytics Not Supported cl_khr_3d_image_writes Not Supported cl_khr_byte_addressable_store Supported cl_khr_context_abort Not Supported cl_khr_d3d10_sharing Not Supported cl_khr_d3d11_sharing Not Supported cl_khr_depth_images Not Supported cl_khr_dx9_media_sharing Not Supported cl_khr_egl_event Not Supported cl_khr_egl_image Not Supported cl_khr_fp16 Not Supported cl_khr_fp64 Supported cl_khr_gl_depth_images Not Supported cl_khr_gl_event Not Supported cl_khr_gl_msaa_sharing Not Supported cl_khr_gl_sharing Supported cl_khr_global_int32_base_atomics Supported cl_khr_global_int32_extended_atomics Supported cl_khr_icd Supported cl_khr_il_program Not Supported cl_khr_image2d_from_buffer Not Supported cl_khr_initialize_memory Not Supported cl_khr_int64_base_atomics Not Supported cl_khr_int64_extended_atomics Not Supported cl_khr_local_int32_base_atomics Supported cl_khr_local_int32_extended_atomics Supported cl_khr_mipmap_image Not Supported cl_khr_mipmap_image_writes Not Supported cl_khr_priority_hints Not Supported cl_khr_select_fprounding_mode Not Supported cl_khr_spir Not Supported cl_khr_srgb_image_writes Not Supported cl_khr_subgroups Not Supported cl_khr_terminate_context Not Supported cl_khr_throttle_hints Not Supported cl_nv_compiler_options Not Supported cl_nv_copy_opts Not Supported cl_nv_d3d10_sharing Not Supported cl_nv_d3d11_sharing Not Supported cl_nv_d3d9_sharing Not Supported cl_nv_device_attribute_query Not Supported cl_nv_pragma_unroll Not Supported cl_qcom_ext_host_ptr Not Supported cl_qcom_ion_host_ptr Not Supported Device Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/graphics Driver Update http://www.aida64.com/driver-updates --------[ Windows Audio ]----------------------------------------------------------------------------------------------- midi-out.0 0001 001B Microsoft GS Wavetable Synth mixer.0 0001 0068 Speakers (Conexant 20672 SmartA mixer.1 0001 0068 Internal Microphone (Conexant 2 wave-in.0 0001 0065 Internal Microphone (Conexant 2 wave-out.0 0001 0064 Speakers (Conexant 20672 SmartA --------[ PCI / PnP Audio ]--------------------------------------------------------------------------------------------- Conexant Cx20590 @ Intel Cougar Point PCH - High Definition Audio Controller [B-2] PCI Intel Cougar Point HDMI @ Intel Cougar Point PCH - High Definition Audio Controller [B-2] PCI --------[ HD Audio ]---------------------------------------------------------------------------------------------------- [ Intel Cougar Point PCH - High Definition Audio Controller [B-2] ] Device Properties: Device Description Intel Cougar Point PCH - High Definition Audio Controller [B-2] Device Description (Windows) High Definition Audio Controller Bus Type PCI Bus / Device / Function 0 / 27 / 0 Device ID 8086-1C20 Subsystem ID 17AA-21CE Revision 04 Hardware ID PCI\VEN_8086&DEV_1C20&SUBSYS_21CE17AA&REV_04 Device Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ Conexant Cx20590 ] Device Properties: Device Description Conexant Cx20590 Device Description (Windows) Conexant 20672 SmartAudio HD Device Type Audio Bus Type HDAUDIO Device ID 14F1-506E Subsystem ID 17AA-21CE Revision 1000 Hardware ID HDAUDIO\FUNC_01&VEN_14F1&DEV_506E&SUBSYS_17AA21CE&REV_1000 [ Intel Cougar Point HDMI ] Device Properties: Device Description Intel Cougar Point HDMI Device Description (Windows) Intel(R) Display Audio Device Type Audio Bus Type HDAUDIO Device ID 8086-2805 Subsystem ID 8086-0101 Revision 1000 Hardware ID HDAUDIO\FUNC_01&VEN_8086&DEV_2805&SUBSYS_80860101&REV_1000 Device Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/chipsets Driver Update http://www.aida64.com/driver-updates --------[ Windows Storage ]--------------------------------------------------------------------------------------------- [ Crucial_CT525MX300SSD1 ] Device Properties: Driver Description Crucial_CT525MX300SSD1 Driver Date 21.06.2006 Driver Version 6.1.7601.19133 Driver Provider Microsoft INF File disk.inf INF Section disk_install.NT Device Manufacturer: Company Name Micron Technology, Inc. Product Information http://www.crucial.com/store/ssd.aspx [ DTSOFT Virtual CdRom Device ] Device Properties: Driver Description DTSOFT Virtual CdRom Device Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File cdrom.inf INF Section cdrom_install [ HL-DT-ST DVDRAM GT33N ] Device Properties: Driver Description HL-DT-ST DVDRAM GT33N Driver Date 21.06.2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File cdrom.inf INF Section cdrom_install Device Manufacturer: Company Name LG Electronics Product Information http://www.lg.com/us/data-storage Firmware Download http://www.lg.com/us/support [ Intel(R) Mobile Express Chipset SATA AHCI Controller ] Device Properties: Driver Description Intel(R) Mobile Express Chipset SATA AHCI Controller Driver Date 30.05.2012 Driver Version 11.2.0.1006 Driver Provider Intel INF File oem5.inf INF Section iaStor_Install Device Resources: IRQ 19 Memory F2528000-F25287FF Port 5060-507F Port 50A0-50A7 Port 50A8-50AF Port 50B8-50BB Port 50BC-50BF --------[ Logical Drives ]---------------------------------------------------------------------------------------------- [ TRIAL VERSION ] Local Disk NTFS [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] D: (Resources) Local Disk NTFS 396423 MB 284277 MB 112146 MB 28 % 66BB-CBAC E: Optical Drive F: Optical Drive --------[ Physical Drives ]--------------------------------------------------------------------------------------------- [ Drive #1 - Crucial_CT525MX300SS (489 GB) ] #1 (Active) NTFS 1 MB 156 MB #2 NTFS C: (System) 157 MB 104203 MB #3 NTFS D: (Resources) 104360 MB 396424 MB --------[ Optical Drives ]---------------------------------------------------------------------------------------------- [ E:\ HL-DT-ST DVDRAM GT33N ] Optical Drive Properties: Device Description HL-DT-ST DVDRAM GT33N Serial Number M00B8N91701 Firmware Revision LT22 Buffer Size 1 MB Region Code None Remaining User Changes 5 Remaining Vendor Changes 4 Supported Disk Types: BD-ROM Not Supported BD-R Not Supported BD-RE Not Supported HD DVD-ROM Not Supported HD DVD-R Dual Layer Not Supported HD DVD-RW Dual Layer Not Supported HD DVD-R Not Supported HD DVD-RW Not Supported HD DVD-RAM Not Supported DVD-ROM Read DVD+R9 Dual Layer Read + Write DVD+RW9 Dual Layer Not Supported DVD+R Read + Write DVD+RW Read + Write DVD-R9 Dual Layer Read + Write DVD-RW9 Dual Layer Not Supported DVD-R Read + Write DVD-RW Read + Write DVD-RAM Read + Write CD-ROM Read CD-R Read + Write CD-RW Read + Write Optical Drive Features: AACS Not Supported BD CPS Not Supported Buffer Underrun Protection Supported C2 Error Pointers Not Supported CD+G Not Supported CD-Text Supported DVD-Download Disc Recording Not Supported Hybrid Disc Not Supported JustLink Not Supported CPRM Supported CSS Supported LabelFlash Not Supported Layer-Jump Recording Supported LightScribe Not Supported Mount Rainier Not Supported OSSC Not Supported Qflix Recording Not Supported SecurDisc Not Supported SMART Not Supported VCPS Not Supported [ F:\ DTSOFT Virtual CdRom Device ] Optical Drive Properties: Device Description DTSOFT Virtual CdRom Device Firmware Revision 1.05 Buffer Size 128 KB Region Code 1 Remaining User Changes 4 Remaining Vendor Changes 4 Supported Disk Types: BD-ROM Read BD-R Read BD-RE Read HD DVD-ROM Not Supported HD DVD-R Dual Layer Not Supported HD DVD-RW Dual Layer Not Supported HD DVD-R Not Supported HD DVD-RW Not Supported HD DVD-RAM Not Supported DVD-ROM Read DVD+R9 Dual Layer Read DVD+RW9 Dual Layer Read DVD+R Read DVD+RW Read DVD-R9 Dual Layer Read DVD-RW9 Dual Layer Not Supported DVD-R Read DVD-RW Read DVD-RAM Not Supported CD-ROM Read CD-R Read CD-RW Read Optical Drive Features: AACS Not Supported BD CPS Not Supported Buffer Underrun Protection Not Supported C2 Error Pointers Supported CD+G Supported CD-Text Supported DVD-Download Disc Recording Not Supported Hybrid Disc Not Supported JustLink Not Supported CPRM Not Supported CSS Not Supported LabelFlash Not Supported Layer-Jump Recording Not Supported LightScribe Not Supported Mount Rainier Not Supported OSSC Not Supported Qflix Recording Not Supported SecurDisc Not Supported SMART Not Supported VCPS Not Supported --------[ ASPI ]-------------------------------------------------------------------------------------------------------- 00 00 00 Disk Drive Crucial_ CT525MX300SSD1 00 01 00 Optical Drive HL-DT-ST DVDRAM GT33N 00 07 00 Host Adapter iaStor --------[ ATA ]--------------------------------------------------------------------------------------------------------- [ Crucial_CT525MX300SSD1 (17491A02D19F) ] ATA Device Properties: Model ID Crucial_CT525MX300SSD1 Serial Number 17491A02D19F Revision M0CR060 World Wide Name 5-00A075-11A02D19F Device Type SATA-III Parameters 1017471 cylinders, 16 heads, 63 sectors per track, 512 bytes per sector LBA Sectors 1025610768 Physical / Logical Sector Size 512 bytes / 512 bytes Multiple Sectors 16 Max. PIO Transfer Mode PIO 4 Max. MWDMA Transfer Mode MWDMA 2 Max. UDMA Transfer Mode UDMA 6 Active UDMA Transfer Mode UDMA 6 Unformatted Capacity 500787 MB Form Factor 2.5" Rotational Speed SSD ATA Device Features: 48-bit LBA Supported, Enabled Automatic Acoustic Management (AAM) Not Supported Device Configuration Overlay (DCO) Not Supported DMA Setup Auto-Activate Supported, Enabled Free-Fall Control Not Supported General Purpose Logging (GPL) Supported, Enabled Hardware Feature Control Not Supported Host Protected Area (HPA) Not Supported HPA Security Extensions Not Supported Hybrid Information Feature Not Supported In-Order Data Delivery Not Supported Native Command Queuing (NCQ) Supported NCQ Autosense Not Supported NCQ Priority Information Supported NCQ Queue Management Command Not Supported NCQ Streaming Not Supported Phy Event Counters Supported Read Look-Ahead Supported, Enabled Release Interrupt Not Supported Security Mode Supported, Disabled Sense Data Reporting (SDR) Not Supported Service Interrupt Not Supported SMART Supported, Enabled SMART Error Logging Supported, Enabled SMART Self-Test Supported, Enabled Software Settings Preservation (SSP) Supported, Enabled Streaming Not Supported Tagged Command Queuing (TCQ) Not Supported Write Cache Supported, Enabled Write-Read-Verify Supported, Disabled SSD Features: Data Set Management Supported Deterministic Read After TRIM Supported TRIM Command Supported Power Management Features: Advanced Power Management Not Supported Automatic Partial to Slumber Transitions (APST) Disabled Device Initiated Interface Power Management (DIPM)Supported, Enabled Device Sleep (DEVSLP) Supported Extended Power Conditions (EPC) Not Supported Host Initiated Interface Power Management (HIPM) Not Supported IDLE IMMEDIATE With UNLOAD FEATURE Supported, Enabled Link Power State Device Sleep Supported, Disabled Power Management Supported, Enabled Power-Up In Standby (PUIS) Not Supported ATA Commands: DEVICE RESET Not Supported DOWNLOAD MICROCODE Supported, Enabled FLUSH CACHE Supported, Enabled FLUSH CACHE EXT Supported, Enabled NOP Supported, Enabled READ BUFFER Supported, Enabled WRITE BUFFER Supported, Enabled Device Manufacturer: Company Name Micron Technology, Inc. Product Information http://www.crucial.com/store/ssd.aspx Driver Update http://www.aida64.com/driver-updates --------[ SMART ]------------------------------------------------------------------------------------------------------- [ Crucial_CT525MX300SSD1 (17491A02D19F) ] 01 Raw Read Error Rate 0 100 100 0 OK: Always passes 05 Reallocated Sector Count 10 100 100 0 OK: Value is normal 09 Power-On Time Count 0 100 100 7 OK: Always passes 0C Power Cycle Count 0 100 100 36 OK: Always passes AB 0 100 100 0 OK: Always passes AC 0 100 100 0 OK: Always passes AD 0 100 100 1 OK: Always passes AE 0 100 100 0 OK: Always passes B7 0 100 100 0 OK: Always passes B8 End-to-End Error 0 100 100 0 OK: Always passes BB Reported Uncorrectable Errors 0 100 100 0 OK: Always passes C2 Temperature 0 66 51 49, 10, 34 OK: Always passes C4 Reallocation Event Count 0 100 100 0 OK: Always passes C5 Current Pending Sector Count 0 100 100 0 OK: Always passes C6 Offline Uncorrectable Sector Count 0 100 100 0 OK: Always passes C7 Ultra ATA CRC Error Rate 0 100 100 0 OK: Always passes CA Data Address Mark Errors 1 100 100 0 OK: Value is normal CE Flying Height 0 100 100 0 OK: Always passes F6 0 100 100 901884833 OK: Always passes F7 0 100 100 28223610 OK: Always passes F8 0 100 100 3629257 OK: Always passes B4 0 0 0 1921 OK: Always passes D2 Ramp Load Value 0 100 100 0 OK: Always passes --------[ Windows Network ]--------------------------------------------------------------------------------------------- [ Bluetooth Device (Personal Area Network) #2 ] Network Adapter Properties: Network Adapter Bluetooth Device (Personal Area Network) #2 Interface Type Bluetooth Ethernet Hardware Address 40-2C-F4-6B-8A-5A Connection Name Bluetooth Network Connection 2 MTU 1500 bytes Bytes Received 0 Bytes Sent 0 [ Intel(R) 82579LM Gigabit Network Connection ] Network Adapter Properties: Network Adapter Intel(R) 82579LM Gigabit Network Connection Interface Type Gigabit Ethernet Hardware Address 00-21-CC-6E-3A-B1 Connection Name Local Area Connection 3 MTU 1500 bytes Bytes Received 0 Bytes Sent 0 Network Adapter Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/embedded Driver Download http://www.intel.com/support/network Driver Update http://www.aida64.com/driver-updates [ Intel(R) Centrino(R) Advanced-N 6205 ] Network Adapter Properties: Network Adapter Intel(R) Centrino(R) Advanced-N 6205 Interface Type 802.11 Wireless Ethernet Hardware Address 08-11-96-80-CF-A4 Connection Name Wireless Network Connection Connection Speed 54 Mbps MTU 1500 bytes DHCP Lease Obtained 25.03.2018 14:39:51 DHCP Lease Expires 26.03.2018 14:39:51 Bytes Received 2418086166 (2306.1 MB) Bytes Sent 66817937 (63.7 MB) Network Adapter Addresses: IP / Subnet Mask [ TRIAL VERSION ] Gateway [ TRIAL VERSION ] DHCP [ TRIAL VERSION ] DNS [ TRIAL VERSION ] DNS [ TRIAL VERSION ] WLAN Properties: Network Type Infrastructure SSID ThonWifi BSSID 00-1E-13-11-68-00 Authentication Algorithm 802.11 Open System Cipher Algorithm None Channel 36 (5180 MHz) Signal Strength -43 dBm (Excellent) Transmit Rate 54 Mbps Receive Rate 54 Mbps Network Adapter Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/embedded Driver Download http://www.intel.com/support/network Driver Update http://www.aida64.com/driver-updates [ Microsoft Virtual WiFi Miniport Adapter #2 ] Network Adapter Properties: Network Adapter Microsoft Virtual WiFi Miniport Adapter #2 Interface Type 802.11 Wireless Ethernet Hardware Address 08-11-96-80-CF-A5 Connection Name Wireless Network Connection 3 MTU 1500 bytes Bytes Received 0 Bytes Sent 0 [ Microsoft Virtual WiFi Miniport Adapter ] Network Adapter Properties: Network Adapter Microsoft Virtual WiFi Miniport Adapter Interface Type 802.11 Wireless Ethernet Hardware Address 08-11-96-80-CF-A5 Connection Name Wireless Network Connection 2 MTU 1500 bytes Bytes Received 0 Bytes Sent 0 WLAN Properties: Network Type Infrastructure --------[ PCI / PnP Network ]------------------------------------------------------------------------------------------- Intel 82579LM Gigabit Network Connection PCI Intel Centrino Advanced-N 6205 AGN 2x2 HMC WiFi Adapter PCI --------[ Internet ]---------------------------------------------------------------------------------------------------- Internet Settings: Start Page about:Tabs Search Page http://go.microsoft.com/fwlink/?LinkId=54896 Local Page C:\Windows\system32\blank.htm Download Folder Current Proxy: Proxy Status Disabled LAN Proxy: Proxy Status Disabled --------[ Routes ]------------------------------------------------------------------------------------------------------ Active 0.0.0.0 0.0.0.0 10.127.128.1 25 10.127.129.20 (Intel(R) Centrino(R) Advanced-N 6205) Active 10.127.128.0 255.255.252.0 10.127.129.20 281 10.127.129.20 (Intel(R) Centrino(R) Advanced-N 6205) Active [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 281 [ TRIAL VERSION ] Active 10.127.131.255 255.255.255.255 10.127.129.20 281 10.127.129.20 (Intel(R) Centrino(R) Advanced-N 6205) Active 127.0.0.0 255.0.0.0 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1) Active [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 306 [ TRIAL VERSION ] Active 127.255.255.255 255.255.255.255 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1) Active 224.0.0.0 240.0.0.0 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1) Active [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 281 [ TRIAL VERSION ] Active 255.255.255.255 255.255.255.255 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1) Active 255.255.255.255 255.255.255.255 10.127.129.20 281 10.127.129.20 (Intel(R) Centrino(R) Advanced-N 6205) --------[ DirectX Files ]----------------------------------------------------------------------------------------------- amstream.dll 6.06.7601.17514 Final Retail English 70656 21.11.2010 5:24:00 bdaplgin.ax 6.01.7600.16385 Final Retail Russian 74240 14.07.2009 3:14:10 d2d1.dll 6.02.9200.16765 Final Retail English 3419136 26.11.2013 10:16:52 d3d10.dll 6.02.9200.16492 Final Retail English 1080832 23.12.2014 12:24:28 d3d10_1.dll 6.02.9200.16492 Final Retail English 161792 23.12.2014 12:24:28 d3d10_1core.dll 6.02.9200.16492 Final Retail English 249856 23.12.2014 12:24:28 d3d10core.dll 6.02.9200.16492 Final Retail English 220160 23.12.2014 12:24:28 d3d10level9.dll 6.02.9200.21830 Final Retail English 603648 19.07.2016 11:48:20 d3d10warp.dll 6.02.9200.17033 Final Retail English 1987584 30.07.2015 19:57:32 d3d11.dll 6.02.9200.16570 Final Retail English 1505280 23.12.2014 12:23:24 d3d8.dll 6.01.7600.16385 Final Retail English 1036800 14.07.2009 3:15:08 d3d8thk.dll 6.01.7600.16385 Final Retail English 11264 14.07.2009 3:15:08 d3d9.dll 6.01.7601.17514 Final Retail English 1828352 21.11.2010 5:24:23 d3dim.dll 6.01.7600.16385 Final Retail English 386048 14.07.2009 3:15:08 d3dim700.dll 6.01.7600.16385 Final Retail English 817664 14.07.2009 3:15:08 d3dramp.dll 6.01.7600.16385 Final Retail English 593920 14.07.2009 3:15:08 d3dxof.dll 6.01.7600.16385 Final Retail English 53760 14.07.2009 3:15:08 ddraw.dll 6.01.7600.16385 Final Retail English 531968 14.07.2009 3:15:10 ddrawex.dll 6.01.7600.16385 Final Retail English 30208 14.07.2009 3:15:10 devenum.dll 6.06.7601.19091 Final Retail English 67584 19.07.2016 11:40:30 dinput.dll 6.01.7600.16385 Final Retail English 136704 14.07.2009 3:15:11 dinput8.dll 6.01.7600.16385 Final Retail English 145408 14.07.2009 3:15:11 dmband.dll 6.01.7600.16385 Final Retail English 30720 14.07.2009 3:15:12 dmcompos.dll 6.01.7600.16385 Final Retail English 63488 14.07.2009 3:15:12 dmime.dll 6.01.7600.16385 Final Retail English 179712 14.07.2009 3:15:12 dmloader.dll 6.01.7600.16385 Final Retail English 38400 14.07.2009 3:15:12 dmscript.dll 6.01.7600.16385 Final Retail English 86016 14.07.2009 3:15:12 dmstyle.dll 6.01.7600.16385 Final Retail English 105984 14.07.2009 3:15:12 dmsynth.dll 6.01.7600.16385 Final Retail English 105472 14.07.2009 3:15:12 dmusic.dll 6.01.7600.16385 Final Retail English 101376 14.07.2009 3:15:12 dplaysvr.exe 6.01.7600.16385 Final Retail English 29184 14.07.2009 3:14:18 dplayx.dll 6.01.7600.16385 Final Retail English 213504 14.07.2009 3:15:12 dpmodemx.dll 6.01.7600.16385 Final Retail English 23040 14.07.2009 3:15:12 dpnaddr.dll 6.01.7601.17514 Final Retail English 2560 21.11.2010 5:23:53 dpnathlp.dll 6.01.7600.16385 Final Retail English 57344 14.07.2009 3:15:14 dpnet.dll 6.01.7601.17989 Final Retail English 376832 02.11.2012 7:11:31 dpnhpast.dll 6.01.7600.16385 Final Retail English 7168 14.07.2009 3:15:12 dpnhupnp.dll 6.01.7600.16385 Final Retail English 7168 14.07.2009 3:15:12 dpnlobby.dll 6.01.7600.16385 Final Retail English 2560 14.07.2009 3:04:52 dpnsvr.exe 6.01.7600.16385 Final Retail English 33280 14.07.2009 3:14:18 dpwsockx.dll 6.01.7600.16385 Final Retail English 44032 14.07.2009 3:15:12 dsdmo.dll 6.01.7600.16385 Final Retail English 173568 14.07.2009 3:15:13 dsound.dll 6.01.7600.16385 Final Retail English 453632 14.07.2009 3:15:13 dswave.dll 6.01.7600.16385 Final Retail English 20992 14.07.2009 3:15:13 dwrite.dll 6.02.9200.22164 Final Retail English 1251328 12.05.2017 18:25:42 dxdiagn.dll 6.01.7601.17514 Final Retail English 210432 21.11.2010 5:24:22 dxgi.dll 6.02.9200.16492 Final Retail English 293376 23.12.2014 12:24:28 dxmasf.dll 12.00.7601.23930 Final Retail English 4096 12.10.2017 2:24:38 dxtmsft.dll 11.00.9600.18838 Final Retail English 416256 14.10.2017 8:38:50 dxtrans.dll 11.00.9600.18838 Final Retail English 279040 14.10.2017 8:31:18 dxva2.dll 6.01.7600.16385 Final Retail English 88064 14.07.2009 3:15:14 encapi.dll 6.01.7600.16385 Final Retail English 20992 14.07.2009 3:15:14 gcdef.dll 6.01.7600.16385 Final Retail English 120832 14.07.2009 3:15:22 iac25_32.ax 2.00.0005.0053 Final Retail English 197632 14.07.2009 3:14:10 ir41_32.ax 4.51.0016.0003 Final Retail English 839680 14.07.2009 3:14:10 ir41_qc.dll 4.30.0062.0002 Final Retail English 120320 14.07.2009 3:15:34 ir41_qcx.dll 4.30.0062.0002 Final Retail English 120320 14.07.2009 3:15:34 ir50_32.dll 5.2562.0015.0055 Final Retail English 746496 14.07.2009 3:15:34 ir50_qc.dll 5.00.0063.0048 Final Retail English 200192 14.07.2009 3:15:34 ir50_qcx.dll 5.00.0063.0048 Final Retail English 200192 14.07.2009 3:15:34 ivfsrc.ax 5.10.0002.0051 Final Retail English 146944 14.07.2009 3:14:10 joy.cpl 6.01.7600.16385 Final Retail English 138240 14.07.2009 3:14:09 ksproxy.ax 6.01.7601.19091 Final Retail Russian 193536 19.07.2016 11:40:47 kstvtune.ax 6.01.7601.17514 Final Retail English 84480 21.11.2010 5:25:10 ksuser.dll 6.01.7601.19091 Final Retail Russian 4608 19.07.2016 11:40:47 kswdmcap.ax 6.01.7601.17514 Final Retail English 107008 21.11.2010 5:24:15 ksxbar.ax 6.01.7601.17514 Final Retail English 48640 21.11.2010 5:25:10 mciqtz32.dll 6.06.7601.17514 Final Retail English 36352 21.11.2010 5:24:00 mfc40.dll 4.01.0000.6151 Beta Retail English 954752 21.11.2010 5:24:00 mfc42.dll 6.06.8064.0000 Beta Retail English 1137664 11.03.2011 7:33:59 Microsoft.DirectX.AudioVideoPlayback.dll 5.04.0000.2904 Final Retail English 53248 23.12.2014 12:40:47 Microsoft.DirectX.Diagnostics.dll 5.04.0000.2904 Final Retail English 12800 23.12.2014 12:40:47 Microsoft.DirectX.Direct3D.dll 9.05.0132.0000 Final Retail English 473600 23.12.2014 12:40:47 Microsoft.DirectX.Direct3DX.dll 5.04.0000.3900 Final Retail English 2676224 23.12.2014 12:40:45 Microsoft.DirectX.Direct3DX.dll 9.04.0091.0000 Final Retail English 2846720 23.12.2014 12:40:45 Microsoft.DirectX.Direct3DX.dll 9.05.0132.0000 Final Retail English 563712 23.12.2014 12:40:45 Microsoft.DirectX.Direct3DX.dll 9.06.0168.0000 Final Retail English 567296 23.12.2014 12:40:45 Microsoft.DirectX.Direct3DX.dll 9.07.0239.0000 Final Retail English 576000 23.12.2014 12:40:45 Microsoft.DirectX.Direct3DX.dll 9.08.0299.0000 Final Retail English 577024 23.12.2014 12:40:45 Microsoft.DirectX.Direct3DX.dll 9.09.0376.0000 Final Retail English 577536 23.12.2014 12:40:45 Microsoft.DirectX.Direct3DX.dll 9.10.0455.0000 Final Retail English 577536 23.12.2014 12:40:45 Microsoft.DirectX.Direct3DX.dll 9.11.0519.0000 Final Retail English 578560 23.12.2014 12:40:45 Microsoft.DirectX.Direct3DX.dll 9.12.0589.0000 Final Retail English 578560 23.12.2014 12:40:47 Microsoft.DirectX.DirectDraw.dll 5.04.0000.2904 Final Retail English 145920 23.12.2014 12:40:47 Microsoft.DirectX.DirectInput.dll 5.04.0000.2904 Final Retail English 159232 23.12.2014 12:40:48 Microsoft.DirectX.DirectPlay.dll 5.04.0000.2904 Final Retail English 364544 23.12.2014 12:40:48 Microsoft.DirectX.DirectSound.dll 5.04.0000.2904 Final Retail English 178176 23.12.2014 12:40:48 Microsoft.DirectX.dll 5.04.0000.2904 Final Retail English 223232 23.12.2014 12:40:47 mpeg2data.ax 6.06.7601.17514 Final Retail Russian 72704 21.11.2010 5:25:10 mpg2splt.ax 6.06.7601.17528 Final Retail English 199680 23.12.2010 7:50:23 msdmo.dll 6.06.7601.17514 Final Retail English 30720 21.11.2010 5:24:02 msdvbnp.ax 6.06.7601.17514 Final Retail Russian 59904 21.11.2010 5:25:10 msvidctl.dll 6.05.7601.23569 Final Retail English 2291712 07.10.2016 17:12:46 msyuv.dll 6.01.7601.17514 Final Retail English 22528 21.11.2010 5:23:50 pid.dll 6.01.7600.16385 Final Retail English 36352 14.07.2009 3:16:12 psisdecd.dll 6.06.7601.17669 Final Retail Russian 465408 17.08.2011 6:24:12 psisrndr.ax 6.06.7601.17669 Final Retail Russian 75776 17.08.2011 6:19:27 qasf.dll 12.00.7601.19091 Final Retail English 206848 19.07.2016 11:40:47 qcap.dll 6.06.7601.17514 Final Retail English 190976 21.11.2010 5:24:08 qdv.dll 6.06.7601.17514 Final Retail English 283136 21.11.2010 5:24:09 qdvd.dll 6.06.7601.23471 Final Retail English 519680 14.06.2016 17:21:34 qedit.dll 6.06.7601.19091 Final Retail English 509952 19.07.2016 11:40:30 qedwipes.dll 6.06.7600.16385 Final Retail English 733184 14.07.2009 3:09:35 quartz.dll 6.06.7601.23709 Final Retail English 1329664 04.03.2017 3:14:51 vbisurf.ax 6.01.7601.17514 Final Retail English 33792 21.11.2010 5:25:10 vfwwdm32.dll 6.01.7601.17514 Final Retail English 56832 21.11.2010 5:24:09 wsock32.dll 6.01.7600.16385 Final Retail English 15360 14.07.2009 3:16:20 --------[ DirectX Video ]----------------------------------------------------------------------------------------------- [ Primary Display Driver ] DirectDraw Device Properties: DirectDraw Driver Name display DirectDraw Driver Description Primary Display Driver Hardware Driver igdumd32.dll (9.17.10.4229) Hardware Description Intel(R) HD Graphics 3000 Direct3D Device Properties: Rendering Bit Depths 8, 16, 32 Z-Buffer Bit Depths 16, 24, 32 Multisample Anti-Aliasing Modes MSAA 2x, MSAA 4x Min Texture Size 1 x 1 Max Texture Size 8192 x 8192 Unified Shader Version 4.1 DirectX Hardware Support DirectX v10.1 Direct3D Device Features: Additive Texture Blending Supported AGP Texturing Not Supported Anisotropic Filtering Supported Automatic Mipmap Generation Supported Bilinear Filtering Supported Compute Shader Not Supported Cubic Environment Mapping Supported Cubic Filtering Not Supported Decal-Alpha Texture Blending Supported Decal Texture Blending Supported Directional Lights Supported DirectX Texture Compression Not Supported DirectX Volumetric Texture Compression Not Supported Dithering Supported Dot3 Texture Blending Supported Double-Precision Floating-Point Not Supported Driver Concurrent Creates Supported Driver Command Lists Not Supported Dynamic Textures Supported Edge Anti-Aliasing Not Supported Environmental Bump Mapping Supported Environmental Bump Mapping + Luminance Supported Factor Alpha Blending Supported Geometric Hidden-Surface Removal Not Supported Geometry Shader Supported Guard Band Supported Hardware Scene Rasterization Supported Hardware Transform & Lighting Supported Legacy Depth Bias Supported Map On Default Buffers Not Supported Mipmap LOD Bias Adjustments Supported Mipmapped Cube Textures Supported Mipmapped Volume Textures Supported Modulate-Alpha Texture Blending Supported Modulate Texture Blending Supported Non-Square Textures Supported N-Patches Not Supported Perspective Texture Correction Supported Point Lights Supported Point Sampling Supported Projective Textures Supported Quintic Bezier Curves & B-Splines Not Supported Range-Based Fog Supported Rectangular & Triangular Patches Not Supported Rendering In Windowed Mode Supported Runtime Shader Linking Not Supported Scissor Test Supported Slope-Scale Based Depth Bias Supported Specular Flat Shading Supported Specular Gouraud Shading Supported Specular Phong Shading Not Supported Spherical Mapping Supported Spot Lights Supported Stencil Buffers Supported Sub-Pixel Accuracy Supported Subtractive Texture Blending Supported Table Fog Supported Texture Alpha Blending Supported Texture Clamping Supported Texture Mirroring Supported Texture Transparency Supported Texture Wrapping Supported Tiled Resources Not Supported Triangle Culling Not Supported Trilinear Filtering Supported Two-Sided Stencil Test Supported Vertex Alpha Blending Supported Vertex Fog Supported Vertex Tweening Supported Volume Textures Supported W-Based Fog Supported W-Buffering Not Supported Z-Based Fog Supported Z-Bias Supported Z-Test Supported Supported FourCC Codes: AI44 Supported AYUV Supported I420 Supported IA44 Supported IMC1 Supported IMC2 Supported IMC3 Supported IMC4 Supported IYUV Supported NV11 Supported NV12 Supported P208 Supported UYVY Supported VYUY Supported YUY2 Supported YV12 Supported YVU9 Supported YVYU Supported Video Adapter Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/graphics Driver Update http://www.aida64.com/driver-updates --------[ DirectX Sound ]----------------------------------------------------------------------------------------------- [ Primary Sound Driver ] DirectSound Device Properties: Device Description Primary Sound Driver Driver Module Primary Buffers 1 Min / Max Secondary Buffers Sample Rate 100 / 200000 Hz Primary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Secondary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Total / Free Sound Buffers 1 / 0 Total / Free Static Sound Buffers 1 / 0 Total / Free Streaming Sound Buffers 1 / 0 Total / Free 3D Sound Buffers 0 / 0 Total / Free 3D Static Sound Buffers 0 / 0 Total / Free 3D Streaming Sound Buffers 0 / 0 DirectSound Device Features: Certified Driver No Emulated Device No Precise Sample Rate Supported DirectSound3D Not Supported Creative EAX 1.0 Not Supported Creative EAX 2.0 Not Supported Creative EAX 3.0 Not Supported Creative EAX 4.0 Not Supported Creative EAX 5.0 Not Supported I3DL2 Not Supported Sensaura ZoomFX Not Supported [ Speakers (Conexant 20672 SmartAudio HD) ] DirectSound Device Properties: Device Description Speakers (Conexant 20672 SmartAudio HD) Driver Module {0.0.0.00000000}.{283e51da-6f91-4132-a817-65521d033203} Primary Buffers 1 Min / Max Secondary Buffers Sample Rate 100 / 200000 Hz Primary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Secondary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Total / Free Sound Buffers 1 / 0 Total / Free Static Sound Buffers 1 / 0 Total / Free Streaming Sound Buffers 1 / 0 Total / Free 3D Sound Buffers 0 / 0 Total / Free 3D Static Sound Buffers 0 / 0 Total / Free 3D Streaming Sound Buffers 0 / 0 DirectSound Device Features: Certified Driver No Emulated Device No Precise Sample Rate Supported DirectSound3D Not Supported Creative EAX 1.0 Not Supported Creative EAX 2.0 Not Supported Creative EAX 3.0 Not Supported Creative EAX 4.0 Not Supported Creative EAX 5.0 Not Supported I3DL2 Not Supported Sensaura ZoomFX Not Supported --------[ PCI Devices ]------------------------------------------------------------------------------------------------- [ Intel 82579LM Gigabit Network Connection ] Device Properties: Device Description Intel 82579LM Gigabit Network Connection Bus Type PCI Bus / Device / Function 0 / 25 / 0 Device ID 8086-1502 Subsystem ID 17AA-21CE Device Class 0200 (Ethernet Controller) Revision 04 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled Network Adapter Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/embedded Driver Download http://www.intel.com/support/network Driver Update http://www.aida64.com/driver-updates [ Intel Centrino Advanced-N 6205 AGN 2x2 HMC WiFi Adapter ] Device Properties: Device Description Intel Centrino Advanced-N 6205 AGN 2x2 HMC WiFi Adapter Bus Type PCI Express 1.0 x1 Bus / Device / Function 3 / 0 / 0 Device ID 8086-0085 Subsystem ID 8086-1311 Device Class 0280 (Network Controller) Revision 34 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel Cougar Point PCH - High Definition Audio Controller [B-2] ] Device Properties: Device Description Intel Cougar Point PCH - High Definition Audio Controller [B-2] Bus Type PCI Express 1.0 Bus / Device / Function 0 / 27 / 0 Device ID 8086-1C20 Subsystem ID 17AA-21CE Device Class 0403 (High Definition Audio) Revision 04 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel Cougar Point PCH - Manageability Engine Interface 1 [B-2] ] Device Properties: Device Description Intel Cougar Point PCH - Manageability Engine Interface 1 [B-2] Bus Type PCI Bus / Device / Function 0 / 22 / 0 Device ID 8086-1C3A Subsystem ID 17AA-21CE Device Class 0780 (Communications Controller) Revision 04 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel Cougar Point PCH - PCI Express Port 1 [B-2] ] Device Properties: Device Description Intel Cougar Point PCH - PCI Express Port 1 [B-2] Bus Type PCI Bus / Device / Function 0 / 28 / 0 Device ID 8086-1C10 Subsystem ID 0000-0000 Device Class 0604 (PCI/PCI Bridge) Revision B4 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel Cougar Point PCH - PCI Express Port 2 [B-2] ] Device Properties: Device Description Intel Cougar Point PCH - PCI Express Port 2 [B-2] Bus Type PCI Bus / Device / Function 0 / 28 / 1 Device ID 8086-1C12 Subsystem ID 0000-0000 Device Class 0604 (PCI/PCI Bridge) Revision B4 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel Cougar Point PCH - PCI Express Port 4 [B-2] ] Device Properties: Device Description Intel Cougar Point PCH - PCI Express Port 4 [B-2] Bus Type PCI Bus / Device / Function 0 / 28 / 3 Device ID 8086-1C16 Subsystem ID 0000-0000 Device Class 0604 (PCI/PCI Bridge) Revision B4 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel Cougar Point PCH - PCI Express Port 5 [B-2] ] Device Properties: Device Description Intel Cougar Point PCH - PCI Express Port 5 [B-2] Bus Type PCI Bus / Device / Function 0 / 28 / 4 Device ID 8086-1C18 Subsystem ID 0000-0000 Device Class 0604 (PCI/PCI Bridge) Revision B4 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel Cougar Point PCH - SMBus Controller [B-2] ] Device Properties: Device Description Intel Cougar Point PCH - SMBus Controller [B-2] Bus Type PCI Bus / Device / Function 0 / 31 / 3 Device ID 8086-1C22 Subsystem ID 17AA-21CE Device Class 0C05 (SMBus Controller) Revision 04 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Not Supported Bus Mastering Disabled [ Intel Cougar Point PCH - Thermal Management Controller [B-2] ] Device Properties: Device Description Intel Cougar Point PCH - Thermal Management Controller [B-2] Bus Type PCI Bus / Device / Function 0 / 31 / 6 Device ID 8086-1C24 Subsystem ID 17AA-21CE Device Class 1180 (Data Acquisition / Signal Processing Controller) Revision 04 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Disabled [ Intel Cougar Point PCH - USB EHCI #1 Controller [B-2] ] Device Properties: Device Description Intel Cougar Point PCH - USB EHCI #1 Controller [B-2] Bus Type PCI Bus / Device / Function 0 / 29 / 0 Device ID 8086-1C26 Subsystem ID 17AA-21CE Device Class 0C03 (USB2 EHCI Controller) Revision 04 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel Cougar Point PCH - USB EHCI #2 Controller [B-2] ] Device Properties: Device Description Intel Cougar Point PCH - USB EHCI #2 Controller [B-2] Bus Type PCI Bus / Device / Function 0 / 26 / 0 Device ID 8086-1C2D Subsystem ID 17AA-21CE Device Class 0C03 (USB2 EHCI Controller) Revision 04 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel Cougar Point-M PCH - SATA AHCI 6-Port Controller [B-2] ] Device Properties: Device Description Intel Cougar Point-M PCH - SATA AHCI 6-Port Controller [B-2] Bus Type PCI Bus / Device / Function 0 / 31 / 2 Device ID 8086-1C03 Subsystem ID 17AA-21CE Device Class 0106 (SATA Controller) Revision 04 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Supported Bus Mastering Enabled [ Intel QM67 PCH - LPC Interface Controller [B-2] ] Device Properties: Device Description Intel QM67 PCH - LPC Interface Controller [B-2] Bus Type PCI Bus / Device / Function 0 / 31 / 0 Device ID 8086-1C4F Subsystem ID 17AA-21CE Device Class 0601 (PCI/ISA Bridge) Revision 04 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel Sandy Bridge-MB - Host Bridge/DRAM Controller ] Device Properties: Device Description Intel Sandy Bridge-MB - Host Bridge/DRAM Controller Bus Type PCI Bus / Device / Function 0 / 0 / 0 Device ID 8086-0104 Subsystem ID 17AA-21CE Device Class 0600 (Host/PCI Bridge) Revision 09 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Intel Sandy Bridge-MB - Integrated Graphics Controller (MB GT2) ] Device Properties: Device Description Intel Sandy Bridge-MB - Integrated Graphics Controller (MB GT2) Bus Type PCI Bus / Device / Function 0 / 2 / 0 Device ID 8086-0116 Subsystem ID 17AA-21CE Device Class 0300 (VGA Display Controller) Revision 09 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled Video Adapter Manufacturer: Company Name Intel Corporation Product Information http://www.intel.com/products/chipsets Driver Download http://support.intel.com/support/graphics Driver Update http://www.aida64.com/driver-updates --------[ USB Devices ]------------------------------------------------------------------------------------------------- [ Generic USB Hub ] Device Properties: Device Description Generic USB Hub Device ID 8087-0024 Device Class 09 / 00 (Hi-Speed Hub with single TT) Device Protocol 01 Supported USB Version 2.00 Current Speed High (USB 2.0) [ USB Composite Device (USB Gaming Mouse) ] Device Properties: Device Description USB Composite Device Device ID 046D-C042 Device Class 03 / 01 (Human Interface Device) Device Protocol 02 Manufacturer Logitech Product USB Gaming Mouse Supported USB Version 2.00 Current Speed Full (USB 1.1) [ ThinkPad Bluetooth 3.0 (Broadcom Bluetooth Device) ] Device Properties: Device Description ThinkPad Bluetooth 3.0 Device ID 0A5C-217F Device Class E0 / 01 (Bluetooth) Device Protocol 01 Manufacturer Broadcom Corp Product Broadcom Bluetooth Device Serial Number 402CF46B8A5A Supported USB Version 2.00 Current Speed Full (USB 1.1) [ Generic USB Hub ] Device Properties: Device Description Generic USB Hub Device ID 8087-0024 Device Class 09 / 00 (Hi-Speed Hub with single TT) Device Protocol 01 Supported USB Version 2.00 Current Speed High (USB 2.0) [ Microsoft Mouse and Keyboard Detection Driver (USB) (Microsoft® Nano Transceiver v1.0) ] Device Properties: Device Description Microsoft Mouse and Keyboard Detection Driver (USB) Device ID 045E-07B2 Device Class 03 / 01 (Human Interface Device) Device Protocol 01 Manufacturer Microsoft Product Microsoft® Nano Transceiver v1.0 Supported USB Version 2.00 Current Speed Full (USB 1.1) [ Integrated Smart Card Reader (Integrated Smart Card Reader) ] Device Properties: Device Description Integrated Smart Card Reader Device ID 17EF-1003 Device Class 0B / 00 (Smart Card) Device Protocol 00 Manufacturer Lenovo Product Integrated Smart Card Reader Supported USB Version 2.00 Current Speed Full (USB 1.1) --------[ Auto Start ]-------------------------------------------------------------------------------------------------- AcWin7Hlpr Registry\Common\Run C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe Bonus.SSR.FR12 Registry\Common\Run C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe /autorun BrStsMon00 Registry\Common\Run C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN CanonQuickMenu Registry\Common\Run C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon HotKeysCmds Registry\Common\Run C:\Windows\system32\hkcmd.exe IgfxTray Registry\Common\Run C:\Windows\system32\igfxtray.exe LENOVO.TPKNRRES Registry\Common\Run C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe Noxbit Tray Registry\Common\Run C:\Program Files\NoxBit\STM-Tray.exe Persistence Registry\Common\Run C:\Windows\system32\igfxpers.exe PWMTRV Registry\Common\Run rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor SunJavaUpdateSched Registry\Common\Run C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe --------[ Installed Programs ]------------------------------------------------------------------------------------------ µTorrent 3.5.3.44358 Unknown uTorrent BitTorrent Inc. ABBYY [ TRIAL VERSION ] Unknown ABBYY F [ TRIAL VERSION ] Ace St [ TRIAL VERSION ] 3.0.12 Unknown AceStre [ TRIAL VERSION ] Ace Stream Media Adbloc [ TRIAL VERSION ] 1.5 Unknown {0F347A [ TRIAL VERSION ] Eyeo GmbH 2016-09-29 Adbloc [ TRIAL VERSION ] 1.0 Unknown {1ce018 [ TRIAL VERSION ] Adobe [ TRIAL VERSION ] 18.0.0.199 Unknown {31B9D2 [ TRIAL VERSION ] Adobe Systems Incorporated 2015-09-08 Adobe [ TRIAL VERSION ] 29.0.0.113 Unknown Adobe F [ TRIAL VERSION ] Adobe Systems Incorporated AIDA64 [ TRIAL VERSION ] 5.70 Unknown AIDA64 [ TRIAL VERSION ] FinalWire Ltd. 2018-03-25 Anrits [ TRIAL VERSION ] 1.11.0000 Unknown Anritsu [ TRIAL VERSION ] Anritsu Company Ashamp [ TRIAL VERSION ] 15.0.1 Unknown {91B33C [ TRIAL VERSION ] Ashampoo GmbH & Co. KG 2015-01-30 Backup [ TRIAL VERSION ] 3.39.8370.7843 Unknown {AC62F3 [ TRIAL VERSION ] Google, Inc. 2018-02-15 Battle [ TRIAL VERSION ] Unknown Battle. [ TRIAL VERSION ] Blizzard Entertainment Brothe [ TRIAL VERSION ] 1.0.2.0 Unknown {75E38F [ TRIAL VERSION ] Brother Industries, Ltd. 2015-10-29 BTS Si [ TRIAL VERSION ] 1.0.0.0 Unknown BTS Sit [ TRIAL VERSION ] Nokia Solutions and Networks Mon Jan 08 13:11:47 EET 2018 Canon [ TRIAL VERSION ] 1.7.0.0 Unknown Easy-We [ TRIAL VERSION ] Canon Inc. Canon [ TRIAL VERSION ] 4.2.0 Unknown CANONIJ [ TRIAL VERSION ] Canon Inc. Canon [ TRIAL VERSION ] 7.7.1 Unknown Canon i [ TRIAL VERSION ] Canon Inc. Canon [ TRIAL VERSION ] Unknown {1199FA [ TRIAL VERSION ] Canon Inc. Canon [ TRIAL VERSION ] Unknown Canon i [ TRIAL VERSION ] ?Canon Inc. Canon [ TRIAL VERSION ] 3.2.1 Unknown CanonMy [ TRIAL VERSION ] Canon Inc. Canon [ TRIAL VERSION ] 2.4.0 Unknown CanonQu [ TRIAL VERSION ] Canon Inc. Cisco [ TRIAL VERSION ] Unknown ActiveT [ TRIAL VERSION ] Cisco WebEx LLC Conexa [ TRIAL VERSION ] 8.32.23.5 Unknown CNXT_AU [ TRIAL VERSION ] Conexant D3DX10 15.4.2368.0902 Unknown {E09C4DB7-630C-4F06-A631-8EA7239923AF} Microsoft 2014-12-23 DAEMON Tools Lite 4.49.1.0356 Unknown DAEMON Tools Lite Disc Soft Ltd Definition Update for Microsoft Office 2010 (KB3115475) 32-Bit Edition Unknown {90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{C6943CC4-79E1-4B29-BFF7-8C4049C7DF61} Microsoft Eltek Valere Smartpack VCP-USB to UART Bridge (Driver Removal) Unknown SLABCOMM&10C4&EA60 eParakstîtâjs 3.0 [latvian (latvia)] 1.0.1 Unknown {D9DEFAE2-7B2C-46F1-B55C-1AFB16E7F033} EUSO 2014-12-23 Foxit PhantomPDF Business 7.0.3.916 Unknown {E9AA5BDC-7DFA-4CB8-96B5-F545F20EBFDB} Foxit Software Inc. 2015-01-30 Google Chrome 65.0.3325.181 Unknown Google Chrome Google Inc. 2015-09-09 Google Earth Pro 7.3.1.4507 Unknown {D9EF644E-2FAE-493B-8180-5617CC774C4F} Google 2018-02-10 Google Update Helper 1.3.33.7 Unknown {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} Google Inc. 2017-11-13 Hearthstone Unknown Hearthstone Blizzard Entertainment Heroes of the Storm Unknown Heroes of the Storm Blizzard Entertainment HWiNFO64 Version 5.74 5.74 Unknown HWiNFO64_is1 Martin Malík - REALiX 2018-03-25 ICeT 14.3.0.139 Unknown {B627F2A6-3FFC-4B39-80C5-08C134589744} Alcatel-Lucent 2015-10-04 Inkscape 0.48.4 0.48.4 Unknown Inkscape Intel(R) Control Center 1.2.1.1011 Unknown {F8A9085D-4C7A-41a9-8A77-C8998A96C421} Intel Corporation Intel(R) Identity Protection Technology 1.2.32.0 1.2.32.0 Unknown {2D793E41-F598-1014-9984-F3B169A93F79} Intel Corporation 2015-09-08 Intel(R) Management Engine Components 7.1.80.1211 Unknown {65153EA5-8B6E-43B6-857B-C6E4FC25798A} Intel Corporation Intel(R) Network Connections 20.2.3001.0 20.2.3001.0 Unknown PROSetDX Intel 2015-10-06 Intel(R) PRO/Wireless Driver 17.13.4011.2118 Unknown {021da516-b5d9-40cd-9ade-6427d40fe1e4} Intel Corporation 2015-09-08 Intel(R) Processor Graphics 9.17.10.4229 Unknown {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} Intel Corporation Intel(R) SDK for OpenCL - CPU Only Runtime Package 2.0.0.37149 Unknown {FCB3772C-B7D0-4933-B1A9-3707EBACC573} Intel Corporation Intel(R) Update Manager 1.6.3.70 Unknown {78091D68-706D-4893-B287-9F1DFB24F7AF} Intel Corporation 2015-09-08 Intel(R) WiDi [latvian (latvia)] 4.2.24.0 Unknown {F949AE30-83D1-41B2-92D2-F44478DD058A} Intel Corporation 2015-09-08 Intel® PROSet/Wireless Software 17.13.11 Unknown {a9888f41-68ae-43df-bd7d-d93405a44106} Intel Corporation Intel® PROSet/Wireless WiFi Software 17.13.11.0468 Unknown {AAE0AC3F-17BF-48CD-96CE-4F19169E94B0} Intel Corporation 2015-09-08 Java 8 Update 161 8.0.1610.12 Unknown {26A24AE4-039D-4CA4-87B4-2F32180161F0} Oracle Corporation 2018-01-21 Java Auto Updater 2.8.161.12 Unknown {4A03706F-666A-4037-7777-5F2748764D10} Oracle Corporation 2018-01-21 Junk Mail filter update 16.4.3528.0331 Unknown {0BE9E708-5DC0-4963-9CFD-0AA519090E79} Microsoft Corporation 2014-12-23 Kaspersky Free 18.0.0.405 Unknown {5AAE61FF-858E-453E-B8F3-944618149975} Kaspersky Lab 2018-03-13 K-Lite Mega Codec Pack 10.6.5 10.6.5 Unknown KLiteCodecPack_is1 2014-12-23 Latvian (Apostrofs v0.3; komats) 1.0.3.40 Unknown {4876620D-206A-49CD-932B-9BFBED83D55D} laacz unltd 2014-12-23 Lenovo Patch Utility 64 bit 1.3.0.9 Unknown {0369F866-2CE0-4EB9-B426-88FA122C6E82} Lenovo Group Limited 2015-09-08 Lenovo Power Management Driver 1.67.12.23 Unknown Power Management Driver Lenovo Lenovo Solution Center 3.3.003.00 Unknown {C1FC707B-AE6B-4DC4-89A5-6628A01F8103} Lenovo 2016-07-19 Lenovo System Interface Driver 1.05 Unknown LENOVO.SMIIF Lenovo System Update 5.07.0053 Unknown {25C64847-B900-48AD-A164-1B4F9B774650} Lenovo 2017-05-16 Line Sweep Tools 1.64.0000 Unknown Line Sweep Tools Anritsu Company Local OMT R49H 1.49.8 Unknown {40a20a4c-71b9-4cbf-a5b7-12003cc77f6f} Ericsson AB 2018-01-08 Master Software Tools 2.34.0000 Unknown Master Software Tools Anritsu Company Metric Collection SDK 1.1.0005.00 Unknown {DDAA788F-52E6-44EA-ADB8-92837B11BF26} Lenovo Group Limited 2015-10-16 Microsoft .NET Framework 4.7 4.7.02053 Unknown {BCF0C1F7-671C-3922-A7EA-8AC11F4FC0EB} Microsoft Corporation 2017-10-17 Microsoft Application Error Reporting 12.0.6015.5000 Unknown {95120000-00B9-0409-1000-0000000FF1CE} Microsoft Corporation 2014-12-23 Microsoft Office Excel MUI (English) 2010 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-0016-0409-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office IME (Chinese (Simplified)) 2010 [chinese (simplified, prc)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-0028-0804-1000-0000000FF1CE} Microsoft Corporation 2015-11-13 Microsoft Office IME (Chinese (Traditional)) 2010 [chinese (traditional, taiwan)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-0028-0404-1000-0000000FF1CE} Microsoft Corporation 2015-11-13 Microsoft Office IME (Japanese) 2010 [japanese (japan)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-0028-0411-1000-0000000FF1CE} Microsoft Corporation 2015-11-13 Microsoft Office IME (Korean) 2010 [korean (korea)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-0028-0412-1000-0000000FF1CE} Microsoft Corporation 2015-11-13 Microsoft Office Office 64-bit Components 2010 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-002A-0000-1000-0000000FF1CE} Microsoft Corporation 2016-08-10 Microsoft Office OneNote MUI (English) 2010 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-00A1-0409-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Outlook MUI (English) 2010 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001A-0409-0000-0000000FF1CE} Microsoft Corporation 2017-07-29 Microsoft Office PowerPoint MUI (English) 2010 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-0018-0409-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Arabic) 2010 [arabic (saudi arabia)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0401-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Basque) 2010 [basque (basque)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-042D-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Bulgarian) 2010 [bulgarian (bulgaria)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0402-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Catalan) 2010 [catalan (catalan)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0403-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Chinese (Simplified)) 2010 [chinese (simplified, prc)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0804-0000-0000000FF1CE} Microsoft Corporation 2015-10-24 Microsoft Office Proof (Chinese (Traditional)) 2010 [chinese (traditional, taiwan)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0404-0000-0000000FF1CE} Microsoft Corporation 2015-10-24 Microsoft Office Proof (Croatian) 2010 [croatian (croatia)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-041A-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Czech) 2010 [czech (czech republic)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0405-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Danish) 2010 [danish (denmark)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0406-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Dutch) 2010 [dutch (netherlands)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0413-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (English) 2010 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0409-0000-0000000FF1CE} Microsoft Corporation 2015-10-24 Microsoft Office Proof (Estonian) 2010 [estonian (estonia)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0425-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Finnish) 2010 [finnish (finland)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-040B-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (French) 2010 [french (france)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-040C-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Galician) 2010 [galician (galician)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0456-0000-0000000FF1CE} Microsoft Corporation 2017-07-11 Microsoft Office Proof (German) 2010 [german (germany)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0407-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Greek) 2010 [greek (greece)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0408-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Gujarati) 2010 [gujarati (india)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0447-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Hebrew) 2010 [hebrew (israel)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-040D-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Hindi) 2010 [hindi (india)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0439-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Hungarian) 2010 [hungarian (hungary)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-040E-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Italian) 2010 [italian (italy)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0410-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Japanese) 2010 [japanese (japan)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0411-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Kannada) 2010 [kannada (india)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-044B-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Kazakh) 2010 [kazakh (kazakhstan)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-043F-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Korean) 2010 [korean (korea)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0412-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Latvian) 2010 [latvian (latvia)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0426-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Lithuanian) 2010 [lithuanian (lithuania)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0427-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Marathi) 2010 [marathi (india)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-044E-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Norwegian (Bokmål)) 2010 [norwegian, bokmål (norway)] 14.0.4999.1028 Unknown {90140000-001F-0414-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Norwegian (Nynorsk)) 2010 [norwegian, nynorsk (norway)] 14.0.4999.1028 Unknown {90140000-001F-0814-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Polish) 2010 [polish (poland)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0415-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Portuguese (Brazil)) 2010 [portuguese (brazil)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0416-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Portuguese (Portugal)) 2010 [portuguese (portugal)] 14.0.4999.1028 Unknown {90140000-001F-0816-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Punjabi) 2010 [punjabi (india)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0446-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Romanian) 2010 [romanian (romania)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0418-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Russian) 2010 [russian (russia)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0419-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Serbian (Latin)) 2010 [serbian (latin, serbia and montenegro (former))] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-081A-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Slovak) 2010 [slovak (slovakia)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-041B-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Slovenian) 2010 [slovenian (slovenia)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0424-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Spanish) 2010 [spanish (spain, international sort)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0C0A-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Swedish) 2010 [swedish (sweden)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-041D-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Tamil) 2010 [tamil (india)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0449-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Telugu) 2010 [telugu (india)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-044A-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Thai) 2010 [thai (thailand)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-041E-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Turkish) 2010 [turkish (turkey)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-041F-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Ukrainian) 2010 [ukrainian (ukraine)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0422-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proof (Urdu) 2010 [urdu (islamic republic of pakistan)] 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001F-0420-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proofing (English) 2010 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-002C-0409-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Proofing Kit 2010 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-004B-0000-0000-0000000FF1CE} Microsoft Corporation 2017-10-15 Microsoft Office Proofing Tools Kit Compilation 2010 14.0.7015.1000 - Office 2010 SP2 Unknown Office14.PROOFKIT Microsoft Corporation Microsoft Office ProofMUI (English) 2010 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-004A-0409-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Publisher MUI (English) 2010 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-0019-0409-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Shared 64-bit MUI (English) 2010 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-002A-0409-1000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-0116-0409-1000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Shared MUI (English) 2010 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-006E-0409-0000-0000000FF1CE} Microsoft Corporation 2017-11-29 Microsoft Office Shared Setup Metadata MUI (English) 2010 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-0115-0409-0000-0000000FF1CE} Microsoft Corporation 2015-09-08 Microsoft Office Standard 2010 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-0012-0000-0000-0000000FF1CE} Microsoft Corporation 2017-11-15 Microsoft Office Word MUI (English) 2010 14.0.7015.1000 - Office 2010 SP2 Unknown {90140000-001B-0409-0000-0000000FF1CE} Microsoft Corporation 2015-11-13 Microsoft OneDrive 18.025.0204.0009 Unknown OneDriveSetup.exe Microsoft Corporation Microsoft Silverlight 5.1.50907.0 Unknown {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Corporation 2017-06-13 Microsoft SQL Server 2005 Compact Edition [ENU] 3.1.0000 Unknown {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Corporation 2014-12-23 Microsoft Visual C++ 2005 Redistributable 8.0.61001 Unknown {710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Corporation 2018-01-08 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 9.0.30729 Unknown {8220EEFE-38CD-377E-8595-13398D740ACE} Microsoft Corporation 2015-09-08 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 9.0.30729.6161 Unknown {5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} Microsoft Corporation 2015-09-08 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 9.0.30729 Unknown {9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Corporation 2015-09-08 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161 Unknown {9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft Corporation 2015-09-08 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 10.0.40219 Unknown {1D8E6291-B0D5-35EC-8441-6616F567A0F7} Microsoft Corporation 2015-09-08 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219 Unknown {F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Microsoft Corporation 2015-09-08 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0 Unknown {ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} Microsoft Corporation Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 11.0.61030 Unknown {37B8F9C7-03FB-3253-8781-2517C99D7C00} Microsoft Corporation 2015-11-15 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 11.0.61030 Unknown {CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} Microsoft Corporation 2015-11-15 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) 10.0.50903 Unknown Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation Microsoft Visual Studio 2010 Tools for Office Runtime (x64) 10.0.50908 Unknown {9495AEB4-AB97-39DE-8C42-806EEF75ECA7} Microsoft Corporation 2015-09-08 Movie Maker [english] 16.4.3528.0331 Unknown {38F03569-A636-4CF3-BDDE-032C8C251304} Microsoft Corporation 2014-12-23 Movie Maker 16.4.3528.0331 Unknown {DD67BE4B-7E62-4215-AFA3-F123A800A389} Microsoft Corporation 2014-12-23 MSVCRT_amd64 15.4.2862.0708 Unknown {D0B44725-3666-492D-BEF6-587A14BD9BD9} Microsoft 2014-12-23 MSVCRT 15.4.2862.0708 Unknown {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} Microsoft 2014-12-23 MSVCRT110_amd64 16.4.1109.0912 Unknown {E9FA781F-3E80-4399-825A-AD3E11C28C77} Microsoft 2014-12-23 MSVCRT110 16.4.1108.0727 Unknown {8E14DDC8-EA60-4E18-B3E3-1937104D5BDA} Microsoft 2014-12-23 MSXML 4.0 SP3 Parser (KB2758694) 4.30.2117.0 Unknown {1D95BA90-F4F8-47EC-A882-441C99D30C1E} Microsoft Corporation 2016-07-19 National Instruments Software Unknown NI Uninstaller National Instruments NEM.LR14.1_D1.29 Unknown NEM.LR14.1_D1.29 NI Authentication 12.0.0 (64-bit) [english] 12.0.367.0 Unknown {B618335B-11D2-4780-B5CE-AA2D111DB693} National Instruments 2015-10-04 NI Authentication 12.0.0 [english] 12.0.367.0 Unknown {E9592CCE-3058-4308-B52A-5AEA08E54F13} National Instruments 2015-10-04 NI Certificates Deployment Support 1.03.49152 Unknown {44ABC0C0-CB66-4120-BBA5-70514745109F} National Instruments 2015-10-04 NI Curl 12.0.0 (64-bit) [english] 12.0.412.0 Unknown {AFE7987B-E282-42CE-AD5A-E333BE31E204} National Instruments 2015-10-04 NI Curl 12.0.0 [english] 12.0.412.0 Unknown {59DA8C21-C667-47D0-A259-AA942C9A9717} National Instruments 2015-10-04 NI EulaDepot 3.11.177 Unknown {FC873C51-B261-4157-9A03-2D11DCA928D9} National Instruments 2015-10-04 NI GMP Windows 32-bit Installer 12.0.0 [english] 12.0.46.0 Unknown {EAC44648-E378-45C7-BEF3-3DD68980E465} National Instruments 2015-10-04 NI GMP Windows 64-bit Installer 12.0.0 [english] 12.0.46.0 Unknown {00606A59-716C-484A-AE64-5F7E3F23B3BD} National Instruments 2015-10-04 NI Launcher 3.11.177 Unknown {AD84FDA0-D0F3-43EA-80CA-E44AED4CB059} National Instruments 2015-10-04 NI Logos 5.2.0 [english] 5.2.25.0 Unknown {01CF3725-EE33-4308-BBF9-90BF6AC43814} National Instruments 2015-10-04 NI Logos XT Support [english] 5.2.21.0 Unknown {A27F9884-D0F7-4788-B016-CC55FA3015D3} National Instruments 2015-10-04 NI Logos64 5.2.0 [english] 5.2.25.0 Unknown {F7B62B13-5E47-4511-B317-4F9FBA627BA6} National Instruments 2015-10-04 NI Logos64 XT Support [english] 5.2.21.0 Unknown {48F51087-D7F3-44A9-AB97-4C13C4BB1090} National Instruments 2015-10-04 NI MDF Support 3.11.177 Unknown {A81546E8-8B01-49D8-B81F-2EB259229095} National Instruments 2015-10-04 NI mDNS Responder 2.1 for Windows 64-bit 2.10.49152 Unknown {4DD08E99-6FC1-4188-9A2E-0AF968279E41} National Instruments 2015-10-04 NI mDNS Responder 2.1.0 2.10.49152 Unknown {6F7B933C-55A2-4F8A-BFA5-BF98CBD61C24} National Instruments 2015-10-04 NI SSL Support (64-bit) [english] 12.0.408.0 Unknown {ACA45A9D-5C68-429F-AE87-0F2917136FCC} National Instruments 2015-10-04 NI SSL Support [english] 12.0.408.0 Unknown {526FED3E-499E-4989-B9F9-207E2FE425AA} National Instruments 2015-10-04 NI System State Publisher (64-bit) [english] 12.0.218.0 Unknown {197B80EB-D791-4DA4-9398-B5F029738E22} National Instruments 2015-10-04 NI System State Publisher [english] 12.0.358.0 Unknown {AED17FC7-86C3-47BE-84F9-9F078F522770} National Instruments 2015-10-04 NI System Web Server 12.0 [english] 12.0.414.0 Unknown {570AFAC0-96B1-4491-B24B-6D251C52AFA4} National Instruments 2015-10-04 NI System Web Server Base 12.0.0 (64-bit) [english] 12.0.407.0 Unknown {9C10623C-BF56-4D66-8F1F-B2D667E44986} National Instruments 2015-10-04 NI System Web Server Base 12.0.0 [english] 12.0.407.0 Unknown {C9690FF6-AD3E-43B0-A7FD-6D8A4C929D2C} National Instruments 2015-10-04 NI Trace Engine (64-bit) [english] 12.0.401.0 Unknown {BD432073-6A5D-4F0F-8952-43B3C21A31C3} National Instruments 2015-10-04 NI Trace Engine [english] 12.0.401.0 Unknown {4C7AB285-CE33-459F-AB26-0E2DBCCDA2D7} National Instruments 2015-10-04 NI Uninstaller 3.11.177 Unknown {5C11CD91-D671-4CEA-BCE2-E4ADD3497CCB} National Instruments 2015-10-04 NI VC2008MSMs x64 9.0.401 Unknown {07E00E94-7A78-40FA-9BEF-71C190E98041} National Instruments 2015-10-04 NI VC2008MSMs x86 9.0.401 Unknown {E84997A1-4D6F-4C0B-B60D-F85B360D2666} National Instruments 2015-10-04 NI Web Application Server 12.0 (64-bit) [english] 12.0.422.0 Unknown {3F7CDE88-3B1B-42C1-ACDF-05720E0B04BB} National Instruments 2015-10-04 NI Web Application Server 12.0 [english] 12.0.422.0 Unknown {036C09F0-1423-4097-9720-D9E034CFF50A} National Instruments 2015-10-04 NI Xerces Delay Load 2.7.3 [english] 2.7.180.0 Unknown {E6068691-1FBC-4EF0-87E8-609CDB32038A} National Instruments 2015-10-04 NI Xerces Delay Load 2.7.3 64-bit [english] 2.7.190.0 Unknown {50B2D9D8-87B6-49EE-BC5C-874119FD6B7B} National Instruments 2015-10-04 NI-ORB 1.10.0f0 for 64 Bit Windows [english] 1.100.49152 Unknown {AF4525BB-39AE-4D9F-AE66-0D70E20DDBB0} National Instruments 2015-10-04 NI-ORB 1.10.0f0 1.100.49152 Unknown {18493A5A-1D24-4A71-BBD3-67348B68C3B1} National Instruments 2015-10-04 NI-PAL 2.9.1 64-Bit Error Files [english] 2.91.49152 Unknown {B8A07D12-1F88-499B-86A7-F9597D4C37F8} National Instruments 2015-10-04 NI-PAL 2.9.1 Error Files [english] 2.91.49152 Unknown {6F3933B2-DA98-43EF-950E-CF2373918A12} National Instruments 2015-10-04 NI-PAL 2.9.1f0 for 64 Bit Windows [english] 10.101.49152 Unknown {86DFA469-CA55-49E1-87A1-6B56AAB7D3C8} National Instruments 2015-10-04 NI-PAL 2.9.1f0 10.101.49152 Unknown {D0D82E7B-8456-4FE7-A09C-0B3A49C2A4C5} National Instruments 2015-10-04 NI-RPC 4.3.0f0 for 64 Bit Windows [english] 4.30.49152 Unknown {774510C7-E6AC-4ECB-ACEF-D5284FED4D0A} National Instruments 2015-10-04 NI-RPC 4.3.0f0 4.30.49152 Unknown {97A47220-6DF7-45A5-A766-59EF36E1F600} National Instruments 2015-10-04 NI-VISA Runtime 5.3.0 [english] 5.30.49152 Unknown {A0BAFCDF-D740-4715-9365-182790AB79D5} National Instruments 2015-10-04 NI-VISA x64 support 5.3.0 [english] 5.30.49152 Unknown {2A258880-6EB1-4F30-81E5-6B42B0A43F7A} National Instruments 2015-10-04 NoxBit Unknown {B4F34ABD-3329-4F24-9B0A-23E58A682418}_is1 NoxBit 2017-11-16 On Screen Display 6.73.01 Unknown OnScreenDisplay Photo Common [english] 16.4.3528.0331 Unknown {CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623} Microsoft Corporation 2014-12-23 Photo Gallery [english] 16.4.3528.0331 Unknown {C992FFE0-AC32-4FA9-BC9A-F1637B9E655D} Microsoft Corporation 2014-12-23 Photo Gallery 16.4.3528.0331 Unknown {07AAB66E-4718-422D-9218-4AFB3C922A71} Microsoft Corporation 2014-12-23 Power Manager 6.68.10 Unknown {DAC01CEE-5BAE-42D5-81FC-B687E84E8405} Lenovo Group Limited PowerSuite 3.5 3.5.0 Unknown {458378D0-44D8-4063-BFCA-F3383BA45E5F} Eltek 2017-10-11 RICOH_Media_Driver_v2.14.18.01 [english] 2.14.18.01 Unknown {FE041B02-234C-4AAA-9511-80DF6482A458} RICOH 2015-09-08 Security Update for Microsoft Excel 2010 (KB4011197) 32-Bit Edition Unknown {90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{4B82C77F-CBFA-453C-954C-4CAB38983464} Microsoft Security Update for Microsoft InfoPath 2010 (KB3114414) 32-Bit Edition Unknown {90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{B3F75577-16EF-48AA-9259-2AF290C973FD} Microsoft Security Update for Microsoft Office 2010 (KB2553313) 32-Bit Edition Unknown {90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{473DA037-A808-4DF4-9F37-548928C3CDA1} Microsoft Security Update for Microsoft Office 2010 (KB2553338) 32-Bit Edition Unknown {90140000-006E-0409-0000-0000000FF1CE}_Office14.STANDARD_{2409052F-45F0-4B29-AA79-0B5B44E37384} Microsoft Security Update for Microsoft Office 2010 (KB2837599) 32-Bit Edition Unknown {90140000-004B-0000-0000-0000000FF1CE}_Office14.PROOFKIT_{E2CC7ED8-B1CD-468E-9277-5D6507FA9BC7} Microsoft Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Unknown {90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{7AC3F78E-ECA0-45F4-A9CC-3E885DA23662} Microsoft Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition Unknown {90140000-001F-044E-0000-0000000FF1CE}_Office14.PROOFKIT_{E2251F45-3C00-4742-820B-60B605961007} Microsoft Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition Unknown {90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{5EE42B42-1159-435C-898A-2A3298453B20} Microsoft Security Update for Microsoft Office 2010 (KB2881029) 32-Bit Edition Unknown {90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{433890E5-7858-4D14-8FD3-CCD28015472F} Microsoft Security Update for Microsoft Office 2010 (KB2899516) 32-Bit Edition Unknown {90140000-0028-0804-1000-0000000FF1CE}_Office14.PROOFKIT_{16268893-9D02-4AB3-B353-1A594FE61F50} Microsoft Security Update for Microsoft Office 2010 (KB2956063) 32-Bit Edition Unknown {90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{0567725C-77BA-47C1-BE23-FFC218C8F953} Microsoft Security Update for Microsoft Office 2010 (KB2956073) 32-Bit Edition Unknown {90140000-001F-0426-0000-0000000FF1CE}_Office14.PROOFKIT_{E885B6CA-30E0-4DFF-B6DF-4DA989634D77} Microsoft Security Update for Microsoft Office 2010 (KB3054984) 32-Bit Edition Unknown {90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{7D8AB432-0662-4DC9-8C37-5BA7541153C9} Microsoft Security Update for Microsoft Office 2010 (KB3085528) 32-Bit Edition Unknown {90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{9429D223-4B64-4038-B63D-3F239216F6E5} Microsoft Security Update for Microsoft Office 2010 (KB3101520) 32-Bit Edition Unknown {90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{B6BB5C05-372B-48FE-8348-D3ED54EF172B} Microsoft Security Update for Microsoft Office 2010 (KB3118389) 32-Bit Edition Unknown {90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{350F12B5-B76D-4723-8D04-6BE4F483BF5A} Microsoft Security Update for Microsoft Office 2010 (KB3191908) 32-Bit Edition Unknown {90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{D196C74E-1419-4DC9-981F-45B6A6504D69} Microsoft Security Update for Microsoft Office 2010 (KB3203468) 32-Bit Edition Unknown {90140000-001F-0456-0000-0000000FF1CE}_Office14.PROOFKIT_{66202CA7-2EEC-4E3B-85CA-FE94C4ED2062} Microsoft Security Update for Microsoft Office 2010 (KB3213626) 32-Bit Edition Unknown {90140000-006E-0409-0000-0000000FF1CE}_Office14.STANDARD_{01D38795-AC70-4381-9A39-9B583A18B101} Microsoft Security Update for Microsoft Office 2010 (KB3213631) 32-Bit Edition Unknown {90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{5553566A-EC2B-4B4C-9576-8A46B0629BE0} Microsoft Security Update for Microsoft Office 2010 (KB4011618) 32-Bit Edition Unknown {90140000-006E-0409-0000-0000000FF1CE}_Office14.STANDARD_{2039A039-5173-49E9-B48D-55ACC3E79259} Microsoft Security Update for Microsoft OneNote 2010 (KB3114885) 32-Bit Edition Unknown {90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{67E31350-8E55-4143-9F7A-4E703B49FD45} Microsoft Security Update for Microsoft Outlook 2010 (KB2956078) 32-Bit Edition Unknown {90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARD_{6DE885AE-8E0F-4FEA-8AA2-77D455F8A6AA} Microsoft Security Update for Microsoft Outlook 2010 (KB4011196) 32-Bit Edition Unknown {90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{F3A4D183-930A-45E6-A621-7E07F0CE142A} Microsoft Security Update for Microsoft PowerPoint 2010 (KB3128027) 32-Bit Edition Unknown {90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{57910112-5EA8-491D-AFDD-7E1ECD8D0697} Microsoft Security Update for Microsoft Publisher 2010 (KB3141537) 32-Bit Edition Unknown {90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{28AC2FD6-273C-44A5-BB15-C01BF2924A99} Microsoft Security Update for Microsoft Word 2010 (KB2965313) 32-Bit Edition Unknown {90140000-001B-0409-0000-0000000FF1CE}_Office14.STANDARD_{102FADF9-3B36-4EAB-A272-BF6E539223F8} Microsoft Security Update for Microsoft Word 2010 (KB4011270) 32-Bit Edition Unknown {90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{8849DBAB-E02F-4A7E-8951-D62A3B686846} Microsoft Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Unknown {90140000-0116-0409-1000-0000000FF1CE}_Office14.STANDARD_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4} Microsoft Skype™ 7.30 7.30.105 Unknown {FC965A47-4839-40CA-B618-18F486F042C6} Skype Technologies S.A. 2017-01-01 TeamViewer 12 12.0.71503 Unknown TeamViewer TeamViewer ThinkPad Bluetooth with Enhanced Data Rate Software 6.5.1.4500 Unknown {A1439D4F-FD46-47F2-A1D3-FEE097C29A09} Broadcom Corporation 2015-09-08 ThinkPad FullScreen Magnifier 2.42 Unknown ThinkPad FullScreen Magnifier ThinkPad UltraNav Driver 16.2.19.14 Unknown SynTPDeinstKey ThinkPad UltraNav Utility [english] 2.13.0 Unknown {17CBC505-D1AE-459D-B445-3D2000A85842} Lenovo 2015-09-08 ThinkVantage Access Connections 6.26.85 Unknown {8E537894-A559-4D60-B3CB-F4485E3D24E3} Lenovo 2016-07-19 ThinkVantage Communications Utility 2.11.0.0 Unknown {88C6A6D9-324C-46E8-BA87-563D14021442}_is1 Lenovo 2015-09-08 Total Commander 64-bit (Remove or Repair) 9.12 Unknown Totalcmd64 Ghisler Software GmbH Update [ TRIAL VERSION ] 1 Unknown {92FB6C [ TRIAL VERSION ] Microsoft Corporation Update [ TRIAL VERSION ] 1 Unknown {92FB6C [ TRIAL VERSION ] Microsoft Corporation Update [ TRIAL VERSION ] 1 Unknown {92FB6C [ TRIAL VERSION ] Microsoft Corporation Update [ TRIAL VERSION ] 1 Unknown {92FB6C [ TRIAL VERSION ] Microsoft Corporation Update [ TRIAL VERSION ] 1 Unknown {92FB6C [ TRIAL VERSION ] Microsoft Corporation Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft Update [ TRIAL VERSION ] Unknown {901400 [ TRIAL VERSION ] Microsoft VISA S [ TRIAL VERSION ] 1.5.0 Unknown {0F16C9 [ TRIAL VERSION ] IVI Foundation 2015-10-04 VISA S [ TRIAL VERSION ] 1.5 Unknown VISASha [ TRIAL VERSION ] IVI Foundation WinDjV [ TRIAL VERSION ] 2.0.2 Unknown WinDjVi [ TRIAL VERSION ] Andrew Zhezherun Window [ TRIAL VERSION ] 16.4.3528.0331 Unknown {41C613 [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 16.4.3528.0331 Unknown {66B581 [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 7.250.4311.0 Unknown {CE5267 [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 16.4.3528.0331 Unknown {659CB8 [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 16.4.3528.0331 Unknown {BAD27F [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 16.4.3528.0331 Unknown {B775C2 [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 16.4.3528.0331 Unknown {250583 [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 16.4.3528.0331 Unknown {1D6432 [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 16.4.3528.0331 Unknown {B2611F [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 16.4.3528.0331 Unknown {D18930 [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 16.4.3528.0331 Unknown {CDC1AB [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 16.4.3528.0331 Unknown {6522F5 [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 16.4.3528.0331 Unknown {00F9DB [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 16.4.3528.0331 Unknown {0F9747 [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 Window [ TRIAL VERSION ] 16.4.3528.0331 Unknown {714E16 [ TRIAL VERSION ] Microsoft Corporation 2014-12-23 WinRAR [ TRIAL VERSION ] 5.01.0 Unknown WinRAR [ TRIAL VERSION ] win.rar GmbH World [ TRIAL VERSION ] Unknown {B051D7 [ TRIAL VERSION ] Wargaming.net 2018-03-25 World [ TRIAL VERSION ] Unknown {1EAC1D [ TRIAL VERSION ] Wargaming.net 2015-09-30 WoT Co [ TRIAL VERSION ] 1.0 Unknown {A67F95 [ TRIAL VERSION ] 2018-03-25 XVM, ?????? 7.0.3 7.0.3 Unknown {2865cd27-6b8b-4413-8272-cd968f316050}_is1 XVM team 2017-10-15 --------[ Windows Security ]-------------------------------------------------------------------------------------------- Operating System Properties: OS Name Microsoft Windows 7 Professional OS Service Pack [ TRIAL VERSION ] Winlogon Shell explorer.exe User Account Control (UAC) Enabled UAC Remote Restrictions Enabled System Restore Enabled Windows Update Agent 7.6.7601.23806 (win7sp1_ldr.170510-0600) Data Execution Prevention (DEP, NX, EDB): Supported by Operating System Yes Supported by CPU Yes Active (To Protect Applications) Yes Active (To Protect Drivers) Yes --------[ Windows Update ]---------------------------------------------------------------------------------------------- (Automatic Update) Download:Notify, Install:Notify 2017-05 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4019265) Update 11.06.2017 2017-06 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4022168) Update 28.06.2017 2017-06 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4022719) Update 13.06.2017 2017-07 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4025341) Update 11.07.2017 2017-08 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4034670) Update 23.08.2017 2017-08 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4034664) Update 08.08.2017 2017-09 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64 (KB4041083) Update 15.10.2017 2017-10 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4041686) Update 17.10.2017 2017-10 Preview of Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64 (KB4042076) Update 17.10.2017 2017-10 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64 (KB4043766) Update 15.10.2017 2017-10 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4041681) Update 15.10.2017 2017-11 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4051034) Update 28.11.2017 2017-11 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4048957) Update 15.11.2017 August, 2017 Preview of Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64 (KB4035036) Update 23.08.2017 Conexant - Audio - Conexant 20672 SmartAudio HD Update 08.09.2015 Cumulative Security Update for ActiveX Killbits for Windows 7 for x64-based Systems (KB2900986) Update 23.12.2014 Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2976627) Update 23.12.2014 Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB3008923) Update 23.12.2014 Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB3078071) Update 08.09.2015 Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB3100773) Update 13.11.2015 Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB3170106) Update 19.07.2016 Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB3175443) Update 10.08.2016 Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB3185319) Update 14.09.2016 December, 2016 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 7 and Windows Server 2008 R2 for x64 (KB3205402) Update 14.12.2016 December, 2016 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB3207752) Update 14.12.2016 Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition Update 30.01.2015 Definition Update for Microsoft Office 2010 (KB3054979) 32-Bit Edition Update 08.09.2015 Definition Update for Microsoft Office 2010 (KB3085607) 32-Bit Edition Update 24.10.2015 Definition Update for Microsoft Office 2010 (KB3101540) 32-Bit Edition Update 13.11.2015 Definition Update for Microsoft Office 2010 (KB3115321) 32-Bit Edition Update 19.07.2016 Definition Update for Microsoft Office 2010 (KB3115475) 32-Bit Edition Update 17.08.2016 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Update 30.01.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.205.1886.0) Update 08.09.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.205.1918.0) Update 09.09.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.207.1367.0) Update 30.09.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.207.1594.0) Update 01.10.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.207.1706.0) Update 02.10.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.207.1925.0) Update 04.10.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.207.2059.0) Update 05.10.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.207.2155.0) Update 06.10.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.207.2389.0) Update 08.10.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.207.2527.0) Update 09.10.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.207.2752.0) Update 11.10.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.207.2906.0) Update 12.10.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.207.3078.0) Update 14.10.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.207.3196.0) Update 15.10.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.207.3445.0) Update 17.10.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.207.3553.0) Update 18.10.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.207.3664.0) Update 19.10.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.209.1172.0) Update 31.10.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.209.1337.0) Update 02.11.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.209.1491.0) Update 04.11.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.209.1621.0) Update 05.11.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.209.1862.0) Update 06.11.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.209.2038.0) Update 08.11.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.209.2169.0) Update 09.11.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.209.2324.0) Update 10.11.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.209.2591.0) Update 12.11.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.209.2720.0) Update 13.11.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.209.2933.0) Update 15.11.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.209.3093.0) Update 16.11.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.209.3251.0) Update 17.11.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.209.379.0) Update 24.10.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.209.61.0) Update 21.10.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.209.673.0) Update 27.10.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.209.846.0) Update 29.10.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.209.968.0) Update 30.10.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.211.1170.0) Update 28.11.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.211.1280.0) Update 29.11.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.211.1621.0) Update 02.12.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.211.1747.0) Update 04.12.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.211.176.0) Update 19.11.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.211.1889.0) Update 05.12.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.211.1973.0) Update 06.12.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.211.2615.0) Update 13.12.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.211.303.0) Update 20.11.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.211.303.0) Update 20.11.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.211.517.0) Update 22.11.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.211.748.0) Update 24.11.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.211.990.0) Update 26.11.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.213.1001.0) Update 25.12.2015 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.213.4990.0) Update 30.01.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.213.5162.0) Update 02.02.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.217.1832.0) Update 21.04.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.219.1090.0) Update 07.05.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.219.58.0) Update 27.04.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.223.152.0) Update 29.05.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.223.531.0) Update 02.06.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.225.1883.0) Update 19.07.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.225.1900.0) Update 19.07.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.225.1925.0) Update 19.07.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.225.2054.0) Update 21.07.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.225.2867.0) Update 01.08.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.225.2931.0) Update 02.08.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.225.3090.0) Update 04.08.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.225.3424.0) Update 08.08.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.225.3649.0) Update 11.08.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.225.3703.0) Update 12.08.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.225.3963.0) Update 15.08.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.225.4128.0) Update 17.08.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.227.1079.0) Update 30.08.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.227.1179.0) Update 31.08.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.227.1203.0) Update 31.08.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.227.1341.0) Update 01.09.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.227.150.0) Update 19.08.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.227.1784.0) Update 07.09.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.227.1929.0) Update 09.09.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.227.2150.0) Update 12.09.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.227.2229.0) Update 13.09.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.227.2280.0) Update 14.09.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.227.2420.0) Update 16.09.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.227.2640.0) Update 19.09.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.227.2644.0) Update 19.09.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.227.2810.0) Update 21.09.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.227.2846.0) Update 22.09.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.227.2909.0) Update 22.09.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.227.328.0) Update 22.08.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.227.408.0) Update 23.08.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.227.623.0) Update 25.08.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.227.726.0) Update 26.08.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.227.931.0) Update 28.08.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1001.0) Update 06.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1147.0) Update 08.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1251.0) Update 09.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1407.0) Update 11.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.151.0) Update 24.09.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1550.0) Update 12.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1669.0) Update 14.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1669.0) Update 14.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1669.0) Update 14.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1669.0) Update 14.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1669.0) Update 14.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1669.0) Update 14.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1736.0) Update 15.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1769.0) Update 15.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1771.0) Update 15.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1783.0) Update 15.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1788.0) Update 15.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1821.0) Update 16.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1827.0) Update 16.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1831.0) Update 16.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1834.0) Update 16.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1836.0) Update 16.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1848.0) Update 16.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1851.0) Update 16.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1880.0) Update 17.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1907.0) Update 17.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1916.0) Update 17.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1981.0) Update 18.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1992.0) Update 18.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1997.0) Update 18.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.2042.0) Update 19.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.2048.0) Update 19.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.2054.0) Update 19.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.2076.0) Update 19.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.232.0) Update 26.09.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.35.0) Update 23.09.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.362.0) Update 27.09.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.465.0) Update 29.09.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.545.0) Update 30.09.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.645.0) Update 01.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.781.0) Update 03.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.856.0) Update 04.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.231.107.0) Update 21.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.231.111.0) Update 21.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.231.117.0) Update 21.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.231.123.0) Update 21.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.231.137.0) Update 21.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.231.179.0) Update 22.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.231.192.0) Update 22.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.231.195.0) Update 22.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.231.201.0) Update 22.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.231.31.0) Update 20.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.231.44.0) Update 20.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.231.50.0) Update 20.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.231.61.0) Update 20.10.2016 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.231.66.0) Update 20.10.2016 Definition Update for Windows Defender - KB915597 (Definition 1.257.1202.0) Update 01.12.2017 Hotfix for Windows (KB2397190) Update 08.09.2015 Hotfix for Windows (KB2661796) Update 08.09.2015 Intel - LAN - Intel(R) 82579LM Gigabit Network Connection Update 24.10.2015 Intel - LAN, LAN (Server) - Intel(R) 82579LM Gigabit Network Connection Update 08.09.2015 INTEL - System - 10/3/2016 12:00:00 AM - 10.1.1.38 Update 28.12.2016 INTEL - System - 10/3/2016 12:00:00 AM - 10.1.1.38 Update 28.12.2016 INTEL - System - 8/19/2016 12:00:00 AM - 10.1.2.80 Update 20.12.2016 INTEL - USB - 10/3/2016 12:00:00 AM - 10.1.1.38 Update 28.12.2016 INTEL - USB - 8/19/2016 12:00:00 AM - 10.1.2.80 Update 20.12.2016 Intel Corporation - Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2 - Intel(R) HD Graphics 3000 Update 19.07.2016 July, 2017 Preview of Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64 (KB4032113) Update 25.07.2017 Lenovo - Input - Integrated Smart Card Reader Update 08.09.2015 Lenovo - LCD, Other hardware - LCD 1366x768 Update 14.09.2016 Lenovo - LCD, Other hardware - LCD 1366x768 Update 08.09.2015 Lenovo - LCD, Other hardware - LCD 1366x768 Update 19.07.2016 Lenovo - Other hardware - Lenovo PM Device Update 08.09.2015 Lenovo - Other hardware - Lenovo PM Device Update 19.07.2016 Lenovo - Other hardware - Lenovo PM Device Update 06.11.2016 Lenovo - Other hardware - Lenovo PM Device Update 26.10.2016 Lenovo - Other hardware - Lenovo PM Device Update 14.09.2016 Lenovo - System - 2/15/2017 12:00:00 AM - 1.67.12.23 Update 11.06.2017 Lenovo - System - 7/31/2017 12:00:00 AM - 1.67.13.12 Update 15.10.2017 May, 2017 Preview of Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 7 and Server 2008 R2 for x64 (KB4019288) Update 11.06.2017 May, 2017 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 7 and Server 2008 R2 for x64 (KB4019112) Update 11.06.2017 Microsoft - Keyboard - Microsoft Hardware USB Keyboard Update 24.10.2015 Microsoft - Keyboard - Microsoft Hardware USB Keyboard Update 10.08.2016 Microsoft - Keyboard - Wireless Device Update 11.08.2016 Microsoft - Keyboard - Wireless Keyboard Filter Device Update 10.08.2016 Microsoft - Pointing Drawing - Microsoft Hardware USB Mouse Update 24.10.2015 Microsoft - Pointing Drawing - Microsoft Hardware USB Mouse Update 10.08.2016 Microsoft .NET Framework 4.6.1 for Windows 7 for x64 (KB3102433) Update 19.07.2016 Microsoft .NET Framework 4.7 for Windows 7 and Windows Server 2008 R2 for x64 (KB3186497) Update 13.06.2017 Microsoft Security Essentials - 4.8.204.0 (KB3063822) Update 08.09.2015 Microsoft Silverlight (KB2977218) Update 23.12.2014 November, 2016 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems (KB3197869) Update 19.11.2016 November, 2016 Preview of Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1 on Windows 7 SP1 and Windows Server 2008 R2 SP1 for x64 (KB3196686) Update 19.11.2016 November, 2016 Security Monthly Quality Rollup for Windows 7 for x64-based Systems ( (KB3197868) Update 09.11.2016 October, 2016 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems (KB3192403) Update 26.10.2016 October, 2016 Security and Quality Rollup for .NET Framework 3.5.1 on Windows 7 SP1 and Windows Server 2008 R2 SP1 for x64 (KB3188740) Update 12.10.2016 October, 2016 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB3185330) Update 12.10.2016 Reliability Rollup for Microsoft .NET Framework 4.5.2, 4.6 and 4.6.1 on Windows 7 and Server 2008 R2 for x64 (KB3179930) Update 28.09.2016 SAMSUNG Electronics Co., Ltd. - USB - 5/15/2017 12:00:00 AM - 2.12.5.0 Update 20.06.2017 Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB3087985) Update 08.09.2015 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2832414) Update 23.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2861191) Update 23.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2604115) Update 23.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2656356) Update 23.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2729452) Update 23.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2736422) Update 23.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2742599) Update 23.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2789645) Update 23.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2840631) Update 23.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2861698) Update 23.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2894844) Update 23.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2911501) Update 23.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2931356) Update 23.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2937610) Update 23.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2943357) Update 23.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2968294) Update 23.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2972100) Update 23.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2972211) Update 23.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2973112) Update 23.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2978120) Update 23.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2979570) Update 23.12.2014 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB3023215) Update 08.09.2015 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB3032655) Update 08.09.2015 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB3037574) Update 08.09.2015 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB3048070) Update 08.09.2015 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB3074543) Update 24.10.2015 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB3097989) Update 13.11.2015 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB3163245) Update 19.07.2016 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 and Windows Server 2008 R2 SP1 for x64 (KB3072305) Update 24.10.2015 Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 7, Vista, Server 2008, Server 2008 R2 x64 (KB2972107) Update 23.12.2014 Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 7, Vista, Server 2008, Server 2008 R2 x64 (KB2972216) Update 23.12.2014 Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 7, Vista, Server 2008, Server 2008 R2 x64 (KB2978128) Update 23.12.2014 Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 7, Vista, Server 2008, Server 2008 R2 x64 (KB2979578) Update 23.12.2014 Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 7, Vista, Server 2008, Server 2008 R2 x64 (KB3023224) Update 08.09.2015 Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 7, Vista, Server 2008, Server 2008 R2 x64 (KB3035490) Update 08.09.2015 Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 7, Vista, Server 2008, Server 2008 R2 x64 (KB3037581) Update 08.09.2015 Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 7, Vista, Server 2008, Server 2008 R2 x64 (KB3074230) Update 24.10.2015 Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 7, Vista, Server 2008, Server 2008 R2 x64 (KB3074550) Update 24.10.2015 Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 7, Vista, Server 2008, Server 2008 R2 x64 (KB3097996) Update 13.11.2015 Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 7, Vista, Server 2008, Server 2008 R2 x64 (KB3098781) Update 13.11.2015 Security Update for Microsoft .NET Framework 4.5.2 on Windows 7, Vista, Server 2008, and Server 2008 R2 for x64 (KB3142033) Update 19.07.2016 Security Update for Microsoft .NET Framework 4.5.2 on Windows 7, Vista, Server 2008, and Server 2008 R2 for x64 (KB3163251) Update 19.07.2016 Security Update for Microsoft .NET Framework 4.5.2 on Windows 7, Vista, Windows Server 2008, Windows Server 2008 R2 for x64 (KB3122656) Update 19.07.2016 Security Update for Microsoft .NET Framework 4.5.2 on Windows 7, Vista, Windows Server 2008, Windows Server 2008 R2 for x64 (KB3127229) Update 19.07.2016 Security Update for Microsoft .NET Framework 4.5.2 on Windows 7, Vista, Windows Server 2008, Windows Server 2008 R2 for x64 (KB3135996) Update 19.07.2016 Security Update for Microsoft .NET Framework 4.6.1 on Windows 7 and Windows Server 2008 R2 for x64 (KB3122661) Update 19.07.2016 Security Update for Microsoft .NET Framework 4.6.1 on Windows 7 and Windows Server 2008 R2 for x64 (KB3127233) Update 19.07.2016 Security Update for Microsoft .NET Framework 4.6.1 on Windows 7 and Windows Server 2008 R2 for x64 (KB3136000) Update 19.07.2016 Security Update for Microsoft .NET Framework 4.6.1 on Windows 7 and Windows Server 2008 R2 for x64 (KB3142037) Update 19.07.2016 Security Update for Microsoft .NET Framework 4.6.1 on Windows 7 and Windows Server 2008 R2 for x64 (KB3143693) Update 19.07.2016 Security Update for Microsoft .NET Framework 4.6.1 on Windows 7 and Windows Server 2008 R2 for x64 (KB3164025) Update 19.07.2016 Security Update for Microsoft Excel 2010 (KB2910902) 32-Bit Edition Update 30.01.2015 Security Update for Microsoft Excel 2010 (KB3055044) 32-Bit Edition Update 08.09.2015 Security Update for Microsoft Excel 2010 (KB3085609) 32-Bit Edition Update 24.10.2015 Security Update for Microsoft Excel 2010 (KB3101543) 32-Bit Edition Update 13.11.2015 Security Update for Microsoft Excel 2010 (KB3115322) 32-Bit Edition Update 19.07.2016 Security Update for Microsoft Excel 2010 (KB3118316) 32-Bit Edition Update 14.09.2016 Security Update for Microsoft Excel 2010 (KB3118390) 32-Bit Edition Update 09.11.2016 Security Update for Microsoft Excel 2010 (KB3128037) 32-Bit Edition Update 14.12.2016 Security Update for Microsoft Excel 2010 (KB3191847) 32-Bit Edition Update 11.06.2017 Security Update for Microsoft Excel 2010 (KB3191907) 32-Bit Edition Update 11.07.2017 Security Update for Microsoft Excel 2010 (KB4011061) 32-Bit Edition Update 15.10.2017 Security Update for Microsoft Excel 2010 (KB4011197) 32-Bit Edition Update 15.11.2017 Security Update for Microsoft InfoPath 2010 (KB2878230) 32-Bit Edition Update 13.11.2015 Security Update for Microsoft InfoPath 2010 (KB3114414) 32-Bit Edition Update 19.07.2016 Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition Update 30.01.2015 Security Update for Microsoft Office 2010 (KB2553204) 32-Bit Edition Update 15.11.2017 Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Update 30.01.2015 Security Update for Microsoft Office 2010 (KB2553313) 32-Bit Edition Update 08.09.2015 Security Update for Microsoft Office 2010 (KB2553338) 32-Bit Edition Update 15.10.2017 Security Update for Microsoft Office 2010 (KB2553432) 32-Bit Edition Update 14.09.2016 Security Update for Microsoft Office 2010 (KB2589382) 32-Bit Edition Update 11.06.2017 Security Update for Microsoft Office 2010 (KB2598244) 32-Bit Edition Update 08.09.2015 Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Update 30.01.2015 Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition Update 30.01.2015 Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition Update 30.01.2015 Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition Update 30.01.2015 Security Update for Microsoft Office 2010 (KB2837599) 32-Bit Edition Update 15.10.2017 Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Update 30.01.2015 Security Update for Microsoft Office 2010 (KB2863817) 32-Bit Edition Update 08.09.2015 Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition Update 30.01.2015 Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition Update 30.01.2015 Security Update for Microsoft Office 2010 (KB2881029) 32-Bit Edition Update 19.07.2016 Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition Update 30.01.2015 Security Update for Microsoft Office 2010 (KB2889841) 32-Bit Edition Update 14.12.2016 Security Update for Microsoft Office 2010 (KB2899516) 32-Bit Edition Update 13.11.2015 Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition Update 08.09.2015 Security Update for Microsoft Office 2010 (KB2956063) 32-Bit Edition Update 19.07.2016 Security Update for Microsoft Office 2010 (KB2956073) 32-Bit Edition Update 08.09.2015 Security Update for Microsoft Office 2010 (KB2965310) 32-Bit Edition Update 08.09.2015 Security Update for Microsoft Office 2010 (KB3054834) 32-Bit Edition Update 08.09.2015 Security Update for Microsoft Office 2010 (KB3054848) 32-Bit Edition Update 08.09.2015 Security Update for Microsoft Office 2010 (KB3054965) 32-Bit Edition Update 24.10.2015 Security Update for Microsoft Office 2010 (KB3054984) 32-Bit Edition Update 19.07.2016 Security Update for Microsoft Office 2010 (KB3085528) 32-Bit Edition Update 19.07.2016 Security Update for Microsoft Office 2010 (KB3085560) 32-Bit Edition Update 13.11.2015 Security Update for Microsoft Office 2010 (KB3101520) 32-Bit Edition Update 19.07.2016 Security Update for Microsoft Office 2010 (KB3101521) 32-Bit Edition Update 13.11.2015 Security Update for Microsoft Office 2010 (KB3114400) 32-Bit Edition Update 10.08.2016 Security Update for Microsoft Office 2010 (KB3114553) 32-Bit Edition Update 19.07.2016 Security Update for Microsoft Office 2010 (KB3114869) 32-Bit Edition Update 10.08.2016 Security Update for Microsoft Office 2010 (KB3115120) 32-Bit Edition Update 09.11.2016 Security Update for Microsoft Office 2010 (KB3118309) 32-Bit Edition Update 14.09.2016 Security Update for Microsoft Office 2010 (KB3118310) 32-Bit Edition Update 11.06.2017 Security Update for Microsoft Office 2010 (KB3118380) 32-Bit Edition Update 14.12.2016 Security Update for Microsoft Office 2010 (KB3118389) 32-Bit Edition Update 13.06.2017 Security Update for Microsoft Office 2010 (KB3178688) 32-Bit Edition Update 11.06.2017 Security Update for Microsoft Office 2010 (KB3191844) 32-Bit Edition Update 13.06.2017 Security Update for Microsoft Office 2010 (KB3191899) 32-Bit Edition Update 11.06.2017 Security Update for Microsoft Office 2010 (KB3191908) 32-Bit Edition Update 13.06.2017 Security Update for Microsoft Office 2010 (KB3203460) 32-Bit Edition Update 13.06.2017 Security Update for Microsoft Office 2010 (KB3203461) 32-Bit Edition Update 13.06.2017 Security Update for Microsoft Office 2010 (KB3203468) 32-Bit Edition Update 11.07.2017 Security Update for Microsoft Office 2010 (KB3213624) 32-Bit Edition Update 11.07.2017 Security Update for Microsoft Office 2010 (KB3213626) 32-Bit Edition Update 15.10.2017 Security Update for Microsoft Office 2010 (KB3213631) 32-Bit Edition Update 15.10.2017 Security Update for Microsoft Office 2010 (KB4011055) 32-Bit Edition Update 15.10.2017 Security Update for Microsoft Office 2010 (KB4011618) 32-Bit Edition Update 29.11.2017 Security Update for Microsoft OneNote 2010 (KB3054978) 32-Bit Edition Update 13.11.2015 Security Update for Microsoft OneNote 2010 (KB3114885) 32-Bit Edition Update 10.08.2016 Security Update for Microsoft Outlook 2010 (KB2956078) 32-Bit Edition Update 29.07.2017 Security Update for Microsoft Outlook 2010 (KB3115246) 32-Bit Edition Update 19.07.2016 Security Update for Microsoft Outlook 2010 (KB3115474) 32-Bit Edition Update 10.08.2016 Security Update for Microsoft Outlook 2010 (KB3118313) 32-Bit Edition Update 14.09.2016 Security Update for Microsoft Outlook 2010 (KB3118388) 32-Bit Edition Update 11.06.2017 Security Update for Microsoft Outlook 2010 (KB3203467) 32-Bit Edition Update 13.06.2017 Security Update for Microsoft Outlook 2010 (KB4011196) 32-Bit Edition Update 15.10.2017 Security Update for Microsoft PowerPoint 2010 (KB2920812) 32-Bit Edition Update 08.09.2015 Security Update for Microsoft PowerPoint 2010 (KB3055033) 32-Bit Edition Update 08.09.2015 Security Update for Microsoft PowerPoint 2010 (KB3085594) 32-Bit Edition Update 13.11.2015 Security Update for Microsoft PowerPoint 2010 (KB3115118) 32-Bit Edition Update 19.07.2016 Security Update for Microsoft PowerPoint 2010 (KB3115467) 32-Bit Edition Update 14.09.2016 Security Update for Microsoft PowerPoint 2010 (KB3118378) 32-Bit Edition Update 09.11.2016 Security Update for Microsoft PowerPoint 2010 (KB3128027) 32-Bit Edition Update 15.10.2017 Security Update for Microsoft Publisher 2010 (KB2817478) 32-Bit Edition Update 13.11.2015 Security Update for Microsoft Publisher 2010 (KB3114395) 32-Bit Edition Update 14.12.2016 Security Update for Microsoft Publisher 2010 (KB3141537) 32-Bit Edition Update 15.10.2017 Security Update for Microsoft SharePoint Workspace 2010 (KB2566445), 32-Bit Edition Update 30.01.2015 Security Update for Microsoft Silverlight (KB3080333) Update 08.09.2015 Security Update for Microsoft Silverlight (KB3182373) Update 14.09.2016 Security Update for Microsoft Silverlight (KB3193713) Update 12.10.2016 Security Update for Microsoft Silverlight (KB4017094) Update 11.06.2017 Security Update for Microsoft Silverlight (KB4023307) Update 13.06.2017 Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243) Update 08.09.2015 Security Update for Microsoft Word 2010 (KB2553428) 32-Bit Edition Update 08.09.2015 Security Update for Microsoft Word 2010 (KB2899519) 32-Bit Edition Update 30.01.2015 Security Update for Microsoft Word 2010 (KB2965313) 32-Bit Edition Update 13.11.2015 Security Update for Microsoft Word 2010 (KB3055039) 32-Bit Edition Update 08.09.2015 Security Update for Microsoft Word 2010 (KB3115317) 32-Bit Edition Update 19.07.2016 Security Update for Microsoft Word 2010 (KB3115471) 32-Bit Edition Update 10.08.2016 Security Update for Microsoft Word 2010 (KB3118312) 32-Bit Edition Update 12.10.2016 Security Update for Microsoft Word 2010 (KB3127953) 32-Bit Edition Update 09.11.2016 Security Update for Microsoft Word 2010 (KB3128034) 32-Bit Edition Update 14.12.2016 Security Update for Microsoft Word 2010 (KB3191843) 32-Bit Edition Update 11.06.2017 Security Update for Microsoft Word 2010 (KB3203464) 32-Bit Edition Update 13.06.2017 Security Update for Microsoft Word 2010 (KB3213630) 32-Bit Edition Update 15.10.2017 Security Update for Microsoft Word 2010 (KB4011270) 32-Bit Edition Update 15.11.2017 Security Update for Windows 7 for x64-based Systems (KB2479943) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2491683) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2506212) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2509553) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2511455) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2532531) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2532531) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2536275) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2536276) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2544893) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2560656) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2564958) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2570947) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2579686) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2585542) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2619339) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2620704) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2621440) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2631813) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2653956) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2654428) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2667402) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2676562) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2685939) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2690533) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2698365) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2705219) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2712808) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2727528) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2758857) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2770660) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2803821) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2807986) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2813347) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2813430) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2835361) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2839894) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2840149) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2847311) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2847927) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2862152) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2862330) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2862335) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2862966) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2862973) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2864058) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2864202) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2868038) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2868626) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2871997) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2872339) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2884256) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2887069) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2892074) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2893294) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2912390) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2918614) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2922229) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2926765) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2939576) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2957189) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2957503) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2957509) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2961072) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2965788) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2971850) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2972280) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2973201) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2973351) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2976897) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2977292) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2978668) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2978742) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2984972) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2984976) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2984981) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2991963) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2992611) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2993651) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB2993958) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB3002885) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB3003743) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB3004361) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3004375) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3005607) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB3006226) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB3010788) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB3011780) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB3013126) Update 23.12.2014 Security Update for Windows 7 for x64-based Systems (KB3019215) Update 30.01.2015 Security Update for Windows 7 for x64-based Systems (KB3020388) Update 30.01.2015 Security Update for Windows 7 for x64-based Systems (KB3021674) Update 30.01.2015 Security Update for Windows 7 for x64-based Systems (KB3022777) Update 30.01.2015 Security Update for Windows 7 for x64-based Systems (KB3023266) Update 30.01.2015 Security Update for Windows 7 for x64-based Systems (KB3030377) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3031432) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3033889) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3033890) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3033929) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3035126) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3035132) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3042058) Update 24.10.2015 Security Update for Windows 7 for x64-based Systems (KB3042553) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3045685) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3046002) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3046017) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3046269) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3055642) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3057154) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3059317) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3060716) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3061518) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3067903) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3069114) Update 24.10.2015 Security Update for Windows 7 for x64-based Systems (KB3069392) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3069762) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3071756) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3072630) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3072633) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3075226) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3076895) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3076949) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3078601) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3079757) Update 08.09.2015 Security Update for Windows 7 for x64-based Systems (KB3080446) Update 24.10.2015 Security Update for Windows 7 for x64-based Systems (KB3081320) Update 13.11.2015 Security Update for Windows 7 for x64-based Systems (KB3084135) Update 24.10.2015 Security Update for Windows 7 for x64-based Systems (KB3086255) Update 24.10.2015 Security Update for Windows 7 for x64-based Systems (KB3087039) Update 24.10.2015 Security Update for Windows 7 for x64-based Systems (KB3087918) Update 24.10.2015 Security Update for Windows 7 for x64-based Systems (KB3088195) Update 24.10.2015 Security Update for Windows 7 for x64-based Systems (KB3092601) Update 13.11.2015 Security Update for Windows 7 for x64-based Systems (KB3097877) Update 13.11.2015 Security Update for Windows 7 for x64-based Systems (KB3097966) Update 24.10.2015 Security Update for Windows 7 for x64-based Systems (KB3100213) Update 13.11.2015 Security Update for Windows 7 for x64-based Systems (KB3101246) Update 13.11.2015 Security Update for Windows 7 for x64-based Systems (KB3101722) Update 13.11.2015 Security Update for Windows 7 for x64-based Systems (KB3101746) Update 13.11.2015 Security Update for Windows 7 for x64-based Systems (KB3108371) Update 25.12.2015 Security Update for Windows 7 for x64-based Systems (KB3108381) Update 19.07.2016 Security Update for Windows 7 for x64-based Systems (KB3108670) Update 19.07.2016 Security Update for Windows 7 for x64-based Systems (KB3109094) Update 19.07.2016 Security Update for Windows 7 for x64-based Systems (KB3109103) Update 19.07.2016 Security Update for Windows 7 for x64-based Systems (KB3156019) Update 19.07.2016 Security Update for Windows 7 for x64-based Systems (KB3167679) Update 10.08.2016 Security Update for Windows 7 for x64-based Systems (KB3168965) Update 19.07.2016 Security Update for Windows 7 for x64-based Systems (KB3170455) Update 19.07.2016 Security Update for Windows 7 for x64-based Systems (KB3175024) Update 14.09.2016 Security Update for Windows 7 for x64-based Systems (KB3177186) Update 14.09.2016 Security Update for Windows 7 for x64-based Systems (KB3177725) Update 10.08.2016 Security Update for Windows 7 for x64-based Systems (KB3178034) Update 10.08.2016 Security Update for Windows 7 for x64-based Systems (KB3184122) Update 14.09.2016 Security Update for Windows 7 for x64-based Systems (KB3185911) Update 14.09.2016 Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Update 30.01.2015 Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB3025390) Update 23.12.2014 Update for Kernel-Mode Driver Framework version 1.11 for Windows 7 for x64-based Systems (KB2685811) Update 23.12.2014 Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2836942) Update 23.12.2014 Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2836943) Update 23.12.2014 Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition Update 30.01.2015 Update for Microsoft Excel 2010 (KB3115476) 32-Bit Edition Update 11.08.2016 Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition Update 30.01.2015 Update for Microsoft Filter Pack 2.0 (KB2881026) 32-Bit Edition Update 08.09.2015 Update for Microsoft Filter Pack 2.0 (KB2999508) 32-Bit Edition Update 19.07.2016 Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update 30.01.2015 Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition Update 30.01.2015 Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update 30.01.2015 Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition Update 08.09.2015 Update for Microsoft Office 2010 (KB2553347) 64-Bit Edition Update 08.09.2015 Update for Microsoft Office 2010 (KB2553388) 32-Bit Edition Update 24.10.2015 Update for Microsoft Office 2010 (KB2589282) 32-Bit Edition Update 08.09.2015 Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update 30.01.2015 Update for Microsoft Office 2010 (KB2589318) 32-Bit Edition Update 08.09.2015 Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update 30.01.2015 Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update 30.01.2015 Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition Update 30.01.2015 Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update 30.01.2015 Update for Microsoft Office 2010 (KB2598241) 32-Bit Edition Update 30.01.2015 Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update 30.01.2015 Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition Update 30.01.2015 Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update 30.01.2015 Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition Update 30.01.2015 Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition Update 30.01.2015 Update for Microsoft Office 2010 (KB2837582) 32-Bit Edition Update 30.01.2015 Update for Microsoft Office 2010 (KB2837592) 32-Bit Edition Update 13.11.2015 Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition Update 30.01.2015 Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition Update 30.01.2015 Update for Microsoft Office 2010 (KB2881030) 32-Bit Edition Update 19.07.2016 Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition Update 30.01.2015 Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition Update 30.01.2015 Update for Microsoft Office 2010 (KB2965301) 32-Bit Edition Update 08.09.2015 Update for Microsoft Office 2010 (KB3054873) 32-Bit Edition Update 08.09.2015 Update for Microsoft Office 2010 (KB3054886) 32-Bit Edition Update 24.10.2015 Update for Microsoft Office 2010 (KB3054962) 32-Bit Edition Update 08.09.2015 Update for Microsoft Office 2010 (KB3054964) 32-Bit Edition Update 08.09.2015 Update for Microsoft Office 2010 (KB3055034) 32-Bit Edition Update 24.10.2015 Update for Microsoft Office 2010 (KB3055042) 32-Bit Edition Update 24.10.2015 Update for Microsoft Office 2010 (KB3055047) 32-Bit Edition Update 24.10.2015 Update for Microsoft Office 2010 (KB3085512) 32-Bit Edition Update 24.10.2015 Update for Microsoft Office 2010 (KB3114555) 32-Bit Edition Update 19.07.2016 Update for Microsoft Office 2010 (KB3114750) 32-Bit Edition Update 19.07.2016 Update for Microsoft Office 2010 (KB3114989) 32-Bit Edition Update 19.07.2016 Update for Microsoft Office 2010 (KB3128031) 32-Bit Edition Update 11.06.2017 Update for Microsoft Office 2010 (KB4011188) 32-Bit Edition Update 08.11.2017 Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update 30.01.2015 Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition Update 30.01.2015 Update for Microsoft OneNote 2010 (KB2965297) 32-Bit Edition Update 08.09.2015 Update for Microsoft OneNote 2010 (KB3114410) 32-Bit Edition Update 19.07.2016 Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition Update 30.01.2015 Update for Microsoft Outlook 2010 (KB2760779) 32-Bit Edition Update 19.07.2016 Update for Microsoft Outlook 2010 (KB3055041) 32-Bit Edition Update 08.09.2015 Update for Microsoft Outlook 2010 (KB3085604) 32-Bit Edition Update 24.10.2015 Update for Microsoft Outlook 2010 (KB3101535) 32-Bit Edition Update 13.11.2015 Update for Microsoft Outlook Social Connector 2010 (KB2553308) 32-Bit Edition Update 08.09.2015 Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update 30.01.2015 Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition Update 30.01.2015 Update for Microsoft PowerPoint 2010 (KB3085513) 32-Bit Edition Update 24.10.2015 Update for Microsoft Security Essentials - 4.10.205.0 (KB3193414) Update 28.09.2016 Update for Microsoft Security Essentials - 4.9.218.0 (KB3140527) Update 19.07.2016 Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition Update 30.01.2015 Update for Microsoft Silverlight (KB3162593) Update 19.07.2016 Update for Microsoft Visual Studio 2010 Tools for Office Runtime (KB3001652) Update 08.09.2015 Update for Microsoft Word 2010 (KB3085599) 32-Bit Edition Update 24.10.2015 Update for Office File Validation 2010 (KB2553065), 32-bit Edition Update 30.01.2015 Update for User-Mode Driver Framework version 1.11 for Windows 7 for x64-based Systems (KB2685813) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2506014) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2506928) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2515325) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2533552) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2545698) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2547666) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2552343) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2563227) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2574819) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2592687) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2603229) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2640148) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2647753) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2660075) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2709630) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2718704) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2719857) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2726535) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2732059) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2732487) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2732500) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2750841) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2761217) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2763523) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2773072) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2791765) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2798162) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2799926) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2800095) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2808679) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2820331) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2830477) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2834140) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2843630) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2846960) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2847077) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2852386) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2853952) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2868116) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2891804) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2893519) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2908783) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2913152) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2918077) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2919469) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2923545) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2928562) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2929733) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2952664) Update 08.09.2015 Update for Windows 7 for x64-based Systems (KB2952664) Update 08.11.2017 Update for Windows 7 for x64-based Systems (KB2952664) Update 11.06.2017 Update for Windows 7 for x64-based Systems (KB2952664) Update 12.10.2016 Update for Windows 7 for x64-based Systems (KB2952664) Update 19.07.2016 Update for Windows 7 for x64-based Systems (KB2952664) Update 24.10.2015 Update for Windows 7 for x64-based Systems (KB2966583) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2970228) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2977728) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2978092) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2980245) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2985461) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2994023) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB2999226) Update 24.10.2015 Update for Windows 7 for x64-based Systems (KB3001554) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB3006121) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB3006137) Update 08.09.2015 Update for Windows 7 for x64-based Systems (KB3006625) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB3008627) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB3009736) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB3013410) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB3013531) Update 08.09.2015 Update for Windows 7 for x64-based Systems (KB3014406) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB3020338) Update 08.09.2015 Update for Windows 7 for x64-based Systems (KB3020369) Update 08.09.2015 Update for Windows 7 for x64-based Systems (KB3020370) Update 08.09.2015 Update for Windows 7 for x64-based Systems (KB3021917) Update 08.09.2015 Update for Windows 7 for x64-based Systems (KB3035583) Update 08.09.2015 Update for Windows 7 for x64-based Systems (KB3035583) Update 19.07.2016 Update for Windows 7 for x64-based Systems (KB3035583) Update 19.07.2016 Update for Windows 7 for x64-based Systems (KB3035583) Update 24.10.2015 Update for Windows 7 for x64-based Systems (KB3040272) Update 08.09.2015 Update for Windows 7 for x64-based Systems (KB3045645) Update 08.09.2015 Update for Windows 7 for x64-based Systems (KB3048761) Update 08.09.2015 Update for Windows 7 for x64-based Systems (KB3054476) Update 08.09.2015 Update for Windows 7 for x64-based Systems (KB3068708) Update 08.09.2015 Update for Windows 7 for x64-based Systems (KB3075249) Update 24.10.2015 Update for Windows 7 for x64-based Systems (KB3075851) Update 08.09.2015 Update for Windows 7 for x64-based Systems (KB3077715) Update 24.10.2015 Update for Windows 7 for x64-based Systems (KB3078667) Update 24.10.2015 Update for Windows 7 for x64-based Systems (KB3080079) Update 24.10.2015 Update for Windows 7 for x64-based Systems (KB3080149) Update 24.10.2015 Update for Windows 7 for x64-based Systems (KB3083710) Update 24.10.2015 Update for Windows 7 for x64-based Systems (KB3092627) Update 24.10.2015 Update for Windows 7 for x64-based Systems (KB3095649) Update 24.10.2015 Update for Windows 7 for x64-based Systems (KB3102429) Update 20.11.2015 Update for Windows 7 for x64-based Systems (KB3102810) Update 13.11.2015 Update for Windows 7 for x64-based Systems (KB3107998) Update 13.11.2015 Update for Windows 7 for x64-based Systems (KB3123862) Update 19.07.2016 Update for Windows 7 for x64-based Systems (KB3133977) Update 19.07.2016 Update for Windows 7 for x64-based Systems (KB3139923) Update 19.07.2016 Update for Windows 7 for x64-based Systems (KB3150513) Update 19.07.2016 Update for Windows 7 for x64-based Systems (KB3161608) Update 19.07.2016 Update for Windows 7 for x64-based Systems (KB3172605) Update 14.09.2016 Update for Windows 7 for x64-based Systems (KB3172605) Update 17.08.2016 Update for Windows 7 for x64-based Systems (KB3173040) Update 19.07.2016 Update for Windows 7 for x64-based Systems (KB3177467) Update 12.10.2016 Update for Windows 7 for x64-based Systems (KB3177723) Update 17.08.2016 Update for Windows 7 for x64-based Systems (KB3179573) Update 17.08.2016 Update for Windows 7 for x64-based Systems (KB3181988) Update 28.09.2016 Update for Windows 7 for x64-based Systems (KB3182203) Update 28.09.2016 Update for Windows 7 for x64-based Systems (KB3184143) Update 28.09.2016 Update for Windows 7 for x64-based Systems (KB3185278) Update 28.09.2016 Update for Windows 7 for x64-based Systems (KB971033) Update 23.12.2014 Update for Windows 7 for x64-based Systems (KB982018) Update 23.12.2014 Windows 7 Service Pack 1 for x64-based Systems (KB976932) Update 23.12.2014 Windows Malicious Software Removal Tool x64 - August 2015 (KB890830) Update 08.09.2015 Windows Malicious Software Removal Tool x64 - December 2014 (KB890830) Update 23.12.2014 Windows Malicious Software Removal Tool x64 - January 2015 (KB890830) Update 30.01.2015 Windows Malicious Software Removal Tool x64 - November 2015 (KB890830) Update 13.11.2015 Windows Malicious Software Removal Tool x64 - October 2015 (KB890830) Update 24.10.2015 Windows Update Agent 7.6.7600.320 Update 23.12.2014 --------[ Anti-Spyware ]------------------------------------------------------------------------------------------------ Microsoft Windows Defender 6.1.7600.16385(win7_rtm.090713-1255) --------[ Regional ]---------------------------------------------------------------------------------------------------- Time Zone: Current Time Zone W. Europe Daylight Time Current Time Zone Description (UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna Change To Standard Time Last Sunday of October 3:00:00 Change To Daylight Saving Time Last Sunday of March 2:00:00 Language: Language Name (Native) ðóññêèé Language Name (English) Russian Language Name (ISO 639) ru Country/Region: Country Name (Native) Ðîññèÿ Country Name (English) Russia Country Name (ISO 3166) RU Country Code 7 Currency: Currency Name (Native) ðóáëü Currency Name (English) Russian Ruble Currency Symbol (Native) ˆ Currency Symbol (ISO 4217) RUB Currency Format 123 456 789,00 ˆ Negative Currency Format -123 456 789,00 ˆ Formatting: Time Format H:mm:ss Short Date Format dd.MM.yyyy Long Date Format d MMMM yyyy 'ã.' Number Format 123 456 789,00 Negative Number Format -123 456 789,00 List Format first; second; third Native Digits 0123456789 Days of Week: Native Name for Monday ïîíåäåëüíèê / Ïí Native Name for Tuesday âòîðíèê / Âò Native Name for Wednesday ñðåäà / Ñð Native Name for Thursday ÷åòâåðã / ×ò Native Name for Friday ïÿòíèöà / Ïò Native Name for Saturday ñóááîòà / Ñá Native Name for Sunday âîñêðåñåíüå / Âñ Months: Native Name for January ßíâàðü / ÿíâ Native Name for February Ôåâðàëü / ôåâ Native Name for March Ìàðò / ìàð Native Name for April Àïðåëü / àïð Native Name for May Ìàé / ìàé Native Name for June Èþíü / èþí Native Name for July Èþëü / èþë Native Name for August Àâãóñò / àâã Native Name for September Ñåíòÿáðü / ñåí Native Name for October Îêòÿáðü / îêò Native Name for November Íîÿáðü / íîÿ Native Name for December Äåêàáðü / äåê Miscellaneous: Calendar Type Gregorian (localized) Default Paper Size A4 Measurement System Metric Display Languages: LCID 0409h (Active) English (United States) --------[ Environment ]------------------------------------------------------------------------------------------------- ACPath C:\Program Files (x86)\Lenovo\Access Connections\ ALLUSERSPROFILE C:\ProgramData APPDATA C:\Users\User\AppData\Roaming BTS_SITE_MANAGER_INSTALL_PATH C:\Program Files (x86)\NSN\Managers\BTS Site\BTS Site Manager CommonProgramFiles(x86) C:\Program Files (x86)\Common Files CommonProgramFiles C:\Program Files (x86)\Common Files CommonProgramW6432 C:\Program Files\Common Files COMMPath C:\Program Files\Lenovo\Communications Utility COMPUTERNAME ANIK ComSpec C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK NO HOMEDRIVE C: HOMEPATH \Users\User LOCALAPPDATA C:\Users\User\AppData\Local LOGONSERVER \\ANIK MOZ_PLUGIN_PATH C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ NUMBER_OF_PROCESSORS 4 OneDrive C:\Users\User\OneDrive OS Windows_NT Path C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\Services\IPT\;C:\Program Files\ThinkPad\Bluetooth Software\;C:\Program Files\ThinkPad\Bluetooth Software\syswow64;C:\Program Files (x86)\ivi foundation\visa\WinNT\Bin\;C:\Program Files\IVI Foundation\VISA\Win64\Bin\;C:\Program Files (x86)\IVI Foundation\VISA\WinNT\Bin;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64; PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE x86 PROCESSOR_ARCHITEW6432 AMD64 PROCESSOR_IDENTIFIER Intel64 Family 6 Model 42 Stepping 7, GenuineIntel PROCESSOR_LEVEL 6 PROCESSOR_REVISION 2a07 ProgramData C:\ProgramData ProgramFiles(x86) C:\Program Files (x86) ProgramFiles C:\Program Files (x86) ProgramW6432 C:\Program Files PSModulePath C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC C:\Users\Public SystemDrive C: SystemRoot C:\Windows TEMP D:\temp TMP D:\temp TSMPATH C:\Program Files\ThinkPad\UltraNav Utility TVT C:\Program Files (x86)\Lenovo UOIPME_REG_PATH C:\Program Files\Intel Corporation\USB over IP USERDOMAIN ANIK USERNAME User USERPROFILE C:\Users\User VXIPNPPATH C:\Program Files (x86)\IVI Foundation\VISA\ VXIPNPPATH64 C:\Program Files\IVI Foundation\VISA\ windir C:\Windows windows_tracing_flags 3 windows_tracing_logfile C:\BVTBin\Tests\installpackage\csilogfile.log --------[ System Files ]------------------------------------------------------------------------------------------------ [ system.ini ] ; for 16-bit app support [386Enh] woafont=dosapp.fon EGA80WOA.FON=EGA80WOA.FON EGA40WOA.FON=EGA40WOA.FON CGA80WOA.FON=CGA80WOA.FON CGA40WOA.FON=CGA40WOA.FON [drivers] wave=mmdrv.dll timer=timer.drv [mci] [ win.ini ] ; for 16-bit app support [fonts] [extensions] [mci extensions] [files] [Mail] MAPI=1 CMCDLLNAME32=mapi32.dll CMC=1 MAPIX=1 MAPIXVER=1.0.0.1 OLEMessaging=1 [MCI Extensions.BAK] 3g2=MPEGVideo 3gp=MPEGVideo 3gp2=MPEGVideo 3gpp=MPEGVideo aac=MPEGVideo adt=MPEGVideo adts=MPEGVideo m2t=MPEGVideo m2ts=MPEGVideo m2v=MPEGVideo m4a=MPEGVideo m4v=MPEGVideo mod=MPEGVideo mov=MPEGVideo mp4=MPEGVideo mp4v=MPEGVideo mts=MPEGVideo ts=MPEGVideo tts=MPEGVideo [ hosts ] [ lmhosts.sam ] --------[ System Folders ]---------------------------------------------------------------------------------------------- Administrative Tools C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools AppData C:\Users\User\AppData\Roaming Cache D:\temp\Temporary Internet Files CD Burning C:\Users\User\AppData\Local\Microsoft\Windows\Burn\Burn1 Common Administrative Tools C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools Common AppData C:\ProgramData Common Desktop C:\Users\Public\Desktop Common Documents C:\Users\Public\Documents Common Favorites D:\personal data\fav Common Files (x86) C:\Program Files (x86)\Common Files Common Files C:\Program Files (x86)\Common Files Common Music C:\Users\Public\Music Common Pictures C:\Users\Public\Pictures Common Programs C:\ProgramData\Microsoft\Windows\Start Menu\Programs Common Start Menu C:\ProgramData\Microsoft\Windows\Start Menu Common Templates C:\ProgramData\Microsoft\Windows\Templates Common Video C:\Users\Public\Videos Cookies C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies Desktop D:\personal data\desk Device C:\Windows\inf Favorites D:\personal data\fav Fonts C:\Windows\Fonts History C:\Users\User\AppData\Local\Microsoft\Windows\History Local AppData C:\Users\User\AppData\Local My Documents D:\personal data\docs My Music D:\Music My Pictures D:\Pictures My Video D:\Video NetHood C:\Users\User\AppData\Roaming\Microsoft\Windows\Network Shortcuts PrintHood C:\Users\User\AppData\Roaming\Microsoft\Windows\Printer Shortcuts Profile C:\Users\User Program Files (x86) C:\Program Files (x86) Program Files C:\Program Files (x86) Programs C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs Recent C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent Resources C:\Windows\resources SendTo C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo Start Menu C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu Startup C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup System (x86) C:\Windows\SysWOW64 System C:\Windows\system32 Temp D:\temp\ Templates C:\Users\User\AppData\Roaming\Microsoft\Windows\Templates Windows C:\Windows --------[ Event Logs ]-------------------------------------------------------------------------------------------------- Application Error None 2018-03-19 19:12:40 NoxBitService 0: Application Error None 2018-03-19 19:12:42 WinMgmt 10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Application Warning None 2018-03-19 23:15:51 SYSTEM Microsoft-Windows-User Profiles Service 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-1161202935-1396815509-3908762061-1000: Process 1784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000 Process 1784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000 Process 1784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000 Process 1784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000 Process 1784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000\Software\Policies\Microsoft\SystemCertificates Process 1784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000\Software\Policies\Microsoft\SystemCertificates Process 1784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000\Software\Policies\Microsoft\SystemCertificates Process 1784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000\Software\Policies\Microsoft\SystemCertificates Process 1784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000\Software\Microsoft\SystemCertificates\My Process 1784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000\Software\Microsoft\SystemCertificates\TrustedPeople Process 1784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000\Software\Microsoft\SystemCertificates\CA Process 1784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000\Software\Microsoft\SystemCertificates\Disallowed Process 1784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000\Software\Microsoft\SystemCertificates\trust Process 1784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000\Software\Microsoft\SystemCertificates\Root Process 1784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000\Software\Microsoft\SystemCertificates\SmartCardRoot Application Error None 2018-03-20 21:38:03 NoxBitService 0: Application Error None 2018-03-20 21:38:05 WinMgmt 10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Application Error None 2018-03-21 18:19:57 NoxBitService 0: Application Error None 2018-03-21 18:19:58 WinMgmt 10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Application Error None 2018-03-22 20:04:11 NoxBitService 0: Application Error None 2018-03-22 20:04:13 WinMgmt 10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Application Error None 2018-03-22 22:18:50 SYSTEM MsiInstaller 11714: Product: Backup and Sync from Google -- Error 1714. The older version of Backup and Sync from Google cannot be removed. Contact your technical support group. System Error 1612. Application Warning None 2018-03-23 00:51:02 SYSTEM Microsoft-Windows-User Profiles Service 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-1161202935-1396815509-3908762061-1000: Process 1768 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000 Process 1768 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000 Process 1768 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000 Process 1768 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000 Process 1768 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000\Software\Policies\Microsoft\SystemCertificates Process 1768 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000\Software\Policies\Microsoft\SystemCertificates Process 1768 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000\Software\Policies\Microsoft\SystemCertificates Process 1768 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000\Software\Policies\Microsoft\SystemCertificates Process 1768 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000\Software\Microsoft\SystemCertificates\My Process 1768 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000\Software\Microsoft\SystemCertificates\TrustedPeople Process 1768 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000\Software\Microsoft\SystemCertificates\CA Process 1768 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000\Software\Microsoft\SystemCertificates\Disallowed Process 1768 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000\Software\Microsoft\SystemCertificates\trust Process 1768 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000\Software\Microsoft\SystemCertificates\Root Process 1768 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1161202935-1396815509-3908762061-1000\Software\Microsoft\SystemCertificates\SmartCardRoot Application Error None 2018-03-23 19:12:24 NoxBitService 0: Application Error None 2018-03-23 19:12:25 WinMgmt 10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Application Error None 2018-03-24 19:36:51 NoxBitService 0: Application Error None 2018-03-24 19:36:53 WinMgmt 10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Application Error None 2018-03-24 19:47:45 SYSTEM MsiInstaller 11714: Product: Backup and Sync from Google -- Error 1714. The older version of Backup and Sync from Google cannot be removed. Contact your technical support group. System Error 1612. Application Error None 2018-03-25 08:17:04 NoxBitService 0: Application Error None 2018-03-25 08:17:06 WinMgmt 10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Application Error 100 2018-03-25 11:10:42 Application Error 1000: Faulting application name: Battle.net Helper.exe, version: 0.0.0.0, time stamp: 0x5a0f289d Faulting module name: libcef.dll, version: 3.2623.1435.0, time stamp: 0x591a1a2e Exception code: 0x80000003 Fault offset: 0x0019b129 Faulting process id: 0x16c8 Faulting application start time: 0x01d3c418f1abae29 Faulting application path: D:\Battle.net\Battle.net.9601\Battle.net Helper.exe Faulting module path: D:\Battle.net\Battle.net.9601\libcef.dll Report Id: 644e3037-300c-11e8-b18b-402cf46b8a5a Application Error None 2018-03-25 12:55:44 NoxBitService 0: Application Error None 2018-03-25 12:55:45 WinMgmt 10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Application Error None 2018-03-25 14:09:45 NoxBitService 0: Application Error None 2018-03-25 14:09:47 WinMgmt 10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Security Audit Success 12544 2018-03-18 19:13:06 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: User Account Domain: ANIK Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x5e0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2018-03-18 19:13:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 7 New Logon: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x4c541d Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5e0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ANIK Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-18 19:13:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 7 New Logon: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x4c542d Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5e0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ANIK Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2018-03-18 19:13:06 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x4c542d Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2018-03-18 19:13:06 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x4c541d Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12548 2018-03-18 19:13:06 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x4c541d Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-18 19:20:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-18 19:20:41 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-18 19:43:31 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-18 19:43:31 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-18 19:47:19 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-18 19:47:19 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-18 19:50:59 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-18 19:50:59 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-18 20:00:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-18 20:00:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-18 20:00:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-18 20:00:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2018-03-18 20:00:17 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1ae0 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x90a379 Security Audit Success 13568 2018-03-18 20:00:17 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1ae0 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x90a379 Security Audit Success 13568 2018-03-18 20:00:17 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1ae0 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x90a3e6 Security Audit Success 13568 2018-03-18 20:00:17 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1ae0 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x90a3e6 Security Audit Success 12544 2018-03-18 20:03:19 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-18 20:03:19 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-18 20:03:20 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-18 20:03:20 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-18 20:03:40 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-18 20:03:40 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2018-03-18 20:08:19 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1ae0 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0xb6c696 Security Audit Success 13568 2018-03-18 20:08:19 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1ae0 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0xb6c696 Security Audit Success 12545 2018-03-19 02:00:01 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x3b4dc This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2018-03-19 02:00:04 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2018-03-19 19:12:37 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2018-03-19 19:12:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-19 19:12:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-19 19:12:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2018-03-19 19:12:37 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xc5a5 Security Audit Success 12290 2018-03-19 19:12:38 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2018-03-19 19:12:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-19 19:12:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-19 19:12:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-19 19:12:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-19 19:12:38 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-19 19:12:38 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-19 19:12:38 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-19 19:12:38 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-19 19:12:39 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-19 19:12:39 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-19 19:12:40 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: User Account Domain: ANIK Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x5b4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2018-03-19 19:12:40 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x34fa6 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5b4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ANIK Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-19 19:12:40 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x35005 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5b4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ANIK Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-19 19:12:40 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x34fa6 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-19 19:12:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x41913 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-19 19:12:52 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-19 19:12:52 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-19 19:12:53 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-19 19:12:53 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-19 19:17:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-19 19:17:43 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12288 2018-03-19 19:20:55 Microsoft-Windows-Security-Auditing 4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x414 Name: C:\Windows\System32\svchost.exe Previous Time: 2018-03-19T17:20:55.604707900Z New Time: 2018-03-19T17:20:55.604000000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer. Security Audit Success 12544 2018-03-19 22:31:09 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: User Account Domain: ANIK Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x5b4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2018-03-19 22:31:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 7 New Logon: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0xbce721 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5b4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ANIK Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-19 22:31:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 7 New Logon: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0xbce88f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5b4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ANIK Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2018-03-19 22:31:09 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0xbce88f Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2018-03-19 22:31:09 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0xbce721 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12548 2018-03-19 22:31:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0xbce721 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2018-03-19 23:15:51 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x35005 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2018-03-19 23:15:54 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2018-03-20 21:38:00 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2018-03-20 21:38:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-20 21:38:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-20 21:38:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2018-03-20 21:38:00 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xdb80 Security Audit Success 12290 2018-03-20 21:38:01 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2018-03-20 21:38:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-20 21:38:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-20 21:38:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-20 21:38:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-20 21:38:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-20 21:38:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-20 21:38:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-20 21:38:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-20 21:38:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-20 21:38:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-20 21:38:03 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: User Account Domain: ANIK Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x5c4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2018-03-20 21:38:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x30086 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5c4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ANIK Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-20 21:38:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x300d6 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5c4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ANIK Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-20 21:38:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x30086 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-20 21:38:05 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x414f7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-20 21:38:15 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-20 21:38:15 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-20 21:38:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-20 21:38:17 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-20 21:41:02 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-20 21:41:02 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2018-03-20 23:28:15 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x300d6 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2018-03-20 23:28:18 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2018-03-21 18:19:54 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2018-03-21 18:19:54 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-21 18:19:54 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-21 18:19:54 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2018-03-21 18:19:54 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xc074 Security Audit Success 12290 2018-03-21 18:19:55 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2018-03-21 18:19:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-21 18:19:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-21 18:19:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-21 18:19:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-21 18:19:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-21 18:19:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-21 18:19:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-21 18:19:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-21 18:19:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-21 18:19:56 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-21 18:19:58 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: User Account Domain: ANIK Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x5c0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2018-03-21 18:19:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x3ea2b Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5c0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ANIK Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-21 18:19:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x3ea78 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5c0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ANIK Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-21 18:19:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3f0a9 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-21 18:19:58 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x3ea2b Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-21 18:20:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-21 18:20:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-21 18:20:11 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-21 18:20:11 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-21 18:25:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-21 18:25:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-21 19:15:52 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: User Account Domain: ANIK Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x5c0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2018-03-21 19:15:52 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 7 New Logon: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x2ebf8d Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5c0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ANIK Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-21 19:15:52 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 7 New Logon: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x2ebf9d Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5c0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ANIK Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2018-03-21 19:15:52 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x2ebf9d Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2018-03-21 19:15:52 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x2ebf8d Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12548 2018-03-21 19:15:52 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x2ebf8d Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2018-03-22 00:08:51 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x3ea78 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2018-03-22 00:08:55 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2018-03-22 20:04:08 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2018-03-22 20:04:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-22 20:04:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-22 20:04:08 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2018-03-22 20:04:08 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xdc7e Security Audit Success 12290 2018-03-22 20:04:09 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2018-03-22 20:04:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-22 20:04:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-22 20:04:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-22 20:04:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-22 20:04:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-22 20:04:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-22 20:04:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-22 20:04:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-22 20:04:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-22 20:04:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-22 20:04:11 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: User Account Domain: ANIK Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x5c8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2018-03-22 20:04:11 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x2f21a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5c8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ANIK Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-22 20:04:11 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x2f326 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5c8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ANIK Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-22 20:04:11 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x2f21a Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-22 20:04:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x4143b Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-22 20:04:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-22 20:04:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-22 20:04:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-22 20:04:24 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-22 20:08:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-22 20:08:10 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-22 22:18:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-22 22:18:38 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2018-03-23 00:51:02 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x2f326 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2018-03-23 00:51:06 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2018-03-23 19:12:21 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2018-03-23 19:12:21 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 13568 2018-03-23 19:12:21 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xbb8a Security Audit Success 12290 2018-03-23 19:12:22 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2018-03-23 19:12:22 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-23 19:12:22 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-23 19:12:22 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-23 19:12:22 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-23 19:12:22 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-23 19:12:22 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-23 19:12:22 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-23 19:12:22 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-23 19:12:22 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-23 19:12:22 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-23 19:12:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-23 19:12:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-23 19:12:24 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: User Account Domain: ANIK Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x5b4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2018-03-23 19:12:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x35e0d Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5b4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ANIK Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-23 19:12:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x35e6b Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5b4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ANIK Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-23 19:12:24 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x35e0d Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-23 19:12:26 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x411d0 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-23 19:12:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-23 19:12:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-23 19:12:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-23 19:12:38 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-23 19:17:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-23 19:17:24 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-23 19:24:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-23 19:24:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-23 19:28:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-23 19:28:41 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2018-03-24 00:02:16 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x35e6b This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2018-03-24 00:02:19 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2018-03-24 19:36:49 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12290 2018-03-24 19:36:49 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2018-03-24 19:36:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-24 19:36:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-24 19:36:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-24 19:36:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-24 19:36:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-24 19:36:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-24 19:36:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-24 19:36:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-24 19:36:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-24 19:36:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-24 19:36:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2018-03-24 19:36:49 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xc353 Security Audit Success 12544 2018-03-24 19:36:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-24 19:36:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-24 19:36:51 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: User Account Domain: ANIK Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x57c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2018-03-24 19:36:51 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x326d4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x57c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ANIK Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-24 19:36:51 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x327af Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x57c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ANIK Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-24 19:36:51 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x326d4 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-24 19:36:53 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x423a6 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-24 19:37:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-24 19:37:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-24 19:37:05 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-24 19:37:05 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-24 19:39:52 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-24 19:39:52 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-24 19:47:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-24 19:47:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2018-03-25 00:47:02 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x327af This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2018-03-25 00:47:06 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2018-03-25 08:17:01 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2018-03-25 08:17:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-25 08:17:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-25 08:17:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-25 08:17:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-25 08:17:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-25 08:17:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-25 08:17:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-25 08:17:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-25 08:17:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-25 08:17:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-25 08:17:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2018-03-25 08:17:01 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xb940 Security Audit Success 12290 2018-03-25 08:17:02 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2018-03-25 08:17:02 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-25 08:17:02 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-25 08:17:03 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: User Account Domain: ANIK Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x4b8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2018-03-25 08:17:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x3268b Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4b8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ANIK Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-25 08:17:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x326b8 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4b8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ANIK Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-25 08:17:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x3268b Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-25 08:17:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x42a8b Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-25 08:17:16 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-25 08:17:16 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-25 08:17:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-25 08:17:17 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12288 2018-03-25 08:20:16 Microsoft-Windows-Security-Auditing 4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x41c Name: C:\Windows\System32\svchost.exe Previous Time: 2018-03-25T06:20:19.010736300Z New Time: 2018-03-25T06:20:16.719156600Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer. Security Audit Success 12288 2018-03-25 08:20:16 Microsoft-Windows-Security-Auditing 4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x41c Name: C:\Windows\System32\svchost.exe Previous Time: 2018-03-25T06:20:16.719156600Z New Time: 2018-03-25T06:20:16.719000000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer. Security Audit Success 12288 2018-03-25 08:20:16 Microsoft-Windows-Security-Auditing 4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x41c Name: C:\Windows\System32\svchost.exe Previous Time: 2018-03-25T06:20:16.719000000Z New Time: 2018-03-25T06:20:16.719000000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer. Security Audit Success 12544 2018-03-25 08:22:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-25 08:22:06 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-25 11:10:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x31c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-25 11:10:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2018-03-25 12:55:08 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x326b8 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2018-03-25 12:55:12 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2018-03-25 12:55:40 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2018-03-25 12:55:40 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2018-03-25 12:55:41 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2018-03-25 12:55:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-25 12:55:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-25 12:55:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-25 12:55:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-25 12:55:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-25 12:55:41 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-25 12:55:41 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-25 12:55:41 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-25 12:55:41 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-25 12:55:41 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2018-03-25 12:55:41 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xc045 Security Audit Success 12544 2018-03-25 12:55:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-25 12:55:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-25 12:55:43 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: User Account Domain: ANIK Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x5bc Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2018-03-25 12:55:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x36301 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5bc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ANIK Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-25 12:55:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x3635e Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5bc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ANIK Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-25 12:55:43 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x36301 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-25 12:55:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x430c5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-25 12:55:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-25 12:55:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-25 12:55:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-25 12:55:57 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-25 13:00:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-25 13:00:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12288 2018-03-25 13:04:58 Microsoft-Windows-Security-Auditing 4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x414 Name: C:\Windows\System32\svchost.exe Previous Time: 2018-03-25T11:04:58.436463800Z New Time: 2018-03-25T11:04:58.436000000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer. Security Audit Success 12544 2018-03-25 14:08:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-25 14:08:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12545 2018-03-25 14:09:09 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x3635e This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Security Audit Success 103 2018-03-25 14:09:13 Microsoft-Windows-Eventlog 1100: The event logging service has shut down. Security Audit Success 12288 2018-03-25 14:09:42 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2018-03-25 14:09:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12290 2018-03-25 14:09:43 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12544 2018-03-25 14:09:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-25 14:09:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-25 14:09:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-25 14:09:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-25 14:09:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-25 14:09:43 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-25 14:09:43 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-25 14:09:43 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-25 14:09:43 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2018-03-25 14:09:43 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2018-03-25 14:09:43 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xc330 Security Audit Success 12544 2018-03-25 14:09:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-25 14:09:44 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-25 14:09:46 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: User Account Domain: ANIK Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x5b4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2018-03-25 14:09:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x39ae5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5b4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ANIK Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-25 14:09:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x39f92 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5b4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: ANIK Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-25 14:09:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1161202935-1396815509-3908762061-1000 Account Name: User Account Domain: ANIK Logon ID: 0x39ae5 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-25 14:09:47 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3b696 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2018-03-25 14:09:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-25 14:09:58 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-25 14:10:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-25 14:10:41 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-25 14:14:52 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-25 14:14:52 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12288 2018-03-25 14:18:00 Microsoft-Windows-Security-Auditing 4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x418 Name: C:\Windows\System32\svchost.exe Previous Time: 2018-03-25T12:18:00.467680300Z New Time: 2018-03-25T12:18:00.467000000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer. Security Audit Success 12544 2018-03-25 15:49:20 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-25 15:49:20 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2018-03-25 17:57:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: ANIK$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x314 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2018-03-25 17:57:57 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege System Error None 2018-03-18 18:50:45 Service Control Manager 7011: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer service. System Warning None 2018-03-18 18:50:46 e1cexpress 27: Intel(R) 82579LM Gigabit Network Connection Network link is disconnected. System Warning None 2018-03-18 19:13:01 e1cexpress 27: Intel(R) 82579LM Gigabit Network Connection Network link is disconnected. System Warning 212 2018-03-19 19:12:39 SYSTEM Microsoft-Windows-Kernel-PnP 219: System Warning None 2018-03-19 19:12:41 e1cexpress 27: Intel(R) 82579LM Gigabit Network Connection Network link is disconnected. System Error None 2018-03-19 19:13:45 SYSTEM DCOM 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. System Warning 7 2018-03-19 19:13:58 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-19 19:13:58 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-19 19:13:58 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-19 19:13:58 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Error None 2018-03-19 22:15:05 Service Control Manager 7011: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the netprofm service. System Warning None 2018-03-19 22:15:06 e1cexpress 27: Intel(R) 82579LM Gigabit Network Connection Network link is disconnected. System Warning None 2018-03-19 22:31:04 e1cexpress 27: Intel(R) 82579LM Gigabit Network Connection Network link is disconnected. System Warning None 2018-03-19 23:15:55 SYSTEM Microsoft-Windows-WLAN-AutoConfig 10002: WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll System Warning None 2018-03-19 23:15:55 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: WLAN AutoConfig service has successfully stopped. System Warning 212 2018-03-20 21:38:00 SYSTEM Microsoft-Windows-Kernel-PnP 219: System Warning None 2018-03-20 21:38:03 e1cexpress 27: Intel(R) 82579LM Gigabit Network Connection Network link is disconnected. System Error None 2018-03-20 21:39:08 SYSTEM DCOM 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. System Warning 7 2018-03-20 21:39:21 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-20 21:39:21 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-20 21:39:21 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-20 21:39:21 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning None 2018-03-20 21:46:29 Disk 51: An error was detected on device \Device\Harddisk1\DR2 during a paging operation. System Warning None 2018-03-20 21:46:29 cdrom 51: An error was detected on device \Device\CdRom3 during a paging operation. System Warning None 2018-03-20 21:46:29 cdrom 51: An error was detected on device \Device\CdRom3 during a paging operation. System Warning None 2018-03-20 21:46:29 cdrom 51: An error was detected on device \Device\CdRom3 during a paging operation. System Warning None 2018-03-20 21:46:29 cdrom 51: An error was detected on device \Device\CdRom3 during a paging operation. System Warning None 2018-03-20 21:46:29 cdrom 51: An error was detected on device \Device\CdRom3 during a paging operation. System Warning None 2018-03-20 21:46:29 cdrom 51: An error was detected on device \Device\CdRom3 during a paging operation. System Warning None 2018-03-20 21:46:29 cdrom 51: An error was detected on device \Device\CdRom3 during a paging operation. System Warning None 2018-03-20 21:46:29 cdrom 51: An error was detected on device \Device\CdRom3 during a paging operation. System Warning None 2018-03-20 23:28:19 SYSTEM Microsoft-Windows-WLAN-AutoConfig 10002: WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll System Warning None 2018-03-20 23:28:19 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: WLAN AutoConfig service has successfully stopped. System Warning 212 2018-03-21 18:19:55 SYSTEM Microsoft-Windows-Kernel-PnP 219: System Warning None 2018-03-21 18:19:58 e1cexpress 27: Intel(R) 82579LM Gigabit Network Connection Network link is disconnected. System Error None 2018-03-21 18:21:05 SYSTEM DCOM 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. System Warning 7 2018-03-21 18:21:16 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-21 18:21:16 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-21 18:21:16 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-21 18:21:16 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning None 2018-03-21 19:14:21 e1cexpress 27: Intel(R) 82579LM Gigabit Network Connection Network link is disconnected. System Warning None 2018-03-21 19:15:48 e1cexpress 27: Intel(R) 82579LM Gigabit Network Connection Network link is disconnected. System Warning None 2018-03-21 19:15:48 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name www.google.com timed out after none of the configured DNS servers responded. System Warning None 2018-03-21 19:15:52 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name 21.ucp-ntfy.kaspersky-labs.com timed out after none of the configured DNS servers responded. System Warning 212 2018-03-22 20:04:08 SYSTEM Microsoft-Windows-Kernel-PnP 219: System Warning None 2018-03-22 20:04:11 e1cexpress 27: Intel(R) 82579LM Gigabit Network Connection Network link is disconnected. System Error None 2018-03-22 20:05:16 SYSTEM DCOM 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. System Warning 7 2018-03-22 20:05:29 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-22 20:05:29 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-22 20:05:29 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-22 20:05:29 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning None 2018-03-23 00:51:06 SYSTEM Microsoft-Windows-WLAN-AutoConfig 10002: WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll System Warning None 2018-03-23 00:51:06 SYSTEM Microsoft-Windows-WLAN-AutoConfig 4001: WLAN AutoConfig service has successfully stopped. System Warning 212 2018-03-23 19:12:23 SYSTEM Microsoft-Windows-Kernel-PnP 219: System Warning None 2018-03-23 19:12:25 e1cexpress 27: Intel(R) 82579LM Gigabit Network Connection Network link is disconnected. System Error None 2018-03-23 19:13:27 SYSTEM DCOM 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. System Warning 7 2018-03-23 19:13:41 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-23 19:13:41 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-23 19:13:41 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-23 19:13:41 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning None 2018-03-23 19:40:46 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name connect.facebook.net timed out after none of the configured DNS servers responded. System Warning 212 2018-03-24 19:36:50 SYSTEM Microsoft-Windows-Kernel-PnP 219: System Warning None 2018-03-24 19:36:52 e1cexpress 27: Intel(R) 82579LM Gigabit Network Connection Network link is disconnected. System Error None 2018-03-24 19:37:57 SYSTEM DCOM 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. System Warning 7 2018-03-24 19:38:10 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-24 19:38:10 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-24 19:38:10 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-24 19:38:10 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 212 2018-03-25 08:17:02 SYSTEM Microsoft-Windows-Kernel-PnP 219: System Warning None 2018-03-25 08:17:04 e1cexpress 27: Intel(R) 82579LM Gigabit Network Connection Network link is disconnected. System Error None 2018-03-25 08:18:06 SYSTEM DCOM 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. System Warning 7 2018-03-25 08:18:27 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-25 08:18:27 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-25 08:18:27 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-25 08:18:27 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 212 2018-03-25 12:55:42 SYSTEM Microsoft-Windows-Kernel-PnP 219: System Warning None 2018-03-25 12:55:44 e1cexpress 27: Intel(R) 82579LM Gigabit Network Connection Network link is disconnected. System Error None 2018-03-25 12:56:49 SYSTEM DCOM 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. System Warning 7 2018-03-25 12:57:02 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-25 12:57:02 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-25 12:57:02 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-25 12:57:02 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 212 2018-03-25 14:09:44 SYSTEM Microsoft-Windows-Kernel-PnP 219: System Warning None 2018-03-25 14:09:46 e1cexpress 27: Intel(R) 82579LM Gigabit Network Connection Network link is disconnected. System Error None 2018-03-25 14:10:51 SYSTEM DCOM 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. System Warning 7 2018-03-25 14:11:53 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-25 14:11:53 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-25 14:11:53 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning 7 2018-03-25 14:11:53 SYSTEM Microsoft-Windows-Kernel-Processor-Power 37: The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report. System Warning None 2018-03-25 18:05:38 ACPI 15: : The embedded controller (EC) returned data when none was requested. The BIOS might be trying to access the EC without synchronizing with the operating system. This data will be ignored. No further action is necessary; however, you should check with your computer manufacturer for an upgraded BIOS. System Warning None 2018-03-25 18:05:38 ACPI 15: : The embedded controller (EC) returned data when none was requested. The BIOS might be trying to access the EC without synchronizing with the operating system. This data will be ignored. No further action is necessary; however, you should check with your computer manufacturer for an upgraded BIOS. System Warning None 2018-03-25 18:05:38 ACPI 15: : The embedded controller (EC) returned data when none was requested. The BIOS might be trying to access the EC without synchronizing with the operating system. This data will be ignored. No further action is necessary; however, you should check with your computer manufacturer for an upgraded BIOS. System Warning None 2018-03-25 18:06:58 ACPI 15: : The embedded controller (EC) returned data when none was requested. The BIOS might be trying to access the EC without synchronizing with the operating system. This data will be ignored. No further action is necessary; however, you should check with your computer manufacturer for an upgraded BIOS. System Warning None 2018-03-25 18:06:58 ACPI 15: : The embedded controller (EC) returned data when none was requested. The BIOS might be trying to access the EC without synchronizing with the operating system. This data will be ignored. No further action is necessary; however, you should check with your computer manufacturer for an upgraded BIOS. System Error None 2018-03-25 18:11:50 ACPI 13: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. System Error None 2018-03-25 18:12:44 ACPI 13: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. --------[ Debug - PCI ]------------------------------------------------------------------------------------------------- B00 D00 F00: Intel Sandy Bridge-MB - Host Bridge/DRAM Controller Offset 000: 86 80 04 01 06 00 90 20 09 00 00 06 00 00 00 00 Offset 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 AA 17 CE 21 Offset 030: 00 00 00 00 E0 00 00 00 00 00 00 00 00 00 00 00 Offset 040: 01 90 D1 FE 00 00 00 00 01 00 D1 FE 00 00 00 00 Offset 050: 11 02 00 00 11 00 00 00 0F 00 90 DF 01 00 00 DB Offset 060: 05 00 00 F8 00 00 00 00 01 80 D1 FE 00 00 00 00 Offset 070: 00 00 00 FE 01 00 00 00 00 0C 00 FE 7F 00 00 00 Offset 080: 10 11 11 11 11 11 11 00 1A 00 00 00 00 00 00 00 Offset 090: 01 00 00 FE 01 00 00 00 01 00 50 1E 02 00 00 00 Offset 0A0: 01 00 00 00 02 00 00 00 01 00 60 1E 02 00 00 00 Offset 0B0: 01 00 A0 DB 01 00 80 DB 01 00 00 DB 01 00 A0 DF Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 09 00 0C 01 9E 61 80 E2 90 00 00 14 00 00 00 00 Offset 0F0: 00 00 00 01 00 00 00 00 B8 0F 06 00 00 00 00 00 B00 D02 F00: Intel Sandy Bridge-MB - Integrated Graphics Controller (MB GT2) Offset 000: 86 80 16 01 07 04 90 00 09 00 00 03 00 00 00 00 Offset 010: 04 00 00 F0 00 00 00 00 0C 00 00 E0 00 00 00 00 Offset 020: 01 50 00 00 00 00 00 00 00 00 00 00 AA 17 CE 21 Offset 030: 00 00 00 00 90 00 00 00 00 00 00 00 00 01 00 00 Offset 040: 09 00 0C 01 9E 61 80 E2 90 00 00 14 00 00 00 00 Offset 050: 11 02 00 00 11 00 00 00 00 00 00 00 01 00 A0 DB Offset 060: 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 05 D0 01 00 0C F0 E0 FE A0 49 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 13 00 06 03 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 01 A4 22 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 80 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 06 00 18 60 EF DA B00 D16 F00: Intel Cougar Point PCH - Manageability Engine Interface 1 [B-2] Offset 000: 86 80 3A 1C 06 00 10 00 04 00 80 07 00 00 80 00 Offset 010: 04 50 52 F2 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 AA 17 CE 21 Offset 030: 00 00 00 00 50 00 00 00 00 00 00 00 10 01 00 00 Offset 040: 45 02 00 1E 20 00 01 80 06 00 0A 39 E0 1F 00 10 Offset 050: 01 8C 03 C8 08 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 05 00 80 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 C0 Offset 0C0: 80 F9 6E E5 45 8D 4D FC 9D 88 C7 42 65 8E D3 CB Offset 0D0: DC 1F C1 9C F7 EB F6 AC 91 21 71 6C 43 AF 67 8F Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B00 D19 F00: Intel 82579LM Gigabit Network Connection Offset 000: 86 80 02 15 06 04 10 00 04 00 00 02 00 00 00 00 Offset 010: 00 00 50 F2 00 B0 52 F2 01 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 AA 17 CE 21 Offset 030: 00 00 00 00 C8 00 00 00 00 00 00 00 00 01 00 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 01 D0 22 C8 00 21 00 07 Offset 0D0: 05 E0 81 00 00 00 E0 FE 00 00 00 00 90 40 00 00 Offset 0E0: 13 00 06 03 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B00 D1A F00: Intel Cougar Point PCH - USB EHCI #2 Controller [B-2] Offset 000: 86 80 2D 1C 06 00 90 02 04 20 03 0C 00 00 00 00 Offset 010: 00 A0 52 F2 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 AA 17 CE 21 Offset 030: 00 00 00 00 50 00 00 00 00 00 00 00 10 01 00 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 01 58 C2 C9 00 00 00 00 0A 98 A0 20 00 00 00 00 Offset 060: 20 20 A7 07 00 00 00 00 01 00 00 00 00 20 00 C0 Offset 070: 00 00 DF 3F 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 80 00 11 88 0C 93 30 0D 00 24 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 13 00 06 03 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 AA FF 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 84 B0 AC D8 Offset 0F0: 00 00 00 00 88 85 80 00 87 0F 06 08 08 17 5B 20 B00 D1B F00: Intel Cougar Point PCH - High Definition Audio Controller [B-2] Offset 000: 86 80 20 1C 06 00 10 00 04 00 03 04 10 00 00 00 Offset 010: 04 00 52 F2 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 AA 17 CE 21 Offset 030: 00 00 00 00 50 00 00 00 00 00 00 00 16 01 00 00 Offset 040: 01 00 00 45 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 01 60 42 C8 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 05 70 80 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 10 00 91 00 00 00 00 10 00 08 10 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 04 00 01 02 24 00 40 00 0C A3 82 10 00 33 02 Offset 0D0: 00 0C A3 02 10 00 33 02 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00 B00 D1C F00: Intel Cougar Point PCH - PCI Express Port 1 [B-2] Offset 000: 86 80 10 1C 04 00 10 00 B4 00 04 06 10 00 81 00 Offset 010: 00 00 00 00 00 00 00 00 00 02 02 00 F0 00 00 20 Offset 020: F0 FF 00 00 F1 FF 01 00 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 40 00 00 00 00 00 00 00 10 01 00 00 Offset 040: 10 80 42 01 00 80 00 00 00 00 10 00 12 4C 11 01 Offset 050: 03 00 01 10 60 00 04 00 00 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 02 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 05 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 0D A0 00 00 AA 17 CE 21 00 00 00 00 00 00 00 00 Offset 0A0: 01 00 02 C8 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 01 02 0B 00 00 02 00 11 01 00 00 00 00 Offset 0E0: 00 3F 00 00 00 00 00 00 03 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00 B00 D1C F01: Intel Cougar Point PCH - PCI Express Port 2 [B-2] Offset 000: 86 80 12 1C 06 00 10 00 B4 00 04 06 10 00 81 00 Offset 010: 00 00 00 00 00 00 00 00 00 03 03 00 F0 00 00 20 Offset 020: 40 F2 40 F2 F1 FF 01 00 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 40 00 00 00 00 00 00 00 11 02 00 00 Offset 040: 10 80 42 01 00 80 00 00 00 00 10 00 12 3C 12 02 Offset 050: 42 00 11 70 00 B2 0C 00 00 00 40 01 00 00 00 00 Offset 060: 00 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 02 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 05 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 0D A0 00 00 AA 17 CE 21 00 00 00 00 00 00 00 00 Offset 0A0: 01 00 02 C8 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 01 02 0B 00 00 00 80 11 81 00 00 00 00 Offset 0E0: 00 03 00 00 00 00 00 00 01 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00 B00 D1C F03: Intel Cougar Point PCH - PCI Express Port 4 [B-2] Offset 000: 86 80 16 1C 07 00 10 00 B4 00 04 06 10 00 81 00 Offset 010: 00 00 00 00 00 00 00 00 00 05 0C 00 40 40 00 20 Offset 020: C0 F1 30 F2 41 F0 B1 F0 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 40 00 00 00 00 00 00 00 13 04 00 00 Offset 040: 10 80 42 01 00 80 00 00 00 00 10 00 12 4C 12 04 Offset 050: 03 00 01 10 60 B2 1C 00 08 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 02 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 05 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 0D A0 00 00 AA 17 CE 21 00 00 00 00 00 00 00 00 Offset 0A0: 01 00 02 C8 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 01 02 0B 00 00 02 80 11 C1 00 00 00 00 Offset 0E0: 00 03 00 00 00 00 00 00 03 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00 B00 D1C F04: Intel Cougar Point PCH - PCI Express Port 5 [B-2] Offset 000: 86 80 18 1C 07 00 10 00 B4 00 04 06 10 00 81 00 Offset 010: 00 00 00 00 00 00 00 00 00 0D 0D 00 30 30 00 20 Offset 020: 40 F1 B0 F1 C1 F0 31 F1 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 40 00 00 00 00 00 00 00 10 01 00 00 Offset 040: 10 80 42 01 00 80 00 00 00 00 10 00 12 3C 12 05 Offset 050: 42 00 11 50 60 B2 24 00 08 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 02 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 05 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 0D A0 00 00 AA 17 CE 21 00 00 00 00 00 00 00 00 Offset 0A0: 01 00 02 C8 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 01 02 0B 00 00 02 80 11 C1 00 00 00 00 Offset 0E0: 00 3F 00 00 00 00 00 00 01 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00 B00 D1D F00: Intel Cougar Point PCH - USB EHCI #1 Controller [B-2] Offset 000: 86 80 26 1C 06 00 90 02 04 20 03 0C 00 00 00 00 Offset 010: 00 90 52 F2 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 AA 17 CE 21 Offset 030: 00 00 00 00 50 00 00 00 00 00 00 00 17 01 00 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 01 58 C2 C9 00 00 00 00 0A 98 A0 20 00 00 00 00 Offset 060: 20 20 47 06 00 00 00 00 01 00 00 00 00 20 00 C0 Offset 070: 00 00 DF 3F 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 80 00 11 88 0C 93 30 0D 00 24 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 13 00 06 03 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 AA FF 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 84 30 AC D8 Offset 0F0: 00 00 00 00 88 85 80 00 87 0F 06 08 08 17 5B 20 B00 D1F F00: Intel QM67 PCH - LPC Interface Controller [B-2] Offset 000: 86 80 4F 1C 07 00 10 02 04 00 01 06 00 00 80 00 Offset 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 AA 17 CE 21 Offset 030: 00 00 00 00 E0 00 00 00 00 00 00 00 00 00 00 00 Offset 040: 01 04 00 00 80 00 00 00 01 05 00 00 10 00 00 00 Offset 050: F8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 8B 8B 8B 8A 90 00 00 00 87 80 87 8A F8 F0 00 00 Offset 070: 78 00 79 00 7A 00 7B 00 7C 00 7D 00 7E 00 7F 00 Offset 080: 10 00 0F 3F 01 16 7C 00 E1 15 0C 00 00 00 00 00 Offset 090: A1 06 0C 00 00 0F 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 04 0E A0 00 39 29 06 00 00 47 00 00 00 00 00 80 Offset 0B0: 00 00 00 00 00 00 00 00 08 00 02 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 0F 00 00 00 67 45 00 00 C0 FF 00 00 08 00 00 00 Offset 0E0: 09 00 0C 10 00 00 00 00 93 02 64 0E 00 00 00 00 Offset 0F0: 01 C0 D1 FE 00 00 00 00 87 0F 06 08 00 00 00 00 B00 D1F F02: Intel Cougar Point-M PCH - SATA AHCI 6-Port Controller [B-2] Offset 000: 86 80 03 1C 07 00 B0 02 04 01 06 01 00 00 00 00 Offset 010: A9 50 00 00 BD 50 00 00 A1 50 00 00 B9 50 00 00 Offset 020: 61 50 00 00 00 80 52 F2 00 00 00 00 AA 17 CE 21 Offset 030: 00 00 00 00 80 00 00 00 00 00 00 00 13 02 00 00 Offset 040: 00 80 00 80 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 01 A8 03 40 08 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 05 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 60 24 1B 83 83 01 00 24 08 42 5C 01 00 00 00 00 Offset 0A0: E0 00 00 00 39 00 39 00 12 B0 10 00 48 00 00 00 Offset 0B0: 13 00 06 03 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00 B00 D1F F03: Intel Cougar Point PCH - SMBus Controller [B-2] Offset 000: 86 80 22 1C 03 00 80 02 04 00 05 0C 00 00 00 00 Offset 010: 04 40 52 F2 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: A1 EF 00 00 00 00 00 00 00 00 00 00 AA 17 CE 21 Offset 030: 00 00 00 00 00 00 00 00 00 00 00 00 12 03 00 00 Offset 040: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 03 04 04 00 00 00 08 08 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00 B00 D1F F06: Intel Cougar Point PCH - Thermal Management Controller [B-2] Offset 000: 86 80 24 1C 00 00 10 00 04 00 80 11 00 00 00 00 Offset 010: 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 AA 17 CE 21 Offset 030: 00 00 00 00 50 00 00 00 00 00 00 00 FF 03 00 00 Offset 040: 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 01 00 23 00 08 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00 B03 D00 F00: Intel Centrino Advanced-N 6205 AGN 2x2 HMC WiFi Adapter Offset 000: 86 80 85 00 06 04 10 00 34 00 80 02 10 00 00 00 Offset 010: 04 00 40 F2 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 86 80 11 13 Offset 030: 00 00 00 00 C8 00 00 00 00 00 00 00 00 01 00 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 01 D0 23 C8 00 00 00 0D Offset 0D0: 05 E0 81 00 0C F0 E0 FE 00 00 00 00 B0 49 00 00 Offset 0E0: 10 00 01 00 C0 8E 00 10 10 08 19 00 11 EC 06 00 Offset 0F0: 42 01 11 10 00 00 00 00 00 00 00 00 00 00 00 00 PCI-8086-0104: Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h Offset 4000: 99 79 18 00 54 54 14 0A 20 22 02 0A 90 56 00 00 Offset 4010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 4020: 05 00 10 00 22 22 20 20 22 00 0E 00 00 00 00 00 PCI-8086-0104: Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h Offset 4280: 00 00 00 00 00 00 04 00 00 00 00 00 44 00 00 00 Offset 4290: 80 40 00 00 0F 98 00 00 50 14 6B 5A 10 02 00 00 Offset 42A0: 03 10 00 00 00 72 F9 41 00 00 00 00 00 00 00 00 PCI-8086-0104: Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h Offset 4400: 99 79 18 00 54 54 14 0A 20 22 02 0A 90 56 00 00 Offset 4410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 4420: 05 00 10 00 22 22 20 20 12 00 0E 00 00 00 00 00 PCI-8086-0104: Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h Offset 4680: 00 00 00 00 00 00 04 00 00 00 00 00 44 00 00 00 Offset 4690: 80 40 00 00 0F 98 00 00 50 14 6B 5A 50 02 00 00 Offset 46A0: 03 10 00 00 00 72 F9 41 00 00 00 00 00 00 00 00 PCI-8086-0104: Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h Offset 4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 4810: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCI-8086-0104: Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h Offset 4A80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 4A90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCI-8086-0104: Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h Offset 5000: 24 00 00 00 10 00 62 00 10 00 62 00 00 00 60 00 Offset 5010: 00 00 00 00 00 00 20 10 00 00 00 00 00 00 00 00 PCI-8086-0104: Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h Offset 5880: E6 71 91 CA 00 00 00 00 B7 BA E4 00 00 00 00 00 Offset 5890: E4 00 9E 3F D7 CD 45 3F 00 00 00 00 00 00 00 00 Offset 58A0: 00 00 00 00 25 25 00 00 00 00 00 00 00 00 00 00 Offset 58B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 58C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 58D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 58E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 58F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 5910: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 5920: 00 00 00 00 18 00 00 00 72 7B CE 7E C2 6C E8 96 Offset 5930: 18 01 C0 00 C0 01 10 00 03 10 0A 00 B6 07 B6 DE Offset 5940: 23 B6 90 48 7E 30 C0 18 0B 0D 00 00 00 00 00 00 Offset 5950: 00 00 00 00 00 00 10 00 00 17 01 60 00 08 00 00 Offset 5960: 22 DE 6D DF D2 FA FC 56 F7 55 20 BB 33 AA FD 90 Offset 5970: AA 6E 9A F4 A8 6E 9A F4 3A 00 00 00 3A 00 00 00 Offset 5980: 3A 00 00 00 83 61 B4 EE 00 00 00 00 00 00 00 00 Offset 5990: FF 00 00 00 FF 00 00 00 18 0D 0D 00 00 0E 64 03 Offset 59A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 59B0: 0C 03 00 80 94 14 10 00 04 01 00 80 94 14 10 00 Offset 59C0: 08 08 2A 88 00 00 00 00 00 00 00 00 00 00 00 00 PCI-8086-0104: Intel SNB/IVB/HSW/CRW/BDW/SKL/KBL MCHBAR @ FED10000h Offset 5E00: 05 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 Offset 5E10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 --------[ Debug - Video BIOS ]------------------------------------------------------------------------------------------ C000:0000 U.....000000000000."..!.@...00IBM VGA Compatible BIOS. .f.v..... C000:0040 PCIR............................&...f........................... C000:0080 ../............................................DH.....DH.....DH. C000:00C0 ...0DH.....DI.....DI.....DJ.....DJ....0DJ.....DI....0DI.....DJ.. C000:0100 ...DK.....DK.....DK....0.L......L......L....0.L......M......M... C000:0140 ..0.<..2.`..4....8....:....<....A.<..C.`..E....I....K....M....P C000:0180 <..R `..T ...X ...Z ...\ ...`....a....b ...c....d....e ...f....g C000:01C0 ....h ...i....j....k ...l.-..m.-..n -..o.G..p.G..q G..}....~.... C000:0200  ........ .-..`............ .1..l...........rQ.. n(U...!....... C000:0240 ....`"........... ....@.......... .1X. (.........V. .1X. .P.... C000:0280 ....d..@A.&0..6.......... A. 0.`........0*..Q.*@0p.........4..Q. C000:02C0 *@..........H?@0b.2@@.........h[..r.